Aditro - IAM as part of Cloud Business strategy

ADITRO
N O R D I C I A M C O N F E R E N C E 2 0 1 8

ADITRO
IAM AS A PART OF CLOUD BUSINESS STRATEGY AND INFORMATION SECURITY
IAMwithUBI 24.5.2018
Janne Leppänen, Head of Cloud Operations and ICT
Jani Räty, Information Security Manager
Copyright © Aditro. All rights
reserved.
91

AGENDA
Aditro and Cloud Operations
IAM in Cloud Business
IAM and Information Security

ADITRO AND CLOUD OPERATIONS
25/06/2018 COPYRIGHT © ADITRO. ALL RIGHTS RESERVED. 93

OUR CUSTOMERS AND MARKET SEGMENTS
FINANCE
Finance solutions
for medium-sized
private companies
and public
organizations
PUBLIC HR
HR and payroll
solutions for
public
organizations
ENTERPRISE HR
HR, payroll and BPO
solutions for medium and
large enterprise (private)
organizations

ADITRO IN BRIEF
• 17 million payslips per year
• 2.4 million payslips produced by Aditro’s
outsourcing services per year
• More than 5 million e-invoices delivered via
our solutions per year
• More than 1500 private and public
customers
• SEK 640 billion in personnel-related costs
through Aditro’s Payroll solution per year
2017 REVENUE : 770 MSEK
Sweden 230 MSEK
Finland 420 MSEK
Denmark 10 MSEK
Norway 140 MSEK
2017 PERSONNEL : 770
Sweden 290
Finland 435
Norway 107
Estonia 57

ADITRO AS A SAAS PROVIDER
Finnish hosting supplier with datacenters
located in Finland
Dual site solution in Capital area (Great
Helsinki area) with ISO 27001:2013 certified
data center provider
ITIL based SaaS delivery and operations
+50 Cloud professionals working in SaaS
delivery and platform
Aditro’s own ISO 27001:2013 Certification
process is ongoing
Project at a final step to meet EU GDPR
requirements
COPYRIGHT © ADITRO. ALL RIGHTS RESERVED. 96
SaaS delivered on Windows
platform since 2000
+1500 B2B customers,
+3500 professional users
and over 1M end users
+30 Aditro applications
delivered both web and
client-servers solutions
+1000 servers in
production, test and
preproduction
environments
+500 SQL instances
+170 000 databases

IAM IN CLOUD BUSINESS

ADITRO CLOUD AUTHENTICATION, ADITRO ID
- CONCEPT
• Aditro ID is the concept for centralized authentication service in
Aditro Cloud
• With using Aditro ID, target is that user is able to access all
authorized Aditro Cloud services seemlesly with using single account
• Aditro ID also enables the usage of federated Single-Sign-On (SSO)
service and strong two-factor authentication method

- CONCEPT
• Basic functionalities include
• Registering, authentication methods, self services (such as
password reset), Aditro Cloud password policy, relevant
language support, traceability (EU GDPR)
• By the default, services deployed and operated in Aditro Cloud
shall comply with Aditro ID concept
• Aditro ID is currently based on identity platform provided by
www.Ubisecure.com

- CONCEPT PRINCIPLES
Some reasons for centralized Identity and Access Management:
• Clear management of who has access to what
• Clear audit logs of who has accessed what and when (EU GDPR)
• Build and integrate once
• Common process for deployment and operations across services in Aditro Cloud
• Easier to upsell additional services to existing clients
• Easier to resell third-party complementary cloud services
• Tighter control, but also more consistent user experience
• Volume based costs that are predictable
• Availability of support secured for mission critical infrastructure (backups etc)

Username and password
1. User opens Aditro Cloud
application with browser or
mobile app
(only internet connection and
modern browser required)
2. User authenticates by login
with Aditro ID -account and
password
3. User has been identified to
Aditro Cloud application(s)
Strong authentication
(SMS/OTP)
1. User starts
authentication by entering
Aditro ID username and
password
2. Second step is to enter
one time password
received by sms or read
from printout list
3. User has strongly
authenicated to Aditro
Cloud application(s)
Federated Single Sign-On
(SSO)
Mobile ID
1. User has signed in to a
(company) device
2. User opens Aditro Cloud
application with browser or app
3. Federation trust built
between Customer and Aditro
Cloud transmits User’s Identity
to Aditro ID
4. User has been identified to
Aditro Cloud application(s)
without separate login with
his/her company credentials
1. User starts
authentication by entering
Aditro ID username and
password
OR mobile phone number
2. User performs Mobile ID
verification process using
mobile phone
3. User has verified her/his
identity to Aditro Cloud
application(s) – legally valid
and can be used also for
electronic signatures
Aditro Cloud Authentication, Aditro ID
- Aditro ID Authentication methods supported currently

- TECHNOLOGY PARTNER
Benefits of using technology partner Ubisecure:
• Out-of-the-box standard / protocol and authentication method support, including support for
own branding
• Competitive pricing that is volume based with strong existing supplier relationship
• Overall IAM experience and track record
• Suitable deployment model; on premise (ie. in Aditro Cloud)
• Availability of technical support from also other consultancy companies
• Convincing future roadmap
• Active participation in work groups producing new standards
• Investments for product development with dedicated R&D
• Configurable product
• Easy ramp-up also for pilots and proof of concepts
• Ready configured workflows that can be further developed/tailored
• Delegation of user access and self-service fits with Aditro Cloud services
• Moves the admin work to the customer

0
5000
10000
15000
20000
25000
30000
35000
40000
45000
2010 2012 2014 2016 2018
Aditro ID / UbiSecure Users
IAM JOURNEY IN ADITRO CLOUD
Birth
Learning
Grow up
Maturity

HRM App Group
Customer Pages
FRM App GroupAditro ID
App B
Citrix App Group
App A
App C
App D
App F
App H
App J
App G
App K
App L
App M
App I
App E
ADITRO ID
Supported Aditro Cloud Services and Applications
App X
App Y

ADITRO ID AND CONNECT
Authentication Architecture

IAM AND INFORMATION SECURITY

SECURITY LANDSCAPE
• Latest security trends
• GDPR privacy
threats /
blackmails
• Cryptolockers,
cryptomining
• Phishing
• Identity thefts
• Customer requirements
• Tightened security, less
costs
• Same identity in all
solutions
• Improved compliance

ADITRO IAM KEY RISKS
• Scalability
• SPOF?
• Cloud/Ecosystem/
Application support
• Ease of use to
customers
• MFA abilities
• Futureproof?

KEY REQUIREMENTS
• Security: IAAA steps
• Compliance: ISO 27001 / ISAE, logging, accountability chain…
• Ecosystem: Aditro applications now and for future…
• MFA now and for future…
• Ease of use: Not hated by end-users
• Resiliency: No SPOF for us
• Scalability with growing Aditro business

FUTURE OF IAM
• Invisible security
• Contextual information and intelligence
builtin
• Holistic security and IPS abilities
• IoT, U2F
• Self-Service models
• Federated trust networks -> One global
identity? With Big Brother.
FRANZ STEINER AND THE SHINY FUTURE
25/06/2018

SUMMARY
Aditro and Cloud Operations
IAM in Cloud Business
IAM and Information Security

www.aditro.com
THANK YOU

Aditro - IAM as part of Cloud Business strategy

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Aditro - IAM as part of Cloud Business strategy

Similar to Aditro - IAM as part of Cloud Business strategy (20)

More from Ubisecure

More from Ubisecure (17)

Recently uploaded

Recently uploaded (20)

Aditro - IAM as part of Cloud Business strategy