Cracking the Access Management Code for Your Business

Similar documents
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

5 OAuth EssEntiAls for APi AccEss control layer7.com

5 OAuth Essentials for API Access Control

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Single Secure Credential to Access Facilities and IT Resources

CipherCloud CASB+ Connector for ServiceNow

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Privileged Account Security: A Balanced Approach to Securing Unix Environments

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Crash course in Azure Active Directory

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Accelerate Your Enterprise Private Cloud Initiative

HIPAA Regulatory Compliance

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

SAP Security in a Hybrid World. Kiran Kola

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Digital Workspace SHOWDOWN

Oracle API Platform Cloud Service

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

The Why, What, and How of Cisco Tetration

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cisco Cloud Application Centric Infrastructure

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

white paper SMS Authentication: 10 Things to Know Before You Buy

RHM Presentation. Maas 360 Mobile device management

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Authlogics for Azure and Office 365

MaaS360 Secure Productivity Suite

Deliver Data Protection Services that Boost Revenues and Margins

SIEM Solutions from McAfee

Keep the Door Open for Users and Closed to Hackers

How the Next-Generation PC X Server Maximizes the Value of Your UNIX Applications

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Secure Access & SWIFT Customer Security Controls Framework

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

INTELLIGENCE DRIVEN GRC FOR SECURITY

Delivering Complex Enterprise Applications via Hybrid Clouds

Achieving effective risk management and continuous compliance with Deloitte and SAP

Challenges and. Opportunities. MSPs are Facing in Security

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

CA Security Management

ALERT LOGIC LOG MANAGER & LOG REVIEW

Comprehensive Database Security

CISCO SHIELDED OPTICAL NETWORKING

Virtual Machine Encryption Security & Compliance in the Cloud

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Secure Remote Access with Comprehensive Client Certificate Management

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Design and deliver cloud-based apps and data for flexible, on-demand IT

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

EXECUTIVE VIEW. KuppingerCole Report

Managing the Risk of Privileged Accounts and Passwords

Mobile Devices prioritize User Experience

Are You Flirting with Risk?

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Google Identity Services for work

Are You Flirting with Risk?

Azure Active Directory B2C. Daniel Dickinson Enterprise Mobility Specialist

Mapping BeyondTrust Solutions to

Comodo Certificate Manager

SIEM: Five Requirements that Solve the Bigger Business Issues

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Make security part of your client systems refresh

WHITEPAPER. How to secure your Post-perimeter world

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Getting the Most out of Access Manager

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Solution. Imagine... a New World of Authentication.

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Network Visibility and Segmentation

the SWIFT Customer Security

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

SYMANTEC DATA CENTER SECURITY

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

Expertise that goes beyond experience.

Novell Access Manager 3.1

locuz.com SOC Services

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

Centrify Identity Services for AWS

Run the business. Not the risks.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

EXECUTIVE VIEW. One Identity SafeGuard 2.0. KuppingerCole Report

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

An ICS Whitepaper Choosing the Right Security Assessment

DreamFactory Security Guide

BlackBerry 2FA. Datasheet. BlackBerry 2FA

ORACLE ENTERPRISE COMMUNICATIONS BROKER

Overcoming Business Challenges in WAN infrastructure

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Identity Management: Setting Context

White Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection

Transcription:

White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access management (IAM) solution a must, but too often it s treated as an afterthought. This white paper provides a perspective on how IAM can be used to build a reusable set of access management services (Access Security Layer) for both your new and existing applications. This approach simplifies access management for all of your applications and digital services.

As the number of unmanaged applications grows, the challenge to secure them becomes more precarious. The Accidental Architecture Commonly, the applications and services needed to run an organization grow over time. As digital transformation expands across businesses, delivering secure access has made a modern IAM solution a must, but too often it s treated as an afterthought. In the end, organizations are left with a slew of applications that amount to an Accidental Architecture where secure delivery and access control occur in ad hoc fashion and often takes an enormous effort. Not only do some customized applications lack the needed security layer to protect themselves, but as part of an Accidental Architecture they re not within a cohesive IAM infrastructure. This white paper provides a perspective on how IAM can be used to build a reusable set of access management services (Access Security Layer) for both your new and existing applications. This approach simplifies access management for all of your applications and digital services. Exacerbating the security challenge is the widespread use BYOD and other unmanaged devices by all types of users. Beyond the devices themselves, the truth is that business leaders commonly drive the purchase of applications, services, and other resources on their own, or with just the cursory involvement of IT. It is this approach that breeds the Accidental Architecture and limits the effectiveness of whatever IAM infrastructure is in place. As a result, these short-sighted purchases often occur without consideration for any scalable access control or single sign-on. It s later after access fatigue sets in that the pains of security and the desire for convenient access rise to the top of the organization s shortlist. At some point, Figure 1. An Accidental Architecture can leave organizations with a shaky infrastructure. the people responsible for making it all work begin to tire of the critical mass of these one-off implementations. Beyond the security needs, users want a single experience where their tools are easy to find and access, and at the end of the day, the business takes a hit if they can t provide it. So, while the Accidental IAM is often the organization s default architecture, it s not the desired one. 1

White Paper Cracking the Access Management Code for Your Business Why Have an Access Security Layer? This reality of delivering secure access to all corporate applications is a paradigm shift for most organizations. Historically, applications have been implemented to support discrete departmental functions where information is tightly tied to the application platform and ultimately to a vendor. As a result, most IT organizations are saddled with an IT architecture that represents a timeline of good decisions that solved departmental problems at a particular point in time. Most of these systems, however, were not designed to integrate across a single security framework or to securely take advantage of the Cloud. There are a number of reasons why organizations find themselves with an Accidental Architecture, but the result is always the same environments that are inherently less secure while being more costly to manage. The reason why the Accidental Architecture leads to access fatigue is because it is labor-intensive and expensive to protect the many one-off applications while delivering secure access across all of them. Instead, the organization has silos of functionality that result in a greater amount of integration work and an increase in complexity. The root problem is the lack of a central lifecycle process for authentication and authorization. Figure 2. A properly designed Access Security Layer is flexible and comprehensive to support any user, device, and location. It spans across all cloud and legacy services.. 2

Businesses need to keep access as convenient as possible and the level of security invoked needs to match the risk at hand. Any Application Now that we live in a world where business resources can reside just about anywhere, there needs to be a scalable way to securely control access to them. And because some of these services are often specialized, IT can be faced with the task of bringing multiple applications into a single, simple user experience. The resources themselves can range from having LDAP integration, to federation support, to having nothing at all. The Access Security Layer needs to encompass all of them. Any Device from Any Location A well-designed Access Security Layer (ASL) provides access control and single sign-on for your applications on any device used from any location. When you stop and think about the risks associated with the any approach, it s clear that organizations need the ability to account for a variety of remote and mobile situations from which protected information is being accessed. While the business needs to keep access as convenient as possible, the level of security invoked needs to match the risk at hand. A remote user requesting access from a known device from an expected location poses less risk to the business than an unfamiliar device from a foreign location. Figure 3. Access control and single-sign-on can be provided for any device or from any location with a well-designed ASL. 3

White Paper Cracking the Access Management Code for Your Business Not Just Anybody, but Everybody The key to onboarding a new digital consumer (customer, patient, citizen, etc.) is to make it easy to become a known user. There are a few essential steps to make that happen: Provide a way for these users to sign-up or create an account. In a world of too many credentials, people usually prefer the option of using their social (Facebook, Google, Twitter, LinkedIn, etc.) authentication. When you do this, you are lowering the threshold that many customers have for business engagement. Offer self-service onboarding. Customers or other users, such as patients or citizens, can enter their profile or other information needed to automate their identity across your environment. Match user verification to the risk at hand. Don t make accessing your service harder than it needs to be. If the information at hand is low risk and you have indicators (known device, expected location, repeated access, etc.) verifying the person s identity, then make it easy. Higher levels of identity verification should be reserved for situations where sensitive or regulated information might be at risk: for example, lost customer trust, financial risk, or government mandate. The goal is to attain a customized balance between delivering a frictionless user experience and applying the right amount of security. Today you need to be expert in onboarding your digital customers: Registration User verification Account management Privacy and consent management Figure 4. Proficient onboarding of your digital customers makes it easy for them to become a known user, matching verification to need.. 4

Authentication Services: 1. Federation 2. Advanced Authentication 3. Authentication Web Services 4. Identity Web Services What Is an Access Security Layer? The Access Security Layer (ASL) approach centralizes IAM functions and delivers them as a reusable service from which applications can be integrated or protected. ASL simplifies the processes and infrastructure needed to manage identity and accelerates application implementation by providing robust integration capabilities. The ASL consists of four areas of service. Authentication Services Federation The authentication model of choice, where a trust is set up between the service provider and the identity provider. Most modern applications, both internal and cloud-based, now integrate with an Identity Provider. It is critical that the service layer supports all the current and emerging federation protocols (SAML, OAuth, OpenID Connect, etc.). The ASL can also consume external authentication sources. Advanced Authentication This is becoming a firm requirement for most environments in order to maintain security while facing increasing attacks from outsiders. The most effective way for you to manage risk while keeping access simple and convenient is to implement a risk-based authentication approach. For situations that require a higher level of user verification, advanced authentication provides a variety of options for multi-factor authentication and strong authentication. Advanced authentication is used as a single framework for multi-factor authentication, typically to comply with a mandate, as well as invoking frictionless strong authentication methods. Authentication Web Services Because these web-based services can reside virtually anywhere, there are times when communication between them requires authentication for security and nonrepudiation. Identity Web Services These services provide access to identity attributes that could come from multiple repositories. This approach allows the Identity Provider to supply virtualized access to its information while keeping the back-end repositories secure. 5

White Paper Cracking the Access Management Code for Your Business Security Gateway Services This Set of Services Provides Three Key Benefits: The first benefit is that you now have an enabling point of integration where legacy applications that aren t able to consume the Authentication Services directly are still protected. The gateway acts as a proxy that can be a policy enforcement point and that provides integration options to send data to applications. This type of service might be needed for legacy applications or small, specialized services that don t contain any level of protection or access control. Key Benefits of Security Gateway Services: Enabling point of integration where legacy applications are protected. Seamless user experience. Additional layer of security. The second benefit is delivering a seamless user experience by making multiple back-end applications appear to be a single application. This virtualization requires complex and powerful capabilities to route requests and to do an in-flow modification of both requests and responses. The gateway provides this same type of access services regardless of the type of device being used. The third benefit is providing an additional layer of security. The proxy hides the various native application platforms behind a consistent, hardened interface to the outside world. This added protection can prevent exposure to vulnerabilities possibly contained in applications and services. The proxy can also do coarse-grained authorization to enhance or replace what the applications do themselves, which provides centralized enforcement of access policies. Identity Services The Identity Service performs the creation, management, storage, and communication of identity information. Connection with identity stores is dependent on powerful integration tools for both internal and external objects. This includes users as well as a limitless variety of devices and their diverse attributes, which speaks to the notion that when properly designed identity powers access. This service must also provide a robust workflow and provisioning engines, also making them available as web services for automating business processes. Credential management can be performed through the services native connectors or through rich, web services interfaces for applications to implement. Often, a rules engine is used to provide automation and enforcement of business policies. If required for internal audits or government mandates, identity services provide the core information for reporting and access governance. 6

Using Micro Focus to Build Your Access Security Layer As a longtime leader in building Identity and Access Management solutions for organizations of all types, Micro Focus has a suite of products that you can use to build your access security layer. SIEM Services Monitoring a correlation report provides detail about authentication or access anomalies that might be the result of attempted breaches. Centralized logging and high-performance analysis of events are needed to identify and alert administrators, and to keep them security-aware of their ASL environment. Micro Focus Advanced Authentication Future proof your authentication environment Micro Focus Advanced Authentication With its collection of ready-to-go application integrations (RADIUS, VPN, OpenID, OATH, FIDO, RACF Windows, Mac OS, Linux, Citrix, VMware, and more), Advanced Authentication offers wide applicability for your environment. In addition, its broad support for a variety of authentication readers and methods provides a level of flexibility that you haven t enjoyed until now. The Advanced Authentication framework is designed for high availability and internal load balancing for continuous uninterrupted operations, regardless of how large or small your environment. Replication between primary and secondary servers provides data integrity and disaster recovery (over LAN or WAN). Provides a single advanced authentication framework to protect all physical and digital assets. With support for a wide range of applications and platforms, Advanced Authentication enables organizations to use the appliances or methods they want. Central point of administration for the management of authentication policies for users, groups, devices, or locations. Delegated administration and tracking of changes keeps policies consistent and secure. 7

White Paper Cracking the Access Management Code for Your Business Micro Focus Access Manager Access Manager is a leading provider of web single sign-on solutions for your users. It s especially wellsuited for mixed environments that require more than just simple federation integration. Often, organizations need a central place to control access as well as to design a particular user experience. Access Manager is also well-suited to situations where you need to integrate multiple applications into a single user experience. Comprehensive secure web access management Access Manager delivers single sign-on and access control across the enterprise. There is no need for specialized solutions for cloud-based or complex intranet environments. More effective partner collaboration In addition to its robust single sign-on support, organizations can make access easy through mini-portals, mobile SDKs, and even a mobile gateway. Choosing the right access management solution for digital interaction with your partners results in greater sharing of private information and ultimately more effective collaboration. Simple and Secure access for your customers Today s digital customers expect convenience and the flexibility to self-enroll with the organizations they choose to interact with, as well as the ability to self-help and administer whenever they find it convenient. If your organization needs a higher level of security, Access Manager enables you to preserve user convenience while enforcing security to match your risk Micro Focus Access Manager For your cloud based or on-premise applications and services Micro Focus Identity Manager Identity Manager powers the entire identity management lifecycle by managing identities and their associated attributes to minimize privileges. This enables your organization to reduce the costs of manual account management and demonstrate compliance, while reducing the risk of unauthorized access. It delivers benefits for all critical stakeholders across your whole organization, which is why Identity Manager is designed to manage the complete identity lifecycle in a modular yet integrated manner, so you can address current and future needs as they come. Automates provisioning, de-provisioning, and account management for users and things Powerful rules engine and extensive connectors for full user lifecycle management from onboarding, to project level authorizations, to disabling accounts Event-driven automation engine provides immediate automation based on identity and access governance requirements Provides the reports needed to satisfy audit or compliance requirements Micro Focus Identity Manager Manage identities and their associated attributes to minimize privileges. 8

Micro Focus Self Service Password Reset Enforce strong credential policies. Micro Focusd Focus Self Service Password Reset Self Service Password Reset helps you enforce strong credential policies so you can reduce potential breaches as a result of poor password practices. With Self Service Password Reset, users confirm their identity using a wealth of customizable verification techniques, including two-factor or strong authentication. Self Service Password Reset is a convenient, user-friendly, web-based credential management tool that integrates with other Micro Focus identity and access solutions. Because users can self-enroll to an organization s environment, Self Service Password Reset is well-suited for B2C, B2B, and other large user environments. Offers self-service password management Provides engine and UI for challenge question Administration and authentication type rules Account activity reports: intruder lockout, daily usage, and online log information Fulfills compliance requirements with detailed audit trails and workflow approval Micro Focus Sentinel Provides true actionable intelligence. Micro Focus Focus Sentinel Sentinel can be used for most any environment. From the simplest needs for managing data collection, storage, analysis, and management of events and security logs to a full-featured Security Information and Event Management (SIEM) solution. These different tiers of implementation can be used to match the level of deployment, administration, and day-to-day use to the level of security that you need. Sentinel provides true actionable intelligence in situations where security professionals need to understand their threat posture and prioritize their response. Log management available as an appliance for an out-of-the-box solution to consolidate distributed cloud and internal services Simple click driven UI to define customized reports ready for repeated retrieval Out-of-the-box intelligence to detect many threats Built-in anomaly detection automatically detects changes that can represent emerging threats 9

Additional contact information and office locations: 162-000135-002 M 09/18 2018 Micro Focus or one of its affiliates. Micro Focus, the Micro Focus logo, Access Manager, and Sentinel, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback