realizing the promise of web networks with unified access management __________________
TRANSCRIPT
![Page 1: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/1.jpg)
Realizing the Promise of Web Networks with Unified Access Management
__________________
![Page 2: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/2.jpg)
Web-based Networks are Exploding
A. The building blocks of web eCommerce, including:
• Extranets
• Intranets
• Portal Networks
• ASPs
• Digital Marketplaces
Q. What is a Web-based Network?
![Page 3: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/3.jpg)
Quantity and Diversity of Users are GrowingWeb-based Networks can include:
• Employees
• Partners
• Customers
• Suppliers
• Investors
• Distributors
• Resellers
• Retailers
![Page 4: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/4.jpg)
Despite Fantastic Growth Everything is not Perfect in the Web Enabled World
Organizations are facing a number of specific problems, including:
• Controlling access to information of varying sensitivity.
• Preventing fraudulent transactions.
• Managing users with greatly differing access privileges.
• Scaling to meet user numbers leaping into the hundreds of thousands, and even millions.
• Avoiding “Password Insanity” and managing dozens of authentication methods.
• Detecting threats and abnormal behavior once a user has been authenticated and is using an application.
![Page 5: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/5.jpg)
Organizations Faced With Difficult Decision
Because of these challenges, enterprises must either:
A. Scale to meet an increasing number of users but keep user personalization simple, transaction value low and security requirements minimized.
OR
B. Maintain a high level of authentication, authorization and security, but limit number of users to keep administration manageable.
![Page 6: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/6.jpg)
Neither Option is Acceptable To realize the economies of scale and high transaction
values important to the success of eBusiness initiatives neither scalability nor security can be marginalized.
• Without the ability to scale to millions of users of various types (customers, employees, suppliers, partners, etc.), Web-based Networks obviously limit their potential as transaction sizes escalate.
• Likewise, scalability without security and personalization limits the potential value of transactions and the type of products and services that can be offered.
So, how can you scale e-Business securely?
![Page 7: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/7.jpg)
ClearTrust SecureControlClearTrust SecureControlTMTM
The Leading Solution for Enterprise Access Management
• Centralized Authorization and Policy Management• Web Single Sign-on • Personalization• Authentication Management• Delegated Administration• Fraud Detection and Audit
![Page 8: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/8.jpg)
Authorization & Policy Management• Centrally managing user access rights to all resources on a given
Web-based Network, including Applications, Dynamic Content, Transactions and HTML Pages.
• Providing fine-grain authorization determining which functions of applications users are allowed to use. For example, a user may be allowed to access an application, however within that application only specific types of transactions could be appropriate for their position.
• Authorization can be based on either Roles (such as Job Title, Division, Company, etc.) or dynamically changing Smart RulesTM
(such as account balance, program level, etc.).
• Centralized Policy Management allows Security Policy to be set in a single place across an entire Web-based Network.
• Policy Management also incorporates Policy Assessment, or real time evaluation of security policy for holes and failure.
![Page 9: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/9.jpg)
Web Single Sign-on• Users are only prompted for authentication one time across an entire
Web-based Network, improving their experience.
• By implementing WSSO, password resets and management costs are significantly reduced.
• Password management is one of the most labor-intensive and risk-prone IT functions, and costs between $200 and $300 per year per user, assuming a organization does not have WSSO.
• Security is improved due to a consolidated password policy management capability.
• WSSO is enhanced significantly through cross-domain SSO because users are able to pass along credentials when switching domains.
![Page 10: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/10.jpg)
Personalization• Personalization is key to creating a rich Portal experience.
• Integration capabilities are important in being able to take existing Portal code and make changes to take advantage of the WSSO system for profile information to drive personalization.
• User Self Registration and Profile Administration are important areas for cost savings and automation of administrative tasks.
• Allowing users to manage their own passwords is another area of cost savings and reduction of administrative overhead.
• None of these personalization capabilities can be realized unless they are easy to implement, secure and auditable.
• Securant’s full Security API sets in Java, C and COM enable personalization without major integration efforts.
![Page 11: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/11.jpg)
Authentication Management• Manage multiple types of authentication for different resources.
• Plug-and-play interoperability with most common authentication methods including Digital Certificates, RSA SecurIDTM Tokens, NT Domains, LDAP and username/password.
• API integration with other forms of authentication such as biometrics or smart cards.
• Support for multi-tier authentication. For example, access to the State Portal may require only username/password, however access to DMV applications or Retirement Account may require digital certificate or token.
![Page 12: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/12.jpg)
Delegated Administration• Delegated Administration is accomplished using a technology called
Virtual Business UnitsTM (VBUs), which allows administrators to push user and resource management out to divisions, groups, partners, employees, etc.
• VBUs are groups of users and resources which are managed by their associated local administrators.
• Administrators are given specific management rights, such as the ability to create new users, reset passwords, or assign access to a given application.
• Privacy can be maintained between VBUs to protect confidential data, for example DMV adminstrators would never see the users associated with State Retirement Fund application.
• VBU’s enable a common infrastructure approach that extends the security model while sharing the supporting infrastructure.
![Page 13: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/13.jpg)
Fraud Detection & Audit• By monitoring user activity within applications and setting specific
limits, organizations are able to detect threats before a fraudulent transaction is made.
• Once a threat is detected at the application level, responses vary from notifying an administrator, suspending the account or to closing the network port being used for access.
• Audit logs track all user, admin and API activities and can provide documentation of transactions, authentications, administration, etc.
• End-to-end audit: you only have to look in one place for all activity and reporting therefore simplifying administration.
![Page 14: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/14.jpg)
What are the advantages?What are the advantages?• User Experience is improved• Administration is improved• Security is improved
![Page 15: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/15.jpg)
User Experience is Improved
• Seamless access to multiple sites within a Web-based network saves users time and frustration.
• Web Single Sign-on means users no longer have to remember multiple passwords.
• Personalized user experience means users can only see and access applications applicable to their jobs or roles.
• Through delegated administration, users work with their local administrators for common problems, such as resetting passwords and changing access privileges.
• Self-service capability allows users to register, manage their own password, change application profiles, etc..
![Page 16: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/16.jpg)
Administration is Improved• IT is no longer a bottle neck because administration of users and
resources is delegated to internal divisions, partners or customers.
• Single Sign-on means fewer password resets for administrators, saving time and money.
• Tight integration with existing infrastructure (databases, directories, etc.) minimizes the need for duplicate data input.
• Rule-based Access Control allows access privileges to change dynamically, based on user properties or attributes.
• User access can be revoked from all Web-based resources with a single action.
![Page 17: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/17.jpg)
Security is Improved• Users only have access to applications and information appropriate
for their role or position.
• Ability to control access to resources using dynamic conditions such as account status, training, program level, etc.
• Single Sign-on decreases likelihood user passwords are simple, written down, or re-used.
• Authentication management means more sensitive applications can require higher levels of authentication.
• Application Monitoring and Fraud Detection provide the only available application-level user activity monitoring and response.
• Integration with network level security allows application misuse to be responded to with network level user elimination.
![Page 18: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/18.jpg)
Integration With Industry Leading Technology
![Page 20: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/20.jpg)
Securant Overview
• 5 Years Providing Secure eBusiness Solutions to Fortune 500 Firms
• Headquartered in San Francisco• Global Capability - Offices in NYC, London,
Chicago, Denver, LA, Toronto, Phoenix, Minneapolis, Dallas, DC, Philadelphia, Paris, Houston, Atlanta, Munich, Sydney
• 260+ Employees; 400 by year end• Commitment to total product concept, including
professional services, training, technical support, ongoing development, testing and integration
![Page 21: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/21.jpg)
Securant Enables eBusiness with Scalable Security!
• Centralized Authorization and Policy Management
• Web Single Sign-on
• Personalization
• Authentication Management
• Delegated Administration
• Fraud Detection and Audit
![Page 22: Realizing the Promise of Web Networks with Unified Access Management __________________](https://reader030.vdocuments.site/reader030/viewer/2022032802/56649de85503460f94ae32b3/html5/thumbnails/22.jpg)
Thank You
For More Information on SecurantVisit our Web Site:
http://www.securant.com/