AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical and logical access EMAIL & DOCUMENT DIGITAL SIGNATURE AND ENCRYPTION Certify origin & non-tampering of emails & docs and eliminate SPAM PROTECT AND ENCRYPT DATA (EMAIL, LAPTOPS, USBS ) Reduce data loss risk when devices are stolen / hacked FRICTIONLESS AUTHENTICATION Enable endpoint access with additional security when speed and ease are critical WORKSTATION LOGON Logon to laptop/desktop and Windows domain / replacing password by trusted credential CLOUD APPLICATIONS LOGON Single Sign-On to cloud applications POS / TIME + ATTENDANCE Leverage contactless card to clock in/out and pay at the cafeteria VPN / WiFi ACCESS Secure connection to Wireless network and Virtual Private Network SECURE PRINT Follow me printing where collection of the print job requires authentication at the Multifunction Printer 2
Challenges IT Faces with Current Approach Technology exists but products are deployed as silos, not solutions Costly & Complex PKI systems and Credential management systems require tough-to-find expertise IT Teams are faced with increasing technology challenges and constrained budgets IT Role is evolving to managing risks, resources and access 3
Axiad ID Cloud: Trust Identities from Employees, Contractors, Partners and Customers. Trust Your Infrastructure to Enable and Grow Your Business.
Delivering Trusted Identities Through the Cloud Fully-hosted service: deployed, managed and operated by Axiad IDS Modular identity solutions platform Cost-effectively implement and manage a mix of user credentials Major Benefits Removes complexity Reduces risk Easily deployed, maintained and managed Extra layer of security with Virtual Private Cloud Lowers upfront investment Operational in days vs months POWERED BY PROVEN PRODUCTS 5
Axiad ID Cloud Options: TRUSTED USER: PKI IDENTITY TRUSTED USER: FLEXIBLE AUTHENTICATION TRUSTED INFRASTRUCTURE Consolidated Reporting & Analytics for all devices, identities, credentials Supported Standards: LDAPv3, HTTS, SSL/TLS, x509, RADIUS, Syslog, FIPS-201 Supported Systems include: Windows 7, 8, 10 & 2008 and up Servers, Mac OS, ios, Android Helps complying with: PCI-DSS, HIPAA, FFIEC, SP 800-53, SP 800-171 Dedicated Virtual Private Cloud 99.9% Availability 24/7 Monitoring 8x5 Level 2 Support Reporting & Analytics On-line Dashboards 6
Axiad ID Cloud Trusted User PKI Identity Service Provides PKI/smart card and mobile device based high assurance digital identities
PKI Identity Service: What Does It Address? Do you know who is accessing your systems? Are you using passwords to login to your corporate machine and domain? How much is spent in password reset calls? What would the impact be on your business if a password was compromised? How important is user experience for your mobile users? 8
Features USE CASES 1. Strong authentication Smart Card Logon to Workstation & Domain Web SSL Client Authentication, x.509 enabled applications 2. Secure e-mail on Desktop and Mobile Devices Signature and Encryption 3. Enables Document Signature and Encryption ADMINISTRATION CAPABILITIES 1. Certificate and smart card life cycle management Issuance, Revocation, Suspend/Resume, Key Escrow/Recovery 2. Helpdesk and Self Service Portal 3. Mobile device enablement Provisioning for VPN, Exchange and WiFi over-the-air (SCEP) 9
Features AUDITING AND REPORTING Top active operators and end-users Activation, Revocation, and Expiration Number of permanent/ temporary cards issued Card inventory status (available, issued, revoked) OPTIONS Publically Trusted Certificates (WebTrust) Federal Bridge / EPCS Certificates Smart card printing options: Local or Service Bureau Integration with Physical Access System (PACS) 10
Axiad ID Cloud Trusted User Flexible Authentication Provides one-time password (OTP) based authenticators, lifecycle management, and authentication
Features AUTHENTICATION DEVICES Hardware tokens with support for HOTP/TOTP Mobile tokens Google Authenticator Email-token AUTHENTICATION Authentication via a REST API and SAML Optional: Plugins available for 3 rd party applications Yubikey in all modes: OATH HOTP, Challenge Response, Yubico AES 12
Features MANAGEMENT Manage tokens life cycle: Assign/Enroll Suspend/Revoke PIN management (Set/Reset/Unlock) Lost / Stolen token emergency access SELF-SERVICE WEB PORTAL Enroll new tokens via QR- Code (Google Authenticator), seed file or via serial number of the token PIN management (Set/Reset/Unlock) View the audit log 13
Axiad ID Cloud Trusted Infrastructure Provides digital identities for IT systems
What Does It Address? How many PKI credentials are currently deployed on key systems in your enterprise? Who authorized the issuance? Are they still valid? How fast can you replace them if they are compromised? How many people know where credentials are deployed and how to manage them? 15
Features CAPABILITIES Protect your corporate systems by issuing x-509 certificates to systems and devices Workstations, domain controllers, and databases AUDITING & REPORTING Top active operators Number of active, revoked, and recovered certificates SSL web servers, firewalls, routers, network equipment and other x.509 enabled infrastructure components 16
Features ADMINISTRATION Certificate life cycle management: Automated enrollment, renewal, recovery and cancellation, and batch enrollment (SCEP) of non-person-entities PKI certificates and keys Flexible business process workflows: Self-service portal for certificate and key pair recovery Approval and notification workflow Self-enrollment portal for certificate signing request and certificate retrieval 17
Axiad ID Cloud Trusted Infrastructure MOST COMMON USE CASES SSL certificates for web servers: As of 11/2015 Public certificates will no longer be issued for private servers (CABForum) Secure WiFi with PKI certificates: Ensure that only authorized machines connect to WiFi Secure access to your physical LAN (802.1x) Ensure that only authorized machines connect to your physical LAN Certificates for network equipment 18
Axiad ID Cloud Security Overview
VPC A Secure Extension of Your Corporate Network SECURE AND COMPLIANT HOSTING ON AMAZON WEB SERVICES NO CO-MINGLING OF DATA! Customer 1 VPC Customer 1 VPN Customer 3 AXIAD OPERATIONS Dedicated FIPS 140-2 Level 2 Hardware Security Module key generation and storage 99.9% Availability SLA Highly secure SP800-53 Moderate Impact Security Program Compliant SOC2 compliant* *in process AWS VPC Customer 2 VPC Customer 3 VPN VPN Granular Authorization, Audit trail of Admin accesses (user, time, location) Exclusively accessed with 2-factor authentication NIST CyberSecurity Framework / SP 800-53 / SOC2 https://aws.amazon.com/security/ Customer 2 20
Axiad ID Cloud: Secure and Simple IAM Gartner 2014 By year-end 2017, about 50% of organizations will choose cloud-based services as the delivery option for new or refreshed user authentication implementations, up from about 20% today. https://www.youtube.com/watch?v=rei30obkabc http://media.amazonwebservices.com/pdf/aws_security_whitepaper.pdf 21
Overview of Authentication options
Comparison Table: Overview SOLVES Password OTP SW Token OTP HW Token Software Certificate Axiad ID Cloud Security Strength Functionality & Flexibility Usability Complexity Cost Fulfillment scale None All 23
Comparison Table: Use Cases USABILITY Password OTP SW Token OTP HW Token Software Certificate Axiad ID Cloud Corporate Badge & Physical Access VPN Authentication (Network) Online Workstation / Domain Login Offline Workstation Login Require Client Software for Login Screen Lock Enforcement Citrix / VDI / RDP Authentication Disk & File Encryption Key Storage Email Encryption Email Signing Other (Code signing, Form signing, etc.) Authentication (Web application) Authentication (Desktop application) Fulfillment scale None All 24
Comparison Table: Administration CORE CONSIDERATIONS Password OTP SW Token OTP HW Token Software Certificate Axiad ID Cloud Decrease Helpdesk calls Reusable for varying initiatives Open standards Authentication replay Credential strength & resistance Defense from social engineering Interoperability Credential revocation Fulfillment scale None All 25
Axiad ID Cloud Summary Options TRUSTED USER: PKI IDENTITY PKI/Smart Card + Mobile Device based high assurance digital identities TRUSTED USER: FLEXIBLE AUTHENTICATION One-time password (OTP) based authenticators lifecycle management and authentication TRUSTED INFRASTRUCTURE Digital identities for IT systems Model: User/Year Model: User/Year Model: Identity/Year Workstation, PKI logon (Windows & Mac) VPN, WiFi, Web authentication Email signing and encryption Key history recovery Card and credential lifecycle management Support for a wide range of authentication devices Support for a wide range of authentication methods Device life cycle management Simplified management and self service FIPS 140-2 Level 2 HSM key storage & generation Dashboards & Analytics Workstations, domain controllers, SSL, web servers Network equipment Scalable deployment (including SCEP) Credential lifecycle management Options: FIPS 140-2 Level 2 Smart Cards PACS options (PROX, iclass, SEOS) Card printing Mobile Device Management integration Public Secure email (WebTrust / Federal Bridge) EPCS Certificates 26
QUESTIONS? 27
For more information: Bassam Al-Khalidi sales@axiadids.com +1(650) 426-8653 AXIAD IDS CLOUD SOLUTION 28
www.axiadids.com 29