Cognizance Identity and Access Management
advertisement
Cognizance Identity and Access Management www.cognizancesecurity.com Identity Management ● Authentication ● Authorization ● Administration The next generation security solution 2003 RSA Security Conference Agenda Identity Management Objectives Cognizance Solution Demo Features Benefits 2 Identity Management Objectives The problem: Multiple accounts per employee Growing number of applications and platforms Access from employees, business partners, customers & suppliers Email 60% of fraud is internal Network Increase in portals failure SAP Control Salesover email groups Employees Partners Failing procedures Citrixpolicies & Marketing VPN Web More Finance B2B … Open enterprise cannot rely on the disappearing physical perimeter for security 3 Service Customers Identity Management Objectives The problem: Multiple accounts per employee Growing number of applications and platforms Access from employees, business partners, customers & suppliers Open enterprise cannot rely on the disappearing physical perimeter for security Increase access flexibility and security without budget increase 4 Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Sales Guest HR Logon The right information X X X Print X To theX right peopleX Access X DBAny application CRM X Web X X Any time Intranet AppAnywhere X X X Payroll Education Strong authentication and role based access control 5 Logistics Role/ Resource X X X This is a Role Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Centralized Delegated Self Management User Self-Registration Strong authentication and role based access control Delegated administration and user self-service 6 Cognizance Solution The solution: Consolidated security framework: users, policy & applications Consistent user identity combines multiple user accounts Network logon VPN and Remote Access Single Sign-On PKI support Web Access Strong authentication and role based access control Delegated administration and user self-service Built-in identity applications and services 7 Cognizance Identity & Access Management Authentication Authorization Identity Management 8 •Password •Certificates •Smart cards •Biometrics •USB Tokens •Virtual tokens Other/Custom •Authentication method •Time •Date range •Group/unit membership •IP Address range •Ports and protocols •Business rule based •Custom •User administration •Profile maintenance •User registration •Group operations •Credential store •Multi directory support User Identity •User Profile •Network accounts •Application list •Encryption keys •Shared tokens •Certificates •Virtual Tokens •Multiple Roles •SSO XML scripts •Application data Applications & Services Logon MS & Novell Web Access Self Service Single Sign-On VPN Remote Access Citrix Metaframe PKI Client The Market Analyst firm IDC expects this market to grow from $2.6 billion in 2002 to nearly $6 billion by 2006 Based on a Gartner survey of 30 senior security executives in large companies, many organizations already have internal secure identity management initiatives underway: • 80% of Financial Services • 70% of Retail • 70% of High Tech 9 What the analysts are saying… “The typical enterprise must manage increasingly virtual relationships with employees, contractors, customers, partners, suppliers, and a variety of other network constituents. The old way of thinking about corporate boundaries and network security—the firewall as an impenetrable perimeter—no longer apply. Suddenly, the ability to manage identity has a direct impact on your company’s brand and its ability to adapt to new business models. Do it well and your company can make money in new ways. Do it poorly and your company will be damaged severely.” Jamie Lewis CEO and Research Chair Burton Group 10 Cognizance Administration Center Cognizance Administration Center Manages users, user profiles, policies and applications from a single administration tool Manages all aspects of user identities across multiple directories Provides a consistent view of the enterprise security model Supports delegated administration Web enabled Includes a complete smart card management system Allows centralized SSO application registration 11 Cognizance Administration Center 12 Cognizance Multifactor Authentication Provides the following authentication methods out-of-the-box: Password Single-use password Smart card and USB token Virtual token (encrypted containers with the user identity) Digital certificates Biometrics Supports any arbitrary combination of the above authentication methods Allows the use of multiple alternative authentication methods per user Supports interface for plug-in authentication methods 13 Cognizance Role-Based Authorization Dynamic and static policy elements Authentication method, time, date, IP address and protocols Automatic policy generation based on business rules User sets allow combining users from different groups and directories Role Based Authorization and Access Control (RBAC) Maps complex policies and business rules to multiple roles Simplifies policy management Reduces the number of policy relationships Simplifies application management Provide both application role and role application views of the enterprise access control 14 Cognizance Role-Based Authorization Role of a Finance Person Role of a Sales Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous Email – ADS authentication Citrix published applications – biometric access VPN access `- password Application Authentication 15 Biometric Biometric ADS Auth ADS Auth Any method ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous Email – ADS authentication HR – biometric with revalidation SAP – biometric authentication Roles Active Directory Sales, Financing Single Password (Win32, Web) Sales, Financing CRM Sales, Financing Web access Everyone Email Sales ADS, Financing ADS Citrix published applications Sales VPN access Sales User Set SAPSchedule Location Financing Role Sales Worktime Internal network Sales All Services & only Applications Everyone Finanicing Worktime only Internal network Financing Sales Worktime only Internal network Sales ADS Finanicing Worktime only Internal network Financing ADS All Users Anytime Anywhere Auth Users Access Allow Allow Allow Allow Allow Allow Allow Allow Deny Cognizance Built-In Applications Logon for Microsoft Windows, NDS and Citrix VPN and Remote Access client for CheckPoint and Microsoft Enterprise Single Sign-On (SSO) MS Windows, Web- or host-based applications Centralized, administrator-initiated and user-based SSO model Built-in XML scripts for popular applications Powerful language for new applications registration PKI client with support for CAPI and PKCS#11 Supports smart cards and virtual tokens Certificate issuance Automatic delivery of the certificates Self-service administration tool Maintains user profiles Manage SSO applications Register credentials New user sign up Allows policy driven new user self-registration 16 Cognizance User Self-Services Single user self-service tool allows: Centrally controlled profile maintenance by the user Register new SSO applications Enroll/change user credentials Register new network/VPN accounts Issue and install new certificates Store/load identity to smartcard, USB or virtual token Launch Panel Instant access to all authorized applications New user sign up Policy driven registration sequence Includes profile creation and credential enrollment 17 Benefit Analysis Productivity increase – Administrator Single administration tool increase administrator efficiency Role-based access control simplifies policy and application management Automatic policy generation reduces administrator workload Unified user identity model reduces number of duplicate accounts Single deployment installs multiple integrated applications, including network logon, SSO, VPN, user self-service and PKI client Easy and flexible smart card/virtual token deployment Simplified PKI deployment and use via user self-services User self-service tool reduces administrative workload Built-in enterprise SSO eliminates multiple password requirements Use of smart cards or biometrics can reduce need for passwords 18 Benefit Analysis –– Continued Productivity increase – User Single easy to learn self-service user interface Launch panel provides immediate access to authorized applications User can add new SSO applications, eliminating need for passwords Biometrics or smart card can reduce needs for passwords Automated sign up: fast productivity for new employees Disconnected user identity with virtual tokens Easy PKI deployment 19 Benefit Analysis –– Continued Security benefits Centralization of the information security Consistent security policy throughout the enterprise Flexible security targets specific danger areas, such as external access or after hours, without complicating regular user access Strong multifactor user authentication Easy deployment of smart card/virtual token combination 20 Benefit Analysis –– Continued Architecture benefits Framework approach: expandable architecture via Cognizance SDK Add custom data sources, authentication methods, policies, and applications High performance authorization architecture does not require fast connection between Cognizance server and authorized applications Special case: user identity on a smart card does not require connection to Cognizance server Large enterprise scalability with a standard load balancer and multiple installations of Cognizance server Can be used as part of managed services to provide security services to multiple enterprises 21 Cognizance Identity and Access Management www.cognizancesecurity.com Identity Management ● Authentication ● Authorization ● Administration The next generation security solution 2003 RSA Security Conference
