Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date
Overview Cloud benefits Agility Flexibility Cost savings have created some common myths with regards to cloud-based authentication Security: it isn t secure Control: it is complex & hard to implement Automation: difficult to provision users Choice: Limited token choice TCO: hidden costs & high upfront infrastructure investments 2
1] SECURITY: Cloud-based authentication isn t as secure as server-based authentication 3
SafeNet Authentication Service Architecture SafeNet Authentication Service SafeNet Authentication Service User Repository Portals Group Subscriber 1 SafeNet DataCenter Safenet DataCenter 1 Token Repository Engines Agents Security Policy LDAP Synch Authentication SMS via HTTP(S) Email via SMTP Internet SMS Gateway (Subscriber or SP selected) User Self-Service Migration Provisioning Self-Enrolment Solutions Reporting/Alerts SMS message Virtual Server Management & Admin Reports & Alerts User service requests 4 5 User information 5 Migrations Agent SAML Authentication Request Radius Authentication Request Authentication Request 2 Administrator Tokens Users Agent 3 User Repository Existing RADIUS Server Access Devices Agents 4
Security What sensitive data is being used or Stored in SAS User Names Shared Keys Seed files Authentication requests 5
Security OTP Seed data is protected using FIPS 140-2-certified hardware security modules, ensuring that authentication sensitive data is never exposed. Customer user directories are synched with SafeNet Authentication Service using a lightweight synchronization agent. All communication between this agent and the service point of presence (POP) is encrypted with AES256 encryption running on Secure Tunnel Service Points of Presence run at military grade datacenters, ensuring physical protection, network protection and monitoring, and network and power resilience. SafeNet Authentication Service is designed to ensure a multi-tenant/multi-tier architecture, ensuring data separation between tenants of the service. The scalable architecture of SafeNet Authentication Service ensures high availability and disaster recovery. 6
2] CONTROL: It is complex to set up, and hard to implement 7
The real world SafeNet Confidential and Proprietary 8
Protect Everything with SAS Tokens & Users Public Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active Directory Agent Private Cloud Services SAML SAML Corporate Network LDAP / Active Directory Application Hosting Corporate Network Online Storage Collaboration Tools Administrator LDAP / Active Directory 9
3] AUTOMATION: Difficult and time-consuming to re-provision existing users, and enrol new users 10
Automation Provides you the ability to rapidly scale, deploy authentication and customize your own Authentication needs at the same time it takes to drink a coffee, for example: Enrolment process Self Service options/customisation Reporting automation/customisation Security Policy's in relation to OTP s Branding And much more
Automate everything SafeNet Authentication Service automates everything, reducing management time, the main cost of a strong authentication solution User Synchronisation Security Policy Application Token Provisioning Self Enrolment SAML Service Registration Alerts Reporting 12
Automation Example SAS offers full automation, including: Token provisioning Security rules definition engine Once created rules applied automatically Alerts SAML service registration Self enrolment Self service Reporting Reporting and Alerts Self- Enrollment LDAP Changes Auto Update SAS Auto- Provision User
4] CHOICE: Only one token choice per user, and can t use existing authentication tokens during the migration 14
Token Options Choose the right token type for each user: Phone based Software Multiple hard tokens Tokenless either SMS or Grid based Our Authenticators: Don t expire Can be included in the service charge Seed keys can be generated by the customer Can be re-assigned to new users Self enrollment options reduces administration OTP & PIN complexity defined by the customer Provides the lowest overall total cost of ownership Supporting 3 rd party tokens enables an orderly and cost effective migration 15
Widest choice of tokens & 3rd party Authenticators for every user type and an increasing focus on commoditisation Multi Platform H/W BlackBerry ios OSx Android Microsoft Microsoft SMS Java USB Grid Authenticators that: Don t expire Seed keys can be owned by the subscriber Can be easily re-assigned to new users Easy deployment saves cost and time A token can be included in the service charge
Radius Tokens RADIUS Tokens Migrate any 3 rd party token to SafeNet Requires 3 rd party server during migration Benefits Authentication history Automated replacement based on expiration date, group membership Fast on-boarding: Configure 3rd party Auth Server as RADIUS authnode Works with SAML, RADIUS, Agents 17
5] TCO: hidden service & maintenance costs and high upfront infrastructure costs 18
TCO 19
TCO 20
TNT slide customer use case No infrastructure deployed to TNT Express premises Resilient cloud based service allowing for easy re-use of the service globally Low per user per month token cost allowing for integration with the remote access service, offering an integrated and robust solution Cost the same as old remote access solution but offers, Strong authentication as standard More flexible access options Flexible form factors allowing easier deployment and acceptance of the technology Lower TCO of the existing Authentication solution Time to provision a user down from 5 days to 30 minutes 21
The market and our position SafeNet is Set to Dominate Customers Agree A selection of SAS customers
Global Trends as-a-service is Accepted by Customers Authentication-as-a-Service is HOT! Gartner predicts that, by 2017, more than 50% of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations, up from less than 10% today. Gartner MQ for User Authentication, 2012 $13bn by 2015, with 47% in North America Source: The 451 Group Cloud Computing Market Monitor, August 2012 SAS is absolutely the hottest product! 23
SafeNet SAS Key Benefits 1 Protects everything: networks, applications and cloud services; 2 Protects everyone: and provides choice: tokens, policies and customization 3 4 Easy migration: move from an existing solution whilst protecting the current investment Automates everything: to reduce overheads and maximise effectiveness 5 Saves money: on infrastructure and resource investments
25
We protect the most money that moves in the world, $1 trillion daily FOUNDED 1983 We protect the most digital identities in the world We protect the most classified information in the world For authentication we are a Magic Quadrant Leader REVENUE ~500m EMPLOYEES +1,500 In 25 countries GLOBAL FOOTPRINT +25,000 Customers in 100 countries ACCREDITED Products certified to the highest security standard 130 FIPS Certificates
Get Connected https://mobile.twitter.com/safenetuk http://www.linkedin.com/groups/safenet-2980718?gid=2980718 http://www.youtube.com/safenetinc www.facebook.com/safenetinc
Thank you Jason Hart CISSP CISM VP Cloud Solutions Jason.Hart@Safenet-inc.com