This document discusses securing cloud computing and identity management. It summarizes that there are three models of cloud computing: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). It also discusses that identity management is key to success in the cloud and addresses challenges around balancing security and convenience. The document introduces Protiva Confirm as a solution that can bring adaptable trust to cloud services by providing strong authentication, single sign-on, and other advanced security services while also providing convenience.

1. Securing Cloud Computing
Szabolcs Gyorfi
Sales manager CEE, CIS & MEA

2. Gemalto: Security To Be Free
More than just a company tag line…it is why we exist
Communicate Shop Travel
In ways that are
convenient,
enjoyable and
Bank Work secure
2

3. Gemalto’s Secure Personal Devices
…are in the hands of billions of individuals worldwide
1.5 billion secure devices – Produced and personalized in 2009
200 million citizens – Received a Gemalto produced e-Passport
500 million people – Carry a Gemalto produced credit card
400 mobile operators – Connecting 2 billion subscribers
30 years experience – designing/producing secure personal devices
3

4. Global Leadership Position
Top producer of:
SIM cards and UICC (1)
Over-The-Air platforms(2)
Chip payment cards(4)
Chip-based corporate security solutions(1)
e-Passports (3)
Innovation leadership examples
First to market with IP based UICC for LTE
Ezio optical reader for online banking
*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report
4

5. Defining the “Cloud”
‘Securing Identities is Key to Success in the Cloud’ breaks
down cloud computing into three different archetypes or
models:
 Software as a Service (SaaS),
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS).
SaaS
 3rd party cloud providers deliver a full application service to end-users,
PaaS
 uses a cloud-based infrastructure to deliver customer-based applications,
IaaS
 enables businesses to deliver their own services by providing them with
cloud-based equipment.
IDC report, June 2010
5

6. Market Drivers & Challenge
Compliance with regulations and standards
 Sarbanes-Oxley Act, Health Insurance Portability and Accountability,
European Data Protection Directive, ...
Cloud
Service
Cloud Services are growing
 Convenience is a key for Cloud Services adoption:
 Identity management is painful for organizations and users
 Single Sign-On: eliminate passwords across cloud services
 Secure Access is a strong factor
 Identity theft and phishing attacks are more relevant in cloud world
 Static Password is Not Secure as cyber criminals are getting smarter, faster
and more tenacious about getting at your data and static passwords
 Cost
 High TCO for complex password policies
6

7. The weakest link
When you move to the cloud, there may no longer be a PC under the
desk, but the user is still the weakest link in the chain.
Most people have terrible habits when it comes to passwords, use the
same passwords everywhere, and some write them on sticky
notes and put them on their monitor.
You can have a software provider with the best security on the market,
but if one employee happens to choose a bad password that can be
guessed in a social engineering attack, it can be catastrophic.
7

8. Security and convenience – Can we have both?
Dilbert cartoons
"Providers of cloud computing resources are not focused on security in
the cloud. Rather, their priority is delivering the features their customers
want such as low cost solutions with fast deployment that improves
customer service and increases the efficiency of the IT function. As a result,
providers in our study conclude that they cannot warrant or provide
complete assurance that their products or services are sufficiently
secure.”
Ponemon Institute, 2009 Study
8

9. Security is a Balancing Act
Must balance between
Strength and Usability
9

10. Protiva Confirm: Secure & Convenient Cloud
Services enabler
Bringing ADAPTABLE TRUST to Cloud Services
 Strong authentication ensures secure access to Online Services
with multiple authentication methods: Password, OTP, PKI
Bringing CONVENIENCE to Cloud Services
 Identity federation/SSO
Bringing ADVANCED SERVICES to Cloud Services
 Digital signature service
 Post Issuance
No longer need to choose between
SECURITY & CONVENIENCE
10

11. Adaptable Trust
PKI
OTP
Password
.NET, TPC, …
Cards
Display Card,
11

12. Protiva SA Server
The Heart of Protiva Strong Authentication Service
Validation server supporting OTP authentication
 Standards based technology
 Tokens - OATH event based or time based
 Mobile App – Time based with time stamping
Web based administrator interface for user management
User self-care portal for registration and password back-up
Easily integrates with existing infrastructure
 Established integrations with leading infrastructure technology
 Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.
 User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.
 Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft
IAS/NPS, etc.
5/15/2012 12

13. User On Boarding
Mobile OTP – User Download and Activate
Authentication User enters User establishes Mobile OTP
server URL sent numeric personal PIN application
to user by email validation code activated
13

14. Platform for next secure token generation
ID-000 (SIM sized) smart card reader
Micro SDHC card interface Micro SD Flash
ID0 Smart Card
Versatility of smart card and MicroSD USB 2.0
Easy to assemble
USB High Speed with HID / CCID switch
Full exposure of smart card in CCID mode
“0footprint” in HID mode
AES 256 encryption
Data can be encrypted
CD-ROM emulation
Autorun of applications stored in MicroSD
Personalization services: graphical, packaging, smart card and flash
Building insertion (MOQ: 1000 units)
Value
Together
15/05/2012 14

15. Flash memory partitioning
SD Partitions
• Public (X:)
• Read Only (Y:) Controller Firmware: Mass Storage
• Private (Z:) • Integrator Key
• Secure Drive PIN
HID / CCID
PKI Smart Card
• Digital signature
• PKI certificate
Building
Value
Together
15/05/2012 15

16. Use case: secure browsing
“Where ever you go! Whatever you do! Your browser is protected from
permanent infections”
 Using a Secure Browser stored in RO, the malware cannot
permanently infect your browser (your browser integrity is
maintained)
 Using a Secure Browser, the server certificates of your
corporate trusted websites are stored in your browser and
compared to the website you are trying to reach! If this is a
phishing website then your browser refuses it!
Building
 …the list of accessible URLs can be restricted
Value
Together
USB Shell Pro Token 15/05/2012 16
v1

17. Secure Browsing example
Mode HID
Portable Firefox (in RO partition)
 Firefox ProCon add-on
Portable P#11 for TPC IM CC
RO: Firefox
15/05/2012 17

18. Data Leakage Protection example
Mode CCID
Microsoft Bitlocker on the computer
 Encryption of public partition is done using the smart card
Public: Encrypted partition
15/05/2012 18

19. Fulfillment
End User Initiated Fulfilment
Fulfillment Process
Order Receive Use
Two Factor Auth 2FA credential or User can start using
(2FA) credential or token is shipped or strong 2FA to
token ordered by made available to protect access to
end user end user cloud resources
19

20. Thank You