Transcript Document

Realizing the Promise of Web Networks
with Unified Access Management
__________________
Web-based Networks are Exploding
Q. What is a Web-based Network?
A. The building blocks of web eCommerce, including:
•
Extranets
•
Intranets
•
Portal Networks
•
ASPs
•
Digital Marketplaces
Quantity and Diversity of Users are Growing
Web-based Networks can include:
•
Employees
•
Partners
•
Customers
•
Suppliers
•
Investors
•
Distributors
•
Resellers
•
Retailers
Despite Fantastic Growth Everything is not
Perfect in the Web Enabled World
Organizations are facing a number of specific problems, including:
•
Controlling access to information of varying sensitivity.
•
Preventing fraudulent transactions.
•
Managing users with greatly differing access privileges.
•
Scaling to meet user numbers leaping into the hundreds of
thousands, and even millions.
•
Avoiding “Password Insanity” and managing dozens of
authentication methods.
•
Detecting threats and abnormal behavior once a user has been
authenticated and is using an application.
Organizations Faced With Difficult Decision
Because of these challenges, enterprises must either:
A. Scale to meet an increasing number of users but keep user
personalization simple, transaction value low and security
requirements minimized.
OR
B. Maintain a high level of authentication, authorization and
security, but limit number of users to keep administration
manageable.
Neither Option is Acceptable
To realize the economies of scale and high transaction
values important to the success of eBusiness initiatives
neither scalability nor security can be marginalized.
•
Without the ability to scale to millions of users of various types
(customers, employees, suppliers, partners, etc.), Web-based
Networks obviously limit their potential as transaction sizes
escalate.
•
Likewise, scalability without security and personalization limits the
potential value of transactions and the type of products and
services that can be offered.
So, how can you scale e-Business securely?
ClearTrust
TM
SecureControl
The Leading Solution for Enterprise Access Management
• Centralized Authorization and Policy Management
• Web Single Sign-on
• Personalization
• Authentication Management
• Delegated Administration
• Fraud Detection and Audit
Authorization & Policy Management
•
Centrally managing user access rights to all resources on a given
Web-based Network, including Applications, Dynamic Content,
Transactions and HTML Pages.
•
Providing fine-grain authorization determining which functions of
applications users are allowed to use. For example, a user may be
allowed to access an application, however within that application only
specific types of transactions could be appropriate for their position.
•
Authorization can be based on either Roles (such as Job Title,
Division, Company, etc.) or dynamically changing Smart RulesTM
(such as account balance, program level, etc.).
•
Centralized Policy Management allows Security Policy to be set in a
single place across an entire Web-based Network.
•
Policy Management also incorporates Policy Assessment, or real
time evaluation of security policy for holes and failure.
Web Single Sign-on
•
Users are only prompted for authentication one time across an entire
Web-based Network, improving their experience.
•
By implementing WSSO, password resets and management costs
are significantly reduced.
•
Password management is one of the most labor-intensive and riskprone IT functions, and costs between $200 and $300 per year per
user, assuming a organization does not have WSSO.
•
Security is improved due to a consolidated password policy
management capability.
•
WSSO is enhanced significantly through cross-domain SSO because
users are able to pass along credentials when switching domains.
Personalization
•
Personalization is key to creating a rich Portal experience.
•
Integration capabilities are important in being able to take existing
Portal code and make changes to take advantage of the WSSO
system for profile information to drive personalization.
•
User Self Registration and Profile Administration are important
areas for cost savings and automation of administrative tasks.
•
Allowing users to manage their own passwords is another area of
cost savings and reduction of administrative overhead.
•
None of these personalization capabilities can be realized unless
they are easy to implement, secure and auditable.
•
Securant’s full Security API sets in Java, C and COM enable
personalization without major integration efforts.
Authentication Management
•
Manage multiple types of authentication for different resources.
•
Plug-and-play interoperability with most common authentication
methods including Digital Certificates, RSA SecurIDTM Tokens, NT
Domains, LDAP and username/password.
•
API integration with other forms of authentication such as biometrics
or smart cards.
•
Support for multi-tier authentication. For example, access to the State
Portal may require only username/password, however access to
DMV applications or Retirement Account may require digital
certificate or token.
Delegated Administration
•
Delegated Administration is accomplished using a technology called
Virtual Business UnitsTM (VBUs), which allows administrators to push
user and resource management out to divisions, groups, partners,
employees, etc.
•
VBUs are groups of users and resources which are managed by their
associated local administrators.
•
Administrators are given specific management rights, such as the
ability to create new users, reset passwords, or assign access to a
given application.
•
Privacy can be maintained between VBUs to protect confidential
data, for example DMV adminstrators would never see the users
associated with State Retirement Fund application.
•
VBU’s enable a common infrastructure approach that extends the
security model while sharing the supporting infrastructure.
Fraud Detection & Audit
•
By monitoring user activity within applications and setting specific
limits, organizations are able to detect threats before a fraudulent
transaction is made.
•
Once a threat is detected at the application level, responses vary
from notifying an administrator, suspending the account or to closing
the network port being used for access.
•
Audit logs track all user, admin and API activities and can provide
documentation of transactions, authentications, administration, etc.
•
End-to-end audit: you only have to look in one place for all activity
and reporting therefore simplifying administration.
What are the advantages?
• User Experience is improved
• Administration is improved
• Security is improved
User Experience is Improved
•
Seamless access to multiple sites within a Web-based network
saves users time and frustration.
•
Web Single Sign-on means users no longer have to remember
multiple passwords.
•
Personalized user experience means users can only see and access
applications applicable to their jobs or roles.
•
Through delegated administration, users work with their local
administrators for common problems, such as resetting passwords
and changing access privileges.
•
Self-service capability allows users to register, manage their own
password, change application profiles, etc..
Administration is Improved
•
IT is no longer a bottle neck because administration of users and
resources is delegated to internal divisions, partners or customers.
•
Single Sign-on means fewer password resets for administrators,
saving time and money.
•
Tight integration with existing infrastructure (databases,
directories, etc.) minimizes the need for duplicate data input.
•
Rule-based Access Control allows access privileges to change
dynamically, based on user properties or attributes.
•
User access can be revoked from all Web-based resources with a
single action.
Security is Improved
•
Users only have access to applications and information appropriate
for their role or position.
•
Ability to control access to resources using dynamic conditions such
as account status, training, program level, etc.
•
Single Sign-on decreases likelihood user passwords are simple,
written down, or re-used.
•
Authentication management means more sensitive applications can
require higher levels of authentication.
•
Application Monitoring and Fraud Detection provide the only
available application-level user activity monitoring and response.
•
Integration with network level security allows application misuse to
be responded to with network level user elimination.
Integration With Industry Leading
Technology
Who is Using ClearTrustTM
Securant Overview
•
•
•
•
•
5 Years Providing Secure eBusiness Solutions to
Fortune 500 Firms
Headquartered in San Francisco
Global Capability - Offices in NYC, London,
Chicago, Denver, LA, Toronto, Phoenix,
Minneapolis, Dallas, DC, Philadelphia, Paris,
Houston, Atlanta, Munich, Sydney
260+ Employees; 400 by year end
Commitment to total product concept, including
professional services, training, technical support,
ongoing development, testing and integration
Securant Enables eBusiness
with Scalable Security!
• Centralized Authorization and Policy Management
• Web Single Sign-on
• Personalization
• Authentication Management
• Delegated Administration
• Fraud Detection and Audit
Thank You
For More Information on Securant
Visit our Web Site:
http://www.securant.com/