Cognizance Identity and

dashingincestuousSécurité

22 févr. 2014 (il y a 3 années et 8 mois)

100 vue(s)

Cognizance Identity and
Access Management

Identity Management


Authentication


Authorization


Administration

The next generation security solution

www.cognizancesecurity.com

2003 RSA Security Conference

2

Agenda


Identity Management Objectives


Cognizance Solution


Demo


Features


Benefits

3

Identity Management Objectives


The problem:


Multiple accounts per employee

Growing number of applications
and platforms

Access from employees, business
partners, customers & suppliers


Open enterprise cannot rely on the disappearing
physical perimeter for security



Email


Network


SAP


Citrix


VPN


Web


More …


Finance

Marketing

Sales

Service

B2B

Partners

Customers

Employees


60% of fraud is internal


Increase in portals failure


Control over email groups


Failing policies & procedures


4

Identity Management Objectives


The problem:


Multiple accounts per employee

Growing number of applications
and platforms

Access from employees, business
partners, customers & suppliers


Open enterprise cannot rely on the disappearing
physical perimeter for security

Increase access flexibility and security without
budget increase

5

Cognizance Solution


The solution:

Consolidated security framework:


users, policy & applications

Consistent user identity combines
multiple user accounts

Strong authentication and role based access
control



The right information


To the right people


Any application


Any time


Anywhere


Role/

Resource

Sales

Logistics

Guest

HR

Logon

X

X

X

Print

X

X

X

DB Access

X

CRM

X

Web

X

X

Intranet
App

X

X

X

Payroll

X

Education

X

X

This is a Role

6

Cognizance Solution


The solution:

Consolidated security framework:


users, policy & applications

Consistent user identity combines
multiple user accounts


Strong authentication and role based access
control

Delegated administration and user self
-
service


Centralized


Delegated


Self Management


User Self
-
Registration


7

Cognizance Solution


The solution:

Consolidated security framework:


users, policy & applications

Consistent user identity combines
multiple user accounts

Strong authentication and role based access
control

Delegated administration and user self
-
service

Built
-
in identity applications and services


Network logon


VPN and Remote Access


Single Sign
-
On


PKI support


Web Access


8

User

Identity



User Profile


Network accounts


Application list


Encryption keys


Shared tokens


Certificates


Virtual Tokens


Multiple Roles


SSO XML scripts


Application data


Cognizance Identity & Access Management


Password


Certificates


Smart cards


Biometrics


USB Tokens


Virtual tokens


Other/Custom


Authentication method


Time


Date range


Group/unit membership


IP Address range


Ports and protocols


Business rule based


Custom


User administration


Profile maintenance


User registration


Group operations


Credential store


Multi directory support

Applications & Services

Logon

MS & Novell

Web Access

Self Service

Single Sign
-
On

VPN

Remote Access

Citrix

Metaframe

PKI Client

Authentication

Authorization

Identity

Management

9

The Market

Analyst firm IDC expects this market to grow from $2.6
billion in 2002 to nearly $6 billion by 2006


Based on a Gartner survey of 30 senior security executives
in large companies, many organizations already have
internal secure identity management initiatives underway:


80% of Financial Services


70% of Retail


70% of High Tech

10

What the analysts are saying…

“The typical enterprise must manage increasingly virtual relationships
with employees, contractors, customers, partners, suppliers, and a
variety of other network constituents. The old way of thinking about
corporate boundaries and network security

the firewall as an
impenetrable perimeter

no longer apply.

Suddenly, the ability to manage identity has a direct impact on your
company’s brand and its ability to adapt to new business models. Do it
well and your company can make money in new ways. Do it poorly and
your company will be damaged severely.”


Jamie Lewis

CEO and Research Chair

Burton Group

11

Cognizance Administration Center

Cognizance Administration Center

Manages users, user profiles, policies and applications from a single
administration tool

Manages all aspects of user identities across multiple directories

Provides a consistent view of the enterprise security model

Supports delegated administration

Web enabled

Includes a complete smart card

management system

Allows centralized SSO application

registration

12

Cognizance Administration Center



13

Cognizance Multifactor Authentication

Provides the following authentication methods out
-
of
-
the
-
box:

Password

Single
-
use password

Smart card and USB token

Virtual token (encrypted containers with the user identity)

Digital certificates

Biometrics

Supports any arbitrary combination

of the above authentication methods


Allows the use of multiple

alternative authentication methods

per user


Supports interface for plug
-
in

authentication methods

14

Cognizance Role
-
Based Authorization

Dynamic and static policy elements

Authentication method, time, date, IP address and protocols

Automatic policy generation based on business rules

User sets allow combining users from different groups and directories

Role Based Authorization and

Access Control (RBAC)

Maps complex policies and business

rules to multiple roles

Simplifies policy management

Reduces the number of policy

relationships

Simplifies application management

Provide both application role and role

application views of the enterprise

access control

15

Cognizance Role
-
Based Authorization



Role of a Sales Person

ADS biometric Logon

SSO biometric access

CRM biometric access

Web


anonymous

Email


ADS authentication

Citrix published applications


biometric access

VPN access `
-

password



Role of a Finance Person

ADS biometric Logon

SSO biometric access

CRM biometric access

Web


anonymous

Email


ADS authentication

HR


biometric with revalidation

SAP


biometric authentication


Application
Roles
Access
Active Directory
Sales, Financing
Allow
Single Password (Win32, Web)
Sales, Financing
Allow
CRM
Sales, Financing
Allow
Web access
Everyone
Allow
Email
Sales ADS, Financing ADS
Allow
Citrix published applications
Sales
Allow
VPN access
Sales
Allow
SAP
Financing
Allow
All Services & Applications
Everyone
Deny
Authentication
User Set
Schedule
Location
Role
Biometric
Sales
Worktime only
Internal network
Sales
Biometric
Finanicing
Worktime only
Internal network
Financing
ADS Auth
Sales
Worktime only
Internal network
Sales ADS
ADS Auth
Finanicing
Worktime only
Internal network
Financing ADS
Any method
All Users
Anytime
Anywhere
Auth Users
16

Cognizance Built
-
In Applications

Logon for Microsoft Windows, NDS and Citrix

VPN and Remote Access client for CheckPoint and Microsoft

Enterprise Single Sign
-
On (SSO)


MS Windows, Web
-

or host
-
based applications

Centralized, administrator
-
initiated and user
-
based SSO model

Built
-
in XML scripts for popular applications

Powerful language for new applications registration

PKI client with support for CAPI and PKCS#11

Supports smart cards and virtual tokens

Certificate issuance

Automatic delivery of the certificates

Self
-
service administration tool

Maintains user profiles

Manage SSO applications

Register credentials

New user sign up

Allows policy driven new user self
-
registration

17

Cognizance User Self
-
Services

Single user self
-
service tool allows:

Centrally controlled profile maintenance by the user

Register new SSO applications

Enroll/change user credentials

Register new network/VPN accounts

Issue and install new certificates

Store/load identity to smartcard,

USB or virtual token

Launch Panel

Instant access to all authorized

applications

New user sign up

Policy driven registration sequence

Includes profile creation and credential

enrollment


18

Benefit Analysis

Productivity increase


Administrator

Single administration tool increase administrator efficiency

Role
-
based access control simplifies policy and application management

Automatic policy generation reduces administrator workload

Unified user identity model reduces number of duplicate accounts

Single deployment installs multiple integrated applications, including
network logon, SSO, VPN, user self
-
service and PKI client

Easy and flexible smart card/virtual token deployment

Simplified PKI deployment and use via user self
-
services

User self
-
service tool reduces administrative workload

Built
-
in enterprise SSO eliminates multiple password requirements

Use of smart cards or biometrics can reduce need for passwords

19

Benefit Analysis
––

Continued

Productivity increase


User

Single easy to learn self
-
service user interface

Launch panel provides immediate access to authorized applications

User can add new SSO applications, eliminating need for passwords

Biometrics or smart card can reduce needs for passwords

Automated sign up: fast productivity for new employees

Disconnected user identity with virtual tokens

Easy PKI deployment

20

Benefit Analysis
––

Continued

Security benefits

Centralization of the information security

Consistent security policy throughout the enterprise

Flexible security targets specific danger areas, such as external access or
after hours, without complicating regular user access

Strong multifactor user authentication

Easy deployment of smart card/virtual token combination


21

Benefit Analysis
––

Continued

Architecture benefits

Framework approach: expandable architecture via Cognizance SDK

Add custom data sources, authentication methods, policies, and applications

High performance authorization architecture does not require fast
connection between Cognizance server and authorized applications

Special case: user identity on a smart card does not require connection to
Cognizance server

Large enterprise scalability with a standard load balancer and multiple
installations of Cognizance server

Can be used as part of managed services to provide security services to
multiple enterprises

Cognizance Identity and
Access Management

Identity Management


Authentication


Authorization


Administration

The next generation security solution

www.cognizancesecurity.com

2003 RSA Security Conference