SlideShare a Scribd company logo

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

Entrust Datacard
Entrust Datacard

Identity and authentication management, or IAM, represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, "If you spend more on coffee than on IT security, then you will be hacked." Many analysts concur that spending on strong authentication provides the greatest security return on investment. This educational white paper, written by Richard Stiennon, Chief Research Analyst at IT-Harvest and Executive Editor of securitycurrent, explores the concept of identity platforms. • How to fix intrinsic weaknesses in authentication regimes that result in gaping and trivially exploitable vulnerabilities • Explore the core features of an authentication and identity platform • Examine specific features and components organizations should require in a software authentication platform

Technology
1 of 5
Download to read offline
© 2014 IT-Harvest | 1IDENTITY PLATFORMS This paper is sponsored by Entrust. IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost Identity and authentication management represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, “If you spend more on coffee than on IT security, then you will be hacked.” An internal discussion at Gartner arising from Clarke’s statement led to the conclusion that spending on authentication would provide the greatest security return on investment. Since his 2002 tirade against complacent industry practices, there has been tremendous investment in IT security with strong authentication mechanisms and identity management representing a healthy segment. Yet, deployment of physical access cards, one-time- passcode-generating tokens, digital certificates, biometrics, and even fingerprint readers on the latest iPhones, has led to new problems. In examining the most pressing issues of communications and information confidentiality, the two largest categories of vulnerabilities in the current systems employed by enterprises are authentication and encryption key management. While recent attacks on encryption infrastructure are eroding trust, we are reminded by Bruce Schneier to “trust the math.” Encryption is still fundamentally sound. The way encryption and keys are deployed and managed are the problem. Furthermore, intrinsic weaknesses in authentication regimes have created gaping and trivially exploitable vulnerabilities that are procedural and operational — not technical — in nature. As an example, the sheer complexity of many enterprises’ authentication regimes has led to users undermining and abusing the very systems put in place to assure adherence to company security policies. Shared credentials for server administration is just one of the ways IT departments still introduce holes in an otherwise good security architecture. Identity Platforms January 2014 Entrust Mobile Solutions Device certificates MDM integration Application Protection Analytics Strong Authentication (OTP, Grid, SMS) Smart Credentials Transaction Signing
© 2014 IT-Harvest | 2IDENTITY PLATFORMS This paper is sponsored by Entrust. Mobile devices and the growth of cloud-enabled applications highlight, but by no means define, the acuteness of this enterprise identity crisis. For decades, users have wrestled with frustrating password regimes and two-factor schemes and have created security problems ranging from petty revolts (e.g., re-using the same easy-to-guess password until forced to change) to fundamentally-human coping mechanisms (e.g., taping the doctor’s one-time-passcode token to the monitor at the nurse’s station). These problems have multiplied under stress from mobility; with each employee who is issued a mobile device by the company possessing at least two (and often more) such devices, and with increasing amounts of each employee’s online lives (including social media, Web browsing, news and entertainment Web-surfing, etc.), enterprises are experiencing a critical need for centralized, authoritative identity management whose reach extends from deep in the heart of the corporate core all the way out to these mobile devices. One thing we know to be true: policy, training and awareness campaigns will not stop or even slow employees’ adoption and use of these devices. It is essential that enterprises provide a technical framework capable of permitting activities that employees will engage in — all in a manner that is controllable or at least understandable by the security organization. This paper examines the core features required of an authentication and identity platform. First and foremost, in addition to handling heterogeneous device and mobile device certificates, the easy management of identities is essential. The ability for employees to use multiple devices for multiple purposes, role-based and fine-grained access control and easily defined permissions based on the appropriate role and identity are fundamental. Hand in hand with these capabilities goes the requirement to quickly replace or revoke lost or misappropriated credentials as soon as the untrusted status of a credential is understood. Identity Platforms January 2014 Entrust: Widest Range Of Digital Certificates In The Market User certificates Device certificates Server certificates Specialty Certificates (National ID Cards)
© 2014 IT-Harvest | 3IDENTITY PLATFORMS This paper is sponsored by Entrust. ELEMENTS OF A COMPLETE IDENTITY PLATFORM ARE: Deployable across multiple domains: Physical. Create, deploy and manage authenticators for access to secure facilities, data centers and segmented work environments. Logical: Control access to networks and devices. Solve the privileged user problem. Cloud: Control authentication to hosted environments for administrators and end- users of cloud applications. Mobile: Not only to secure mobile devices but leverage their unique characteristics to provide device centric assurance from strong authentication. It is in the category of mobile device access that authentication platforms are most crucial. The most common threat to enterprise data posed by mobile devices is careless, but well- intentioned people who travel with un- protected or under-protected mobile devices that have been set to access corporate applications, data stores and, especially, email. Many users, feeling that they simply must have access to all their email wherever they are, set their mobile device mail client to download their entire corporate inbox, and to keep it synchronized. By allowing role, persona and Geo-IP-based authentication tools and integrating well with an MDM, an authentication platform can help protect employees (and the enterprise) from themselves by automatically limiting the type and volume of data that may be accessed via a mobile device based on a range of circumstances such as country location. Identity Platforms January 2014 User Certificates Device Certificates Server Certificates Specialty Certificates • Reporting • Workflow • Discovery • Notifications • Management • Auditing • Online help • Licensing • Personalization • eCommerce • API’s • Communicator AdminSelfServiceAPI’s Entrust ® IdentityGuard Cloud Services
© 2014 IT-Harvest | 4IDENTITY PLATFORMS This paper is sponsored by Entrust. Identity Platforms January 2014 FLEXIBLE AND EXTENSIBLE Many organizations have large investments in identity solutions. An identity platform should allow for the co-deployment of new authenticators alongside legacy solutions. Integrations into legacy systems and modern cloud-based applications will also improve the investment made in an identity-based security framework. A robust API should allow rapid integration with existing solutions. To improve authentication beyond traditional factor-based methods will also improve security by providing rich context- and risk-appropriate measures that enable trust elevation, when necessary. This is accomplished through the use of a flexible policy engine, leveraging context about the user’s environment and scoring the risk associated with transactions or access requests. By combining these mechanisms, a more intelligent decision can be made and, if necessary, an elevation of trust in the user’s identity required or potentially the request denied outright. EASE OF MANAGEMENT An identity platform should have a Web front-end that is easy to access, has strong security controls,and can handle all forms of authentication with role assignments, and graduated strength depending on use case (e.g., location, time, etc.). Users should be able to enroll and get the required credentials quickly and with the least pain. To the lay-user, the authentication platform will cause the most pain, and will be most expensive in terms of support. This will likely occur at the personal-authentication level with password and multi-factor authentication methods, including one-time passcode hardware or software tokens, biometric devices, USB, virtual or physical access cards. When these are combined with other factors such as Geo-IP limiting, cross-method compatibility is essential to provide a smooth experience. Nothing is more frustrating to a user than entering the correct credentials but being locked out of a critical business application, outside business hours, because of a security measure outside his control. Federation is one of the most difficult scenarios to accomplish, especially when multiple entities must be able to provide access to each other’s users. An identity platform should have the capability to overcome the complexities of federation. SAML (Security Assertion Markup Language) remains the dominant method used by enterprises and governments alike. This enables the use of third-party applications and systems without requiring user credentials to leave the secure environment. As cloud-based business practices expand, this capability will improve the user’s experience and drastically reduce the risk associated with relying on third-party security measures and the explosion of corresponding identities. Entrust Identity Platform Mobile Traditional Authentication Cloud/Federation Physical/Logical Access Transaction Signing X.509 as-a-service
© 2014 IT-Harvest | 5IDENTITY PLATFORMS This paper is sponsored by Entrust. Leveraging open standards (e.g., SAML, OATH (Open Authentication) or x.509) is a crucial exercise for all security practices. The improved interoperability afforded by these standards helps streamline integration across various endpoints and systems that have no traditional ways of communicating. This also allows security assertions to be passed from an identity platform to a system that does not include built-in security mechanisms. In addition, the very nature of an open ecosystem is meant to increase collaboration to improve security and efficiency of the protocols. A prime example is the cryptography community’s focus on constantly improving the mathematical underpinnings of ciphers, algorithms and random- number generation, to name a few. By supporting authentication in such a modular, “as-a-service” or on-premise architecture, the inherent flexibility of the system will lend itself to a more secure experience. The simpler and more transparent the platform, the less likely will be efforts by users to subvert it. A robust identity platform will finally end the Tower-of-Babble of authentication solutions that most enterprises have struggled with as their identity solutions proliferate. Consolidation into a single identity platform will offer measurable op-ex savings while providing the best “security return on investment.” Richard Stiennon Chief Research Analyst IT-Harvest January, 2014 Identity Platforms January 2014

Recommended

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
Rajat Jain
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
Nis
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 

Recommended

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
Rajat Jain
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
Nis
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
Imperva
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET Journal
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
Ulf Mattsson
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
Entrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
Entrust Datacard
 

More Related Content

What's hot

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
Imperva
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET Journal
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
Ulf Mattsson
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 

What's hot (20)

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
 
76 s201923
76 s20192376 s201923
76 s201923
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 

Viewers also liked

Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
Entrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
Entrust Datacard
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions Portfolio
Entrust Datacard
 
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
Entrust Datacard
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
Entrust Datacard
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Entrust Datacard
 

Viewers also liked (6)

Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions Portfolio
 
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
 

Similar to IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
Entrust Datacard
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
Micro Focus
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
Entrust Datacard
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docx
jeffsrosalyn
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA, Inc.
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overview
Abhishek Sood
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
Citrix
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
Ahmed Banafa
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
Rajat Jain
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
Archana833240
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
PortalGuard
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
IJERA Editor
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
Radhakrishnan Govindan
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
Citrix
 

Similar to IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost (20)

Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docx
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overview
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

  • 1. © 2014 IT-Harvest | 1IDENTITY PLATFORMS This paper is sponsored by Entrust. IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost Identity and authentication management represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, “If you spend more on coffee than on IT security, then you will be hacked.” An internal discussion at Gartner arising from Clarke’s statement led to the conclusion that spending on authentication would provide the greatest security return on investment. Since his 2002 tirade against complacent industry practices, there has been tremendous investment in IT security with strong authentication mechanisms and identity management representing a healthy segment. Yet, deployment of physical access cards, one-time- passcode-generating tokens, digital certificates, biometrics, and even fingerprint readers on the latest iPhones, has led to new problems. In examining the most pressing issues of communications and information confidentiality, the two largest categories of vulnerabilities in the current systems employed by enterprises are authentication and encryption key management. While recent attacks on encryption infrastructure are eroding trust, we are reminded by Bruce Schneier to “trust the math.” Encryption is still fundamentally sound. The way encryption and keys are deployed and managed are the problem. Furthermore, intrinsic weaknesses in authentication regimes have created gaping and trivially exploitable vulnerabilities that are procedural and operational — not technical — in nature. As an example, the sheer complexity of many enterprises’ authentication regimes has led to users undermining and abusing the very systems put in place to assure adherence to company security policies. Shared credentials for server administration is just one of the ways IT departments still introduce holes in an otherwise good security architecture. Identity Platforms January 2014 Entrust Mobile Solutions Device certificates MDM integration Application Protection Analytics Strong Authentication (OTP, Grid, SMS) Smart Credentials Transaction Signing
  • 2. © 2014 IT-Harvest | 2IDENTITY PLATFORMS This paper is sponsored by Entrust. Mobile devices and the growth of cloud-enabled applications highlight, but by no means define, the acuteness of this enterprise identity crisis. For decades, users have wrestled with frustrating password regimes and two-factor schemes and have created security problems ranging from petty revolts (e.g., re-using the same easy-to-guess password until forced to change) to fundamentally-human coping mechanisms (e.g., taping the doctor’s one-time-passcode token to the monitor at the nurse’s station). These problems have multiplied under stress from mobility; with each employee who is issued a mobile device by the company possessing at least two (and often more) such devices, and with increasing amounts of each employee’s online lives (including social media, Web browsing, news and entertainment Web-surfing, etc.), enterprises are experiencing a critical need for centralized, authoritative identity management whose reach extends from deep in the heart of the corporate core all the way out to these mobile devices. One thing we know to be true: policy, training and awareness campaigns will not stop or even slow employees’ adoption and use of these devices. It is essential that enterprises provide a technical framework capable of permitting activities that employees will engage in — all in a manner that is controllable or at least understandable by the security organization. This paper examines the core features required of an authentication and identity platform. First and foremost, in addition to handling heterogeneous device and mobile device certificates, the easy management of identities is essential. The ability for employees to use multiple devices for multiple purposes, role-based and fine-grained access control and easily defined permissions based on the appropriate role and identity are fundamental. Hand in hand with these capabilities goes the requirement to quickly replace or revoke lost or misappropriated credentials as soon as the untrusted status of a credential is understood. Identity Platforms January 2014 Entrust: Widest Range Of Digital Certificates In The Market User certificates Device certificates Server certificates Specialty Certificates (National ID Cards)
  • 3. © 2014 IT-Harvest | 3IDENTITY PLATFORMS This paper is sponsored by Entrust. ELEMENTS OF A COMPLETE IDENTITY PLATFORM ARE: Deployable across multiple domains: Physical. Create, deploy and manage authenticators for access to secure facilities, data centers and segmented work environments. Logical: Control access to networks and devices. Solve the privileged user problem. Cloud: Control authentication to hosted environments for administrators and end- users of cloud applications. Mobile: Not only to secure mobile devices but leverage their unique characteristics to provide device centric assurance from strong authentication. It is in the category of mobile device access that authentication platforms are most crucial. The most common threat to enterprise data posed by mobile devices is careless, but well- intentioned people who travel with un- protected or under-protected mobile devices that have been set to access corporate applications, data stores and, especially, email. Many users, feeling that they simply must have access to all their email wherever they are, set their mobile device mail client to download their entire corporate inbox, and to keep it synchronized. By allowing role, persona and Geo-IP-based authentication tools and integrating well with an MDM, an authentication platform can help protect employees (and the enterprise) from themselves by automatically limiting the type and volume of data that may be accessed via a mobile device based on a range of circumstances such as country location. Identity Platforms January 2014 User Certificates Device Certificates Server Certificates Specialty Certificates • Reporting • Workflow • Discovery • Notifications • Management • Auditing • Online help • Licensing • Personalization • eCommerce • API’s • Communicator AdminSelfServiceAPI’s Entrust ® IdentityGuard Cloud Services
  • 4. © 2014 IT-Harvest | 4IDENTITY PLATFORMS This paper is sponsored by Entrust. Identity Platforms January 2014 FLEXIBLE AND EXTENSIBLE Many organizations have large investments in identity solutions. An identity platform should allow for the co-deployment of new authenticators alongside legacy solutions. Integrations into legacy systems and modern cloud-based applications will also improve the investment made in an identity-based security framework. A robust API should allow rapid integration with existing solutions. To improve authentication beyond traditional factor-based methods will also improve security by providing rich context- and risk-appropriate measures that enable trust elevation, when necessary. This is accomplished through the use of a flexible policy engine, leveraging context about the user’s environment and scoring the risk associated with transactions or access requests. By combining these mechanisms, a more intelligent decision can be made and, if necessary, an elevation of trust in the user’s identity required or potentially the request denied outright. EASE OF MANAGEMENT An identity platform should have a Web front-end that is easy to access, has strong security controls,and can handle all forms of authentication with role assignments, and graduated strength depending on use case (e.g., location, time, etc.). Users should be able to enroll and get the required credentials quickly and with the least pain. To the lay-user, the authentication platform will cause the most pain, and will be most expensive in terms of support. This will likely occur at the personal-authentication level with password and multi-factor authentication methods, including one-time passcode hardware or software tokens, biometric devices, USB, virtual or physical access cards. When these are combined with other factors such as Geo-IP limiting, cross-method compatibility is essential to provide a smooth experience. Nothing is more frustrating to a user than entering the correct credentials but being locked out of a critical business application, outside business hours, because of a security measure outside his control. Federation is one of the most difficult scenarios to accomplish, especially when multiple entities must be able to provide access to each other’s users. An identity platform should have the capability to overcome the complexities of federation. SAML (Security Assertion Markup Language) remains the dominant method used by enterprises and governments alike. This enables the use of third-party applications and systems without requiring user credentials to leave the secure environment. As cloud-based business practices expand, this capability will improve the user’s experience and drastically reduce the risk associated with relying on third-party security measures and the explosion of corresponding identities. Entrust Identity Platform Mobile Traditional Authentication Cloud/Federation Physical/Logical Access Transaction Signing X.509 as-a-service
  • 5. © 2014 IT-Harvest | 5IDENTITY PLATFORMS This paper is sponsored by Entrust. Leveraging open standards (e.g., SAML, OATH (Open Authentication) or x.509) is a crucial exercise for all security practices. The improved interoperability afforded by these standards helps streamline integration across various endpoints and systems that have no traditional ways of communicating. This also allows security assertions to be passed from an identity platform to a system that does not include built-in security mechanisms. In addition, the very nature of an open ecosystem is meant to increase collaboration to improve security and efficiency of the protocols. A prime example is the cryptography community’s focus on constantly improving the mathematical underpinnings of ciphers, algorithms and random- number generation, to name a few. By supporting authentication in such a modular, “as-a-service” or on-premise architecture, the inherent flexibility of the system will lend itself to a more secure experience. The simpler and more transparent the platform, the less likely will be efforts by users to subvert it. A robust identity platform will finally end the Tower-of-Babble of authentication solutions that most enterprises have struggled with as their identity solutions proliferate. Consolidation into a single identity platform will offer measurable op-ex savings while providing the best “security return on investment.” Richard Stiennon Chief Research Analyst IT-Harvest January, 2014 Identity Platforms January 2014