Cognizance Identity and Access Management

Download Report

Transcript Cognizance Identity and Access Management

Cognizance Identity and
Access Management
www.cognizancesecurity.com
Identity Management ● Authentication ● Authorization ● Administration
The next generation security solution
2003 RSA Security Conference
Agenda
Identity Management Objectives
Cognizance Solution
Demo
Features
Benefits
2
Identity Management Objectives
The problem:
Multiple accounts per employee
Growing number of applications
and platforms
Access from employees, business
partners, customers & suppliers

Email
60%
of fraud is internal

Network
Increase
in portals failure

SAP
Control
Salesover email groups
Employees
Partners

Failing
procedures
Citrixpolicies & Marketing
VPN
Web
More
Finance
B2B
…
Open enterprise cannot rely on the disappearing
physical perimeter for security
3
Service
Customers
Identity Management Objectives
The problem:
Multiple accounts per employee
Growing number of applications
and platforms
Access from employees, business
partners, customers & suppliers
Open enterprise cannot rely on the disappearing
physical perimeter for security
Increase access flexibility and security without
budget increase
4
Cognizance Solution
The solution:
Consolidated security framework:
users, policy & applications
Consistent user identity combines
multiple user accounts
Sales
Guest
HR
Logon
The right
information
X
X
X
Print
X
To theX right
peopleX
Access
X
DBAny
application
CRM
X
Web
X
X
Any time
Intranet
AppAnywhere X
X
X
Payroll
Education
Strong authentication and role based access
control
5
Logistics
Role/
Resource
X
X
X
This is a Role
Cognizance Solution
The solution:
Consolidated security framework:
users, policy & applications
Consistent user identity combines
multiple user accounts
Centralized
Delegated
Self Management
User Self-Registration
Strong authentication and role based access
control
Delegated administration and user self-service
6
Cognizance Solution
The solution:
Consolidated security framework:
users, policy & applications
Consistent user identity combines
multiple user accounts
Network logon
VPN and Remote Access
Single Sign-On
PKI support
Web Access
Strong authentication and role based access
control
Delegated administration and user self-service
Built-in identity applications and services
7
Cognizance Identity & Access Management
Authentication
Authorization
Identity
Management
8
•Password
•Certificates
•Smart cards
•Biometrics
•USB Tokens
•Virtual tokens
Other/Custom
•Authentication method
•Time
•Date range
•Group/unit membership
•IP Address range
•Ports and protocols
•Business rule based
•Custom
•User administration
•Profile maintenance
•User registration
•Group operations
•Credential store
•Multi directory support
User
Identity
•User Profile
•Network accounts
•Application list
•Encryption keys
•Shared tokens
•Certificates
•Virtual Tokens
•Multiple Roles
•SSO XML scripts
•Application data
Applications & Services
Logon
MS & Novell
Web Access
Self Service
Single Sign-On
VPN
Remote Access
Citrix
Metaframe
PKI Client
The Market
Analyst firm IDC expects this market to grow from $2.6
billion in 2002 to nearly $6 billion by 2006
Based on a Gartner survey of 30 senior security executives
in large companies, many organizations already have
internal secure identity management initiatives underway:
• 80% of Financial Services
• 70% of Retail
• 70% of High Tech
9
What the analysts are saying…
“The typical enterprise must manage increasingly virtual relationships
with employees, contractors, customers, partners, suppliers, and a
variety of other network constituents. The old way of thinking about
corporate boundaries and network security—the firewall as an
impenetrable perimeter—no longer apply.
Suddenly, the ability to manage identity has a direct impact on your
company’s brand and its ability to adapt to new business models. Do it
well and your company can make money in new ways. Do it poorly and
your company will be damaged severely.”
Jamie Lewis
CEO and Research Chair
Burton Group
10
Cognizance Administration Center
Cognizance Administration Center
Manages users, user profiles, policies and applications from a single
administration tool
Manages all aspects of user identities across multiple directories
Provides a consistent view of the enterprise security model
Supports delegated administration
Web enabled
Includes a complete smart card
management system
Allows centralized SSO application
registration
11
Cognizance Administration Center
12
Cognizance Multifactor Authentication
Provides the following authentication methods out-of-the-box:
Password
Single-use password
Smart card and USB token
Virtual token (encrypted containers with the user identity)
Digital certificates
Biometrics
Supports any arbitrary combination
of the above authentication methods
Allows the use of multiple
alternative authentication methods
per user
Supports interface for plug-in
authentication methods
13
Cognizance Role-Based Authorization
Dynamic and static policy elements
Authentication method, time, date, IP address and protocols
Automatic policy generation based on business rules
User sets allow combining users from different groups and directories
Role Based Authorization and
Access Control (RBAC)
Maps complex policies and business
rules to multiple roles
Simplifies policy management
Reduces the number of policy
relationships
Simplifies application management
Provide both application role and role
application views of the enterprise
access control
14
Cognizance Role-Based Authorization
Role of a Finance Person
Role of a Sales Person
ADS biometric Logon
SSO biometric access
CRM biometric access
Web – anonymous
Email – ADS authentication
Citrix published applications – biometric access
VPN access `- password
Application
Authentication
15
Biometric
Biometric
ADS Auth
ADS Auth
Any method
ADS biometric Logon
SSO biometric access
CRM biometric access
Web – anonymous
Email – ADS authentication
HR – biometric with revalidation
SAP – biometric authentication
Roles
Active Directory
Sales, Financing
Single Password (Win32, Web) Sales, Financing
CRM
Sales, Financing
Web access
Everyone
Email
Sales ADS, Financing ADS
Citrix published applications
Sales
VPN access
Sales
User Set SAPSchedule
Location Financing
Role
Sales
Worktime
Internal network
Sales
All Services
& only
Applications
Everyone
Finanicing
Worktime only Internal network
Financing
Sales
Worktime only Internal network
Sales ADS
Finanicing
Worktime only Internal network
Financing ADS
All Users
Anytime
Anywhere
Auth Users
Access
Allow
Allow
Allow
Allow
Allow
Allow
Allow
Allow
Deny
Cognizance Built-In Applications
Logon for Microsoft Windows, NDS and Citrix
VPN and Remote Access client for CheckPoint and Microsoft
Enterprise Single Sign-On (SSO)
MS Windows, Web- or host-based applications
Centralized, administrator-initiated and user-based SSO model
Built-in XML scripts for popular applications
Powerful language for new applications registration
PKI client with support for CAPI and PKCS#11
Supports smart cards and virtual tokens
Certificate issuance
Automatic delivery of the certificates
Self-service administration tool
Maintains user profiles
Manage SSO applications
Register credentials
New user sign up
Allows policy driven new user self-registration
16
Cognizance User Self-Services
Single user self-service tool allows:
Centrally controlled profile maintenance by the user
Register new SSO applications
Enroll/change user credentials
Register new network/VPN accounts
Issue and install new certificates
Store/load identity to smartcard,
USB or virtual token
Launch Panel
Instant access to all authorized
applications
New user sign up
Policy driven registration sequence
Includes profile creation and credential
enrollment
17
Benefit Analysis
Productivity increase – Administrator
Single administration tool increase administrator efficiency
Role-based access control simplifies policy and application management
Automatic policy generation reduces administrator workload
Unified user identity model reduces number of duplicate accounts
Single deployment installs multiple integrated applications, including
network logon, SSO, VPN, user self-service and PKI client
Easy and flexible smart card/virtual token deployment
Simplified PKI deployment and use via user self-services
User self-service tool reduces administrative workload
Built-in enterprise SSO eliminates multiple password requirements
Use of smart cards or biometrics can reduce need for passwords
18
Benefit Analysis –– Continued
Productivity increase – User
Single easy to learn self-service user interface
Launch panel provides immediate access to authorized applications
User can add new SSO applications, eliminating need for passwords
Biometrics or smart card can reduce needs for passwords
Automated sign up: fast productivity for new employees
Disconnected user identity with virtual tokens
Easy PKI deployment
19
Benefit Analysis –– Continued
Security benefits
Centralization of the information security
Consistent security policy throughout the enterprise
Flexible security targets specific danger areas, such as external access or
after hours, without complicating regular user access
Strong multifactor user authentication
Easy deployment of smart card/virtual token combination
20
Benefit Analysis –– Continued
Architecture benefits
Framework approach: expandable architecture via Cognizance SDK
Add custom data sources, authentication methods, policies, and applications
High performance authorization architecture does not require fast
connection between Cognizance server and authorized applications
Special case: user identity on a smart card does not require connection to
Cognizance server
Large enterprise scalability with a standard load balancer and multiple
installations of Cognizance server
Can be used as part of managed services to provide security services to
multiple enterprises
21
Cognizance Identity and
Access Management
www.cognizancesecurity.com
Identity Management ● Authentication ● Authorization ● Administration
The next generation security solution
2003 RSA Security Conference