1 / 22

Cognizance Identity and Access Management

Cognizance Identity and Access Management. www.cognizancesecurity.com. Identity Management ● Authentication ● Authorization ● Administration. The next generation security solution. 2003 RSA Security Conference. Agenda. Identity Management Objectives Cognizance Solution Demo

kareem
Télécharger la présentation

Cognizance Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cognizance Identity and Access Management www.cognizancesecurity.com Identity Management ● Authentication ● Authorization ● Administration The next generation security solution 2003 RSA Security Conference

  2. Agenda • Identity Management Objectives • Cognizance Solution • Demo • Features • Benefits

  3. Sales Marketing Finance Service Employees Partners B2B Customers Identity Management Objectives • The problem: • Multiple accounts per employee • Email • Network • SAP • Citrix • VPN • Web • More … • 60% of fraud is internal • Increase in portals failure • Control over email groups • Failing policies & procedures • Growing number of applications and platforms • Access from employees, business partners, customers & suppliers • Open enterprise cannot rely on the disappearing physical perimeter for security

  4. Identity Management Objectives • The problem: • Multiple accounts per employee • Growing number of applications and platforms • Access from employees, business partners, customers & suppliers • Open enterprise cannot rely on the disappearing physical perimeter for security • Increase access flexibility and security without budget increase

  5. Cognizance Solution The solution: • Consolidated security framework: users, policy & applications • The right information • To the right people • Any application • Any time • Anywhere • Consistent user identity combines multiple user accounts This is a Role • Strong authentication and role based access control

  6. Cognizance Solution The solution: • Consolidated security framework: users, policy & applications • Centralized • Delegated • Self Management • User Self-Registration • Consistent user identity combines multiple user accounts • Strong authentication and role based access control • Delegated administration and user self-service

  7. Cognizance Solution The solution: • Consolidated security framework: users, policy & applications • Network logon • VPN and Remote Access • Single Sign-On • PKI support • Web Access • Consistent user identity combines multiple user accounts • Strong authentication and role based access control • Delegated administration and user self-service • Built-in identity applications and services

  8. Authentication Authorization Identity Management Cognizance Identity & Access Management Applications & Services • Password • Certificates • Smart cards • Biometrics • USB Tokens • Virtual tokens Other/Custom User Identity • User Profile • Network accounts • Application list • Encryption keys • Shared tokens • Certificates • Virtual Tokens • Multiple Roles • SSO XML scripts • Application data Logon MS & Novell Web Access Authentication method Time Date range Group/unit membership IP Address range Ports and protocols Business rule based Custom Self Service Single Sign-On VPN Remote Access User administration Profile maintenance User registration Group operations Credential store Multi directory support Citrix Metaframe PKI Client

  9. The Market • Analyst firm IDC expects this market to grow from $2.6 billion in 2002 to nearly $6 billion by 2006 • Based on a Gartner survey of 30 senior security executives in large companies, many organizations already have internal secure identity management initiatives underway: • 80% of Financial Services • 70% of Retail • 70% of High Tech

  10. What the analysts are saying… “The typical enterprise must manage increasingly virtual relationships with employees, contractors, customers, partners, suppliers, and a variety of other network constituents. The old way of thinking about corporate boundaries and network security—the firewall as an impenetrable perimeter—no longer apply. Suddenly, the ability to manage identity has a direct impact on your company’s brand and its ability to adapt to new business models. Do it well and your company can make money in new ways. Do it poorly and your company will be damaged severely.” Jamie Lewis CEO and Research Chair Burton Group

  11. Cognizance Administration Center • Cognizance Administration Center • Manages users, user profiles, policies and applications from a single administration tool • Manages all aspects of user identities across multiple directories • Provides a consistent view of the enterprise security model • Supports delegated administration • Web enabled • Includes a complete smart card management system • Allows centralized SSO application registration

  12. Cognizance Administration Center

  13. Cognizance Multifactor Authentication • Provides the following authentication methods out-of-the-box: • Password • Single-use password • Smart card and USB token • Virtual token (encrypted containers with the user identity) • Digital certificates • Biometrics • Supports any arbitrary combination of the above authentication methods • Allows the use of multiple alternative authentication methods per user • Supports interface for plug-in authentication methods

  14. Cognizance Role-Based Authorization • Dynamic and static policy elements • Authentication method, time, date, IP address and protocols • Automatic policy generation based on business rules • User sets allow combining users from different groups and directories • Role Based Authorization and Access Control (RBAC) • Maps complex policies and business rules to multiple roles • Simplifies policy management • Reduces the number of policy relationships • Simplifies application management • Provide both application role and role application views of the enterprise access control

  15. Cognizance Role-Based Authorization Role of a Finance Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous Email – ADS authentication HR – biometric with revalidation SAP – biometric authentication Role of a Sales Person ADS biometric Logon SSO biometric access CRM biometric access Web – anonymous Email – ADS authentication Citrix published applications – biometric access VPN access `- password

  16. Cognizance Built-In Applications • Logon for Microsoft Windows, NDS and Citrix • VPN and Remote Access client for CheckPoint and Microsoft • Enterprise Single Sign-On (SSO) • MS Windows, Web- or host-based applications • Centralized, administrator-initiated and user-based SSO model • Built-in XML scripts for popular applications • Powerful language for new applications registration • PKI client with support for CAPI and PKCS#11 • Supports smart cards and virtual tokens • Certificate issuance • Automatic delivery of the certificates • Self-service administration tool • Maintains user profiles • Manage SSO applications • Register credentials • New user sign up • Allows policy driven new user self-registration

  17. Cognizance User Self-Services • Single user self-service tool allows: • Centrally controlled profile maintenance by the user • Register new SSO applications • Enroll/change user credentials • Register new network/VPN accounts • Issue and install new certificates • Store/load identity to smartcard, USB or virtual token • Launch Panel • Instant access to all authorized applications • New user sign up • Policy driven registration sequence • Includes profile creation and credentialenrollment

  18. Benefit Analysis • Productivity increase – Administrator • Single administration tool increase administrator efficiency • Role-based access control simplifies policy and application management • Automatic policy generation reduces administrator workload • Unified user identity model reduces number of duplicate accounts • Single deployment installs multiple integrated applications, including network logon, SSO, VPN, user self-service and PKI client • Easy and flexible smart card/virtual token deployment • Simplified PKI deployment and use via user self-services • User self-service tool reduces administrative workload • Built-in enterprise SSO eliminates multiple password requirements • Use of smart cards or biometrics can reduce need for passwords

  19. Benefit Analysis –– Continued • Productivity increase – User • Single easy to learn self-service user interface • Launch panel provides immediate access to authorized applications • User can add new SSO applications, eliminating need for passwords • Biometrics or smart card can reduce needs for passwords • Automated sign up: fast productivity for new employees • Disconnected user identity with virtual tokens • Easy PKI deployment

  20. Benefit Analysis –– Continued • Security benefits • Centralization of the information security • Consistent security policy throughout the enterprise • Flexible security targets specific danger areas, such as external access or after hours, without complicating regular user access • Strong multifactor user authentication • Easy deployment of smart card/virtual token combination

  21. Benefit Analysis –– Continued • Architecture benefits • Framework approach: expandable architecture via Cognizance SDK • Add custom data sources, authentication methods, policies, and applications • High performance authorization architecture does not require fast connection between Cognizance server and authorized applications • Special case: user identity on a smart card does not require connection to Cognizance server • Large enterprise scalability with a standard load balancer and multiple installations of Cognizance server • Can be used as part of managed services to provide security services to multiple enterprises

  22. Cognizance Identity and Access Management www.cognizancesecurity.com Identity Management ● Authentication ● Authorization ● Administration The next generation security solution 2003 RSA Security Conference

More Related