SafeNet Authentication Service:

Transcription

1 A Faster, More Effective Way to Manage Authentication Deployments Solution Brief Next Generation Authentication Reduce the risk of unauthorized access to sensitive corporate resources Ensure unified access policies for all corporate resources: VPNs, SaaS applications, webbased portals, on-premise applications Implement and manage consistent, unified access policies to corporate resources Deploy to thousands of users in 30 minutes! Extend enterprise identities to the cloud Facilitate IT administration through automatic provisioning of cloud users Improve convenience for employees with SSO The Rise of the Cloud The move to the cloud and virtualized environments along with an increasingly mobile workforce, the ongoing trend of employee Bring-Your-Own-Device (BYOD) trends and the adoption of cloud based applications, is blurring the boundaries of the traditional network security perimeter. Organizations are having difficulty affording, implementing and managing consistent, unified access policies to corporate resources. An effective strong authentication service enables companies to pursue a consistent authentication policy, across the organization, by automating and simplifying the deployment and management of a distributed estate of tokens. However, a cloud based service delivery model still brings the concerns of robustness and availability of the solutions. These concerns become an even bigger issue when delivering info-security solutions as a service, and more so when offering a user authentication service, which is usually a critical layer in the organization s info-security architecture. The Challenge: Effectively Managing Authentication The Total Cost of Operation of an authentication solution consists of more than the initial upfront investment. Reducing the huge ongoing investments in infrastructure and management is always a challenge for IT staff. It is therefore worthwhile trying to analyze where the primary administration and cost overheads are. Time The amount of time enterprises need in order to run a successful authentication solution varies according to specific needs and usually depends on the following: Time and effort of deployment: planning, hardware and software procurement, process engineering, long projects that require effort of individuals from many parts of the organization Time associated with loss of productivity: users waiting for password resets, handling of support tickets by support staff and ineffective processes Cost As mentioned above, the costs associated with deploying an authentication solution consist of more than the initial upfront investment and they need to be taken into account when the organization is looking into reducing the costs of the solution: The cost of system administration, administration of the platform and associated infrastructure, ongoing training, manual reporting and auditing The cost of help desk support, handling calls associated with password resets, replacing OTP generators and hardware tokens Personnel costs: the number of qualified staff need to run and support the system 1

2 Unless you have significantly more than 10,000 users, and assuming that the cloud IAM solution meets all your requirements, cloud IAM is the best option, providing 310% ROI over manual processes. Don t try to build your own IAM solutions they are 29% more expensive than COTS IAM and 85% more expensive than cloud IAM. Use Commercial IAM Solutions to Achieve More Than 100% ROI Over Manual Processes, Forrester Research, October 2012 The Requirement: A New Breed of Authentication Platform More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Authentication cloud based services are no exception and can help organizations achieve: Up to 60% savings in Total Cost of Operation % service availability More effective budget utilization and flexibility with OPEX pricing Up to 90% reduction in administrative overhead costs Organizations are constantly looking to streamline administration costs. An authentication solution should enable organizations to reduce the time, effort and costs associated with the deployment and support through automation. As organizations evolve and the IT requirements from an authentication solution change, the flexibility of the platform becomes more vital. Adding on users, deploying new authenticators, adjusting form factors and authentication technology according to risk level and user requirements should all be flexible and easy to manage. In addition a new breed authentication solution should be easy to use, scalable and support multi authentication use cases in the organization. The Solution: SafeNet Authentication Service SafeNet Authentication Service delivers fully-automated, highly secure authentication-as-a service with flexible token options that are tailored to the unique needs of your organization and substantially reduces the total cost of operation. Strong authentication is made easy through the flexibility and scalability of SafeNet Authentication Service s automated workflows, vendor-agnostic token integrations and broad APIs. In addition, management capabilities and processes are fully automated and customizable providing a seamless, and enhanced, user experience. With no infrastructure required, SafeNet Authentication Service enables a quick migration to a multi-tier and multi-tenant cloud environment, and protects everything, from cloud-based and on-premise applications, to networks, users and devices. Key Capabilities Broad Coverage SafeNet Authentication Service allows you to choose the authentication method and platform environment that is convenient for your organization as you transition to the cloud. Whether you leverage your existing token technology or start anew, this vendor and form-factor agnostic platform allows organizations to continue to use their existing token technology eliminating user disruption, while moving to a cloud-based authentication environment that provides a single view of all activity across all systems. Providing vast authentication coverage for the broadest set of use cases, SafeNet Authentication Service secures multiple points of an organization s ecosystem including, SaaS or on-premise applications, networks, users and devices. Allows protecting internal and external applications as well as third party cloud applications Supports any process or devices Authentication protocol supports and SAML, which enables SSO to any third-party app Authentication API allows for customized authentication for applications or network devices that do not support industry standards such as RADIUS 2

3 Wide range of token options hardware, software, multi-platform tokens, SMS and tokenless Ties to user directory/data store Extensive APIs for authentication and administration, self service and web services Extensive automation of provisioning, self service and user store administration SafeNet Authentication Service automates everything, drastically reducing the time and cost of provisioning, administration, and management of users and tokens compared to traditional authentication models. Strong authentication is made easy through our fully automated management system, which includes user management, provisioning, single sign-on, strong authentication, authorization, reporting, auditing and policy alerts integrated with LDAP/Active Directory. Automated Policies: Pre-authentication rules provide automated authorization and access control. Manage by exception, provides automatic red flag alerts if a step is not completed. Automated Self-service: Extensive user self-service, and push and pull of soft tokens and tokenless methods, which increases user satisfaction and eliminates associated help desk costs. Automated Reporting: Easily schedule automated detailed compliance, audit, and accounting reports in whatever format you need to comply with all relevant security standards, including SOX, PCI, and HIPAA. Flexibility To Support Enterprise Wide Deployment SafeNet Authentication Service is a cloud-based, highly secure, as-a-service authentication platform, with no hardware requirements, providing 24x7 availability. By leaving security to the experts, organizations can have peace of mind knowing their systems are secure, and always available, in a trusted cloud environment. In addition, using one cloud-based platform to manage, maintain, and provision a wide-range of tokens, SafeNet Authentication Service can grow with your organization s requirements securing an infinite number of users in a variety token form factors. Multi-Tier/Multi-Tenant Enviroment SafeNet Authentication Service is designed as a secure infrastructure that accommodates any hierarchy in the organization, making it easy to support different clients, regions and groups, segregated and isolated, while policies are centrally managed. This flexibility allows you to model your authentication service after your company s structure, taking into account rights for employees, contractors, business partners, and customers. Customizable SafeNet Authentication Service is completely customizable to the organization s unique environment, from policies to the tokens deployed. Organizations can customize and brand the overall infrastructure and user experience so it is unique to the specific organization. Customize to allow complete definition and control of your users authentication journey Brand everything from administrative console through the self service to the enrollment and messages Include multilingual support for user self-service, approval workflows and enrollment 3

4 Security & Risk pros have to perform a multitude of critical IAM functions everything from simple tasks such as allowing users to reset their passwords to facilitating simple and fast sign-on into all applications and secure APIs. As end user populations increase in size, particularly those that have at least 1,000 human identities, it s critical that S&R pros automate how they manage these populations. Robust Security SafeNet encryption and key management solutions provide the foundation for securing this cloud-based authentication platform, guaranteeing a secure, high assurance solution. Our policy driven management platform automatically monitors and protects against attacks such as brute force and denial of service. Our security features include: Architecture/approach. - Seeds are dynamically generated at the end customer premise, so that no risk is posed by token distribution The automation during the implementation process enables a more consistent policy enforcement, for example when a user logs in incorrectly three times The deployments are monitored so that non-enrollments can be investigated to mitigate risk of ID theft ISO27001 Certified Data Centers Fully redundant data centers Use Commercial IAM Solutions to Achieve More Than 100% ROI Over Manual Processes, Forrester Research, October 2012 Key Benefits Low Total Cost Of Operation Many organizations rarely look closely at the Total Cost of Operation of their authentication solution and instead make a decision heavily driven by the up-front purchase price. SafeNet Authentication Service is based on a simple, low, per-user pricing model with no hidden or additional costs. Administration and management all takes place in the cloud platform, reducing helpdesk expenses, and therefore, lowering the management time by 90%, in most cases, through large-scale automation, user provisioning, and user self-enrollment. Quick Cloud Migration SafeNet Authentication Service has been designed to offer a smooth transition from an existing third party RADIUS authentication server, focusing on speed and ease of deployment. Key to this capability is an organization s ability to maintain its current token investment while immediately benefiting from lower operational costs and SafeNet Authentication Service s automated processes, which significantly reduce administration and management overheads. SafeNet Authentication Service uses automated workflow to minimize not only administration, but also system configuration. This reduces deployment time from weeks to hours enabling organizations to easily move from an existing technology simply and quickly with a free migration agent. Peace Of Mind Service robustness is one of the main concerns for organizations considering a cloud-based offering; even more so when the offering is a fundamental data security solution, such as strong authentication and identity management. SafeNet Authentication Service provides availability, protection, overall peace of mind in a trusted cloud environment that can grow with your organization s needs. 4

5 Features Summary Feature Time Cost Broad Coverage Extensive Automation Flexibility to Support Enterprise Wide Deployment Multi-tier/Multi-tenant Environment Customizable Extensive APIs for authentication and administration, self service, web services free with platform Reduces the time of provisioning, administration, and management of users and tokens 24x7 availability Easy to support different clients, regions and groups Centrally managed policies Complete definition and control of your users authentication journey Multilingual support for user selfservice, approval workflow and enrollment Broad set of use cases Vendor and form-factor agnostic Reduces the cost of provisioning, administration, and management of users and tokens No hardware requirements Grows with your organization s requirements Centrally managed policies Customize and brand the overall infrastructure and user experience so it is unique to the specific organization Conclusion We are at an exciting point in IT development; cloud, virtual environments and mobile are all converging. Implementing the right authentication platform can help organizations retool and secure their IT environment so that they can successfully adapt to the latest trends and move into the future with ease. To learn about SafeNet Authentication Service and join a free trial visit Contact Us: For all office locations and contact information, please visit Follow Us: SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. PB (EN)