Secure Identity Management - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Secure Identity Management

Description:

Dave Abraham: CTO, 9 years creating Internet & e-business systems ... Minster Trust. Eurotunnel. Kier Construction. Eversheds (Law) Pannell Kerr Foster (Accountants) ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 21
Provided by: johns324
Category:

less

Transcript and Presenter's Notes

Title: Secure Identity Management


1
(No Transcript)
2
Secure Identity Management
Solving the Password Problem
John Stewart Kate Holden
3
Introduction to Signify
  • John Stewart CEO with 16 years Internet
    expertise
  • 1987 founded Unipalm/Pipex The Pioneers of
    European Internet
  • 1992 founded ElectricMail UKs first Internet
    Security Integrator
  • Experienced senior management team
  • Dave Abraham CTO, 9 years creating Internet
    e-business systems
  • Paul Beesley Sales Mgr, 11 years at Unipalm,
    Pipex, UUNet, Shopcreator
  • Richard Broad non exec VP Finance, FD of Kewill
    Systems plc
  • Steve Mann non exec VP Sales, ex board director
    Microsoft UK
  • Signify established in Jan 2000
  • Deeply involved in ASP and Internet Data Centre
    revolutions
  • 100 focussed on Secure Identity Management
  • The Internet Authentication Service

4
The three Essentials for the e-Business Economy
  • Security
  • Control who has access to sensitive resources
  • Manage your business risk
  • Accountability
  • Hold people responsible for their on-line
    transactions
  • Non-repudiation
  • Auditability
  • Prove your business history to your shareholders
    and auditors, the taxman and the courts

5
The five elements of e-Security
A comprehensive security strategy must encompass
all five disciplines If the identification
process is flawed the rest of the security
infrastructure is worthless
Firewalls
The e-Security Puzzle
Signify is 100 focussed on Secure Identity
Management
6
Whatever kind of project - assured identity is
essential
Doct mgmt
Online banking
Apps
Web portal
Thin client
Web e-mail
Broker Extranet
VPN
Security
Firewall
MSP
Audit
RAS
Network mgmt
W2K rollout
Wireless LAN
Network
Single sign-on
Data Centre Hosting
7
Every user holds a key to your e-Security
  • If your firewalls and VPNs
  • create the walls and doors of your virtual office
  • Your users digital identities
  • are the keys to your front door

It only takes one user to be careless with their
key . . . . . . and you dont know who is going
to walk in
8
The e-Business Economy is being built upon an
vulnerable and insecure foundation
The Password
9
Passwords are a nightmare
  • A hassle for users
  • with multiple passwords, always changing
  • A headache for management
  • can never know if passwords have been stolen . .
    . until its too late
  • Identity Theft is the fastest growing on-line
    crime (CSI/FBI 2001)
  • 65 of all helpdesk calls are password
    problems (Gartner Sept 2000)
  • A dream for the hacker
  • he knows he can break in
  • by shoulder surfing, social engineering, simple
    guesswork or by snooping, sniffing, hacking
    cracking

10
People just dont care about their passwords
  • Computer Weekly April 12th 2002
  • Interviewers at Victoria station asked 150
    commuters about their office password . . .
  • "Only one-third of those questioned refused to
    reveal passwords, and 64 had already told
    colleagues.
  • 'I am the boss and everyone knows my password,'
    one company director told the interviewers . . .
  • . . . to the dismay of his IT director, who said,
    'I never divulge my password. It would give admin
    rights to the whole system.'

11
The Top 10 Security Vulnerabilities
  • Latest report from the leading security advisory
    orgs
  • Sans Institute, CERT and FBI
  • Last updated Oct 10th 2001

Poor password practices moves up the chart from
8th place to 2nd
Find out more at www.sans.org/top20.htm
12
And the nice people at L0pht have made it dead
easy to crack your companys passwords . . .
"No kidding, this is one bad tool. We ran
L0phtCrack against a base of 5,000 users and it
cracked passwords that had previously been
uncrackable."
Major. V. Glenn Schoonover Chief, Network
Security Pentagon IT Services
13
Can your passwords take the heat?
  • L0phtCrack was used to audit a large hi-tech
    company.
  • The company operated a rigorous password policy
  • longer than 8 characters with upper case, numeric
    symbols
  • L0phtCrack cracked 90 of the passwords in 48
    hours
  • Running on a basic Pentium II laptop,
  • 18 of the passwords were cracked in under 10
    minutes.
  • The Administrator most Domain Admin passwords
    were cracked

And once they are into your system as Admin
they can play God with your business
14
L0phtCrack in action
L0phtCrack will find your most complex admin
passwords within 48 hours or so
15
Passwords fail e-Business on all counts
  • Security
  • Passwords can be easily stolen by hackers or
    competitors
  • Identity Theft is the fastest growing on-line
    crime
  • Accountability
  • Passwords are not strong enough to legally tie a
    person to their on-line activities
  • Auditability
  • Without individual accountability, the entire
    audit trail is worthless

Passwords only deliver Weak Authentication
16
What is Strong Authentication?
  • The rigorous proof of your digital identity
  • Must present two different factors or credentials
  • something you have
  • a token, smartcard or other unique physical
    device
  • plus
  • something you know
  • secret PIN number
  • We use 2-factor strong authentication every day
  • Home security key alarm PIN
  • Bank ATM cashcard PIN

17
The Authentication Space
Security
  • Mission critical systems
  • Military grade access controls
  • Commercial grade apps
  • Sensitive corporate systems
  • Remote staff access
  • Dealer extranets
  • High value transactions
  • Electronic contracts
  • Basic authentication
  • consumer/e-shopping
  • low grade corporate info

Two factor authentication
Convenience Utility
Cost
  • Anonymous Apps
  • Public services
  • Bulletin boards

Each application requires a different trade-off
of cost vs. security vs. convenience
18
RSA SecurID is the market leader
  • 9 year proven track record
  • Over 11 million users worldwide
  • 85 of Fortune 100 companies
  • Growing at 1M users per quarter
  • Simple, portable and ideal for securing
    e-business
  • Delivered on various devices keyfob, m-phone and
    PDAs
  • but
  • Complex to implement and manage in-house
  • significant technical skills required
  • must develop logistics, support management
    processes

19
The SecurID from Signify service in action
1) User needs secure access to company e-mail
The Signify Authentication Network
2) Gives Signify one-time passcode
3) Passcode sent to Signify service over
encrypted link
Internet
4) Signify verifies users passcode and responds
5) Users session accepted and logged
6) Manage user privileges and get 24 x7 help at
IMC
Secret PIN Token code
20
Secure Identity Management
Isnt just about technology . . . . .
its a management process
21
Strong authentication technology
Secure Identity Management

Management policy processes


User logistics support
22
How does Signify deliver Secure Identity
Management?
  • As a managed on-line .NET service
  • integrated into your on-line apps security
    systems
  • offering a range of authentication technologies
  • with secure management processes and procedures
    built-in
  • Signify handles the technical logistics burden
  • and delivers a service that is
  • easier for your end users to understand and use,
  • less demanding on your technical team,
  • more resilient, secure, accountable and
    auditable,
  • more flexible, scalable and future-proof,
  • costs less and can be deployed quicker
  • than any in-house authentication system

23
Signify One-time Passcode Solutions
  • SMS Mobile Passcode
  • Extranets for
  • Partners brokers
  • On-line quotes orders
  • Clients
  • Subscription services
  • Virtual deal rooms
  • On-line banking
  • Web portals ASPs
  • On-line collaboration, applications, etc
  • SecurID
  • VPN Remote Access
  • Secure access via all Firewall, VPN RAS systems
  • Web-enabled applications
  • Web e-mail all web apps
  • Thin Client Computing
  • Citrix Windows Terminal Server
  • Remote Control Management
  • PC Anywhere
  • NT/Unix systems login

Secure anywhere access from any Internet device

24
Signify SmartID solutions
PKI Smartcards USB Smartkeys
  • Signify Digital Signatures
  • Secure signing of
  • e-mail
  • e-documents contracts
  • Ties your identity to data
  • Verifies authorship accuracy of signed document
  • Signify Smart Login
  • Secure, one-step PKI login to
  • Windows 2000 networks
  • VPNs (eg Checkpoint NG)
  • Any web application
  • Can be combined with PhotoID building access
    (smartcard only)

Signify SmartID suits Intranet and multi-function
applications
25
Signify Service Coverage
Security
Signify SmartID PKI Smartcards or Smartkeys for
secure authentication digital signatures
SecurID from Signify Strong authentication for
regular secure access
Two factor authentication
Convenience Utility
Cost
Signify Password Control brings rigorous
Identity Management to standard password
authentication
Signify SMS Passcodes One-time passcode to
mobile phone for securing occasional access
26
Strong Authentication - find the solution to your
application
Use any PC, anywhere Robust easy to use
Remote access to RAS, VPN Web portal or extranet
No new device needed Needs reliable SMS Low cost
Occasional remote access to Web portal, extranet
or e-commerce site
Corporate SSO projects VPN or web remote
access Secure e-mail, e-contracts Intranets not
extranets
Slick network sign-on/off Digital signing of
docs Need control of user PC
Easy to clone - insecure Tied to single PC
Low value e-shopping
Always with you Variable cost/reliability Privacy
liberty issues
Desktop sign-on Ultra high security needing 3
factor authentication
27
Integrated Identity Management
Personnel data privileges
Shipping token replacement
HR
Systems
Logistics
Users
Tech systems mgmt
End user support training
IT
Helpdesk
Identity management involves people all across
the enterprise
Finance
Billing, cost centre accounting
Security Risk Mgmt
Auditing, activity monitoring, threat assessment
28
In House System
HR
Systems
Logistics
Users
IT
Helpdesk
An in-house ACE Server focuses all the work on
the IT team
Finance
Security Risk Mgmt
29
Signify Secure Identity Management
HR
Systems
Logistics
Administrators in each department can manage
their part of the service
Users
IMC
Users self-manage their personal data at the IMC
IT
Helpdesk
Finance
Security Risk Mgmt
Signify Identity Management Centre lets you
distribute the routine work and responsibility to
users and their departments
30
Signify serves all your users
IMC Fulfillment manages token delivery to end
users
HR
Systems
Logistics
Users
IMC
IT
IMC Helpdesk handles end user support
Helpdesk
Signify Training trains and supports your
Administrators
Finance
Security Risk Mgmt
31
IMC creates an identity management framework
  • Defined policy procedures
  • security officer defines organisations security
    policy
  • appoints administrators to perform specific roles
  • User set up, fulfillment registration
  • accountable work flow manages the deployment
    processes
  • users register and manage their own personal
    details at the IMC
  • Lifetime 24x7 hotline support
  • web-based helpdesk resolves end users support
    problems
  • Reporting lost tokens, forgotten PINs, emergency
    access etc
  • Every action on the IMC
  • is strongly authenticated, encrypted and audited
  • full user and administrator accountability

32
Key benefits of the Signify Service
  • Simple per user service fee
  • lower TCO
  • End user logistics managed
  • Security policy defined by SO
  • Web self-help
  • 24 x 7 support for users admins
  • Resilient secure
  • service contract defines SLAs
  • Not just SecurID
  • migration to future devices
  • Low cost of entry
  • start small grow as you need
  • Fast deployment
  • operational within days
  • professional packaging docs
  • Zero technical overhead
  • no tech expert required
  • Clear admin roles
  • easy to delegate and train
  • defined per organisation

Signify runs the infrastructure so you can
concentrate on your core business
33
Reference clients
  • 60 clients including
  • FTSE International
  • Amalgamated Metals Corp
  • Minster Trust
  • Eurotunnel
  • Kier Construction
  • Eversheds (Law)
  • Pannell Kerr Foster (Accountants)
  • Carlisle Group (Recruitment)
  • Theofinance (Financial service provider)
  • ITNET (Outsourcing partner)
  • Hertfordshire Careers Service

Our 100 service renewal record shows positive
client satisfaction
34
Signify provides an integrated framework for
Secure Identity Management
An end-to-end set of processes that are secure,
efficient, accountable and auditable
35
Signify Service Matrix
 
36
SecurID from Signify - Service Options
37
What about the multi-token problem?
  • If every company service provider implements
    strong authentication themselves . . .
  • Users will end up with a different token, smart
    card or other device for each service

Unacceptable
38
Secure sign-on for the entire Internet
The Signify Authentication Network
One Personal Token, One Secret PIN Signify
provides consistent, secure access to any on-line
service
39
The Signify Authentication Service delivers
Single, Secure Sign-on for the Internet
40
Secure Identity Management is simply
  • the control and management of the entire life
    cycle of your users digital identities
  • from sign-up, to daily use, to final revocation
  • essential to establish an end-to-end process
    that is secure, efficient, accountable and
    auditable

41
Changes in the Marketplace
  • New work patterns corporate structures
  • Fewer large stable corporates, more small dynamic
    firms
  • Companies outsourcing responsibility for
    management
  • IT, HR, Call Centre and Logistics operations
  • System owner must have power to control the
    operators
  • People work for multiple organisations
  • Consultants, contractors, outsourcers
  • Have varying privileges on each employers system
  • Identities must be managed across organisational
    boundaries
  • Need complete separation of powers
  • User will need to own their digital identity
    not their employer

42
The elements of an Authentication system
Users
Authentication Nodes
Logistics Support
Administrators
Technical
Authentication Servers
Traditionally all elements have been part of one
organisation
43
The barriers between organisations are fading
Outsourced HR
Client users
Managed Service Provider
How co-ordinate access rights, logistics and
support to all users and administrators?
44
Signify co-ordinates identity management between
organisations
Client Orgn
Outsourced HR
Managed Service Provider
Consultant
Allowing single secure sign-on across Internet
services, with full accountability
45
Defined roles and responsibilities
  • Role based administration
  • Allocate specific responsibilities to appropriate
    people
  • Security Officer
  • defines security profile for the organisation
  • appoints sets the authority levels for all
    administrators
  • HR Administrators
  • orders Signify service for new end users
  • cancels end user privileges on authnodes
  • Technical Administrators
  • manages operation and support of authnode devices
  • Billing Administrators
  • manages invoices and payment issues
  • One person can take on multiple roles and several
    people may be appointed to each role

46
New token fulfillment
4) Users automatically sent Welcome E-mail
3) Fulfillment Administrator dispatches token
pack to user
End User
5) User connects to Signify website to register
and set PIN
Internet
2) Requests tokens to be sent to end users
6) Signify activates token user ready to
start working securely
Customer
7) User can access Signifys 24 x7 web
callcentre for help support
1) HR Administrator authenticates at Signifys
website
47
Signify Service Architecture
Signifys Modular and Extensible Authentication
Infrastructure
48
Key issues with Identity Management
  • Security
  • balance strength of authentication with
    sensitivity of information
  • Accountability auditability
  • you need to hold people accountable for their
    on-line actions
  • and an audit trail back to whoever authorised the
    users access
  • Manageability and support
  • reduce load on technical helpdesk and
  • allow non technical administrators to manage day
    to day issues
  • Logistics
  • delivering devices, PINs and passwords verifiably
    to users
  • User Satisfaction
  • happy users make for a secure system

49
Signify addresses the key Identity Management
issues
  • Security
  • Choice of authentication techniques
  • tokens, smartcards/keys, SMS phone or passwords
  • give each user the appropriate level of security
    clearance
  • Security profile and procedures enforced by IMC
  • Lost tokens PINs, emergency access mode,
    notaries etc
  • Processes and procedures defined per organisation
  • Administrators only see users information
    within their scope
  • Accountability auditability
  • Users given responsibility for keeping their
    credentials private
  • All admin operations on IMC create an audit trail
  • Logs give independent record of access to
    authnodes

50
Signify addresses the key Identity Management
issues
  • Manageability
  • IMC models complex relationships between users
    orgs
  • manage multiple organisations on single
    infrastructure
  • maintains information required for lifetime
    support of user
  • Role based administration
  • devolve HR, billing, tech logistics tasks to
    appropriate person
  • Every task driven through My Signify page
  • Easy allocation revocation of devices, access
    rights etc
  • Simple to migrate users

51
Signify addresses the key Identity Management
issues
  • Logistics
  • Fulfilment module
  • manages delivery of devices, PINs passwords
    verifiably to users
  • multiple pools of tokens for local
    fulfilment/replacement
  • easy selection of delivery medium post, courier,
    by hand etc
  • User support satisfaction
  • End users self-help themselves at web helpdesk
  • Automated help scripts for support desk operators
  • step non-expert helpdesk operator through problem
    to resolution
  • Quality packaging, documentation and support
  • all elements can be co-branded
  • Happy users make for a secure system

52
A modular architecture for SIM
53
Signify Identity Management Centre
The IMC is the core of the Signify service
  • Resilient, web-driven database engine
  • Managing complex relationships between all
    elements of Signify service
  • Self-service information management
  • Users manage their personal data
  • Administrators manage their organisations data
  • IMC interfaces to a range of back-end authn
    servers
  • Allowing Signify to deliver a choice of authn
    services to user base
  • Automatically maintains and updates back-end
    servers
  • Generates usage data for billing and customer
    services

54
IMC
Manages complex relationships between
  • Users and their personal details
  • Postal addresses
  • E-mail addresses
  • Phone numbers
  • Secret questions and answers
  • Users and their Signify devices
  • Keyfob, PDA, mobile phone, smartcard
  • Lifetime of device
  • Users and their organisations
  • Users login id on each customer system
  • Signify, customer partner orgns
  • Organisations contact details
  • Relationships between partners customers
  • Discounts commissions earned by partner
  • Customers their authnodes
  • User login ids on each authnode
  • Users administrators
  • Access rights on each authnode
  • Special administrator privileges
  • Activity logs
  • Of each user
  • On each authnode
  • Generates billing information

55
(No Transcript)
56
(No Transcript)
57
(No Transcript)
58
A security system is only ever as strong as its
weakest link
And that normally means its people!
59
Signifys unique added value
  • IMC provides easy but secure management
  • Web based for user self-help and administrator
    management
  • Helpdesk scripts automated for your call centre
  • End-to-end secure processes
  • Security officer sets organisations security
    profile
  • User fulfillment, replacement all integrated and
    accountable
  • Emergency access can be offered securely
  • Not just SecurID
  • Secure e-signatures with SmartID and SMS OTP
  • Single sign-on to any Internet service
  • ID not restricted to any specific network or
    application
  • Simple to buy and quick to deploy
  • Straightforward service contract

60
The Signify Partnership Scheme
61
Types of Signify Partners
  • Service Provider Partners
  • MSPs, ISPs ASPs,
  • hosting centres,
  • b2b exchanges
  • Deliver solution as an ongoing service to client
  • Integration Partners
  • systems integrators,
  • web designers,
  • e-business consultants
  • Build solution then hand over to client to run

62
The Benefits to Signifys Integration Partners
  • Offer your client a fully managed alternative
  • minimising the technical skills they need
    in-house
  • low risk, zero-hassle choice for client
  • Affordable and immediate
  • even for small numbers of users
  • deliver enhanced security within days not months
  • Easy to integrate Signify security into your
    solution
  • at network, web or application layer
  • offer a choice of authentication devices and
    technologies
  • you dont have to be authentication experts
  • Generate healthy margin with minimal hassle

63
The Benefits for Service Provider Partners
  • Turn the SIM headache into a business
    opportunity
  • Offer a premium secure version of your service
  • Gives tangible security and confidence to end
    user
  • Let your salespeople lead on security, not be on
    the defensive
  • IMC, tokens, packaging docs can all be
    co-branded
  • Delegate tasks responsibility back to your
    clients
  • Let them manage their user base, and be
    accountable for it
  • Lower your business risks and administrative
    overheads
  • Turn an in-house overhead into a profit centre
  • Eliminate major cost overheads and risk
  • Aggregate all your users to achieve high volume
    discounts

64
Signifys Commitment to our Partners
  • We will help you sell security to more of your
    clients
  • We only do identification authentication
  • No managed firewalls, VPNs or any application
    services
  • So we wont encroach into your core business
  • We solve just one part of the puzzle
  • You deliver the complete solution to your clients
  • We will always defer to our channel partner

We help you make money by solving the password
problem for your clients
65
Any questions?
www.signify.net
john.stewart_at_signify.net 01223 472572
Write a Comment
User Comments (0)
About PowerShow.com