© 2012 SecureAuth. All rights reserved.

May 8, 2014

www.SecureAuth.com

SecureAuth andDeloitte & Touche, LLPPresents:Enterprise Architectures in a Hybrid World for the Public Sector

<internal> Proposed Agenda

Section Presenter Time Notes

Intro Emcee 2/3 minutes  

Public Sector Challenges

Treb / Deloitte ~10 minutes

This portion of the presentation will provide a point of view on the IAM challenges that public sector clients face. It will also outline how these challenges can be overcome with the deployment and adoption of specific IAM services. This section will also introduce the concept of a hybrid world.

SecureAuth Solution Overview

Garret Grajek(SecureAuth)

15 minutes

SecureAuth Hybrid Overview:• Web • Cloud • Mobile • NetworkGovernment Focus: • Cloud • CAC / PIV • Derived Cred • GFIPM / CJISUse case discussion of GSA and other state/local customers

DemoChris Hayes (SecureAuth)

10 minutes

Live use case demonstration:(1) Ease-of-use – deploying internal SSO and mobile

access(2) Extensibility – federated access to cloud-based and

external applications (e.g. Texas DPS)

Deloitte Deployment Practices

Treb / Deloitte 10 minutesThis section provides insights and deployment best practices that customers should consider, as well as service offerings.

Contacts / Q&A Emcee ~5 minutesKey points of contact from both Deloitte and SecureAuth. Canned questions and answers for 5 minutes.

• All attendee audio lines are muted• Questions will be answered at the end of the session• Submit brief questions on the Q&A panel• Send longer questions or off-line topics via email to

webinar@secureauth.com

Chris Hayes, SecureAuth Corporation     Chief Solutions Architect Garret Grajek, SecureAuth Corporation

      Co-Founder and CTO/COOTreb Farrales, Deloitte       Senior Manager, Deloitte & Touche LLP, Cyber Risk Services

Welcome to the WebinarPresented by SecureAuth Corp. and

Deloitte & Touche LLP

AGENDA

Public Sector IAM Challenges

SecureAuth IdP

Demo

Deployment with Deloitte

Q & A

5

Public Sector Challenges

Treb Farrales, Sr. ManagerDeloitte & Touche LLP

Public Sector Challenges

ICAM Challenges

facingIT Security

Leaders

C2G identity convergence

Shrinking IT budgets

Enforcing need-to-know and user centric authorization

Enforcing cyber security and compliance

Securing and sharing big data across domains

IT efficiency through conslidation

Governance across a decentralized IT ecosystem

Mobile secureaccess expectations

• Be a simple but agile security architectures• Minimize credential management and exposure• Control IT costs and improve efficiencies• Be ready to harness the cloud capabilities • Be capable of consolidating IAM services while

scaling capabilities ICAM services such as:• Strong Authentication• Internal SSO• Cloud SSO (Federation)

IT Security Leaders Need ICAM to

• Web/Cloud SSO• Mobile Access

SecureAuth IdP for the EnterpriseSecure Enterprise Architecture

Accept Authorize Analyze Authenticate Assert

Garret Grajek, CTO / COOSecureAuth Corporation

9

Enterprises need to enforceTHE SAME PROFILES, POLICIES, AND PROCEDURES

to Mobile, Cloud, and Web/Network Resources

PROFILES POLICIES PROCEDURES

(1)

(2)

(3)

(4)

SecureAuth IdP meets this challenge with a new design

SSO/2-Factor for All Resources

1. Web

2. VPNs

3. Cloud

4. Mobile

SecureAuth IdP forthe Enterprise

Key FeaturesSSO between Web and Cloud Apps

Configurable 2-Factor Authentication for All Resources

Full Support for Mobile Devices and Apps

Full Identity Management of Enterprise Identities

12

Public SectorKey Requirements

1. Mandated Cloud FederationCloud First Policy

2. HSPD-12 Federal RequirementLogical Access via CAC / PIV Identity Card

3. Derived Credential SupportMobile Access

4. GFIPM (Federation) and CJIS (Advanced Auth)Law Enforcement

13

1. Federal “Cloud First” Initiative

ObjectivesReduce Federal I.T. CostsImprove Server UtilizationEnable Elastic Environments for Modification

First ProjectsMoving Infrastructure to CloudE-mail, Public Websites

First MoversDepartment of Treasury, GSA, U.S. Navy

Focus: Public Sector

14

SecureAuth IdP is“Shrink-wrapped” for Cloud First

Retain Credentials in the Enterprise

Control Access to Identity Provider

Conduct “Risk-based” Authentication

Enable SSO for On-premises Users

Enable 2-Factor Authentication for External Users

Create Derived Credentials

Validate Derived Credentials

Focus: Public Sector

15

2. Federal HSPD-12Homeland Security Presidential Directive 12Mandates for Federally-issued Identity Cards for Federal Employees and Contractors

ChallengeEmploy Cards for Logical Access

Web, Network, SaaSUnusable on Mobile Devices

Focus: Public Sector

16

SecureAuth IdP is“Shrink-wrapped” for CAC / PIV

Validates CAC / PIV Credentials

Maps to Enterprise Directory

Authorizes for Application Access

Asserts Enterprise Identity toWeb, Network, Cloud ResourcesAnd Mobile Apps

Focus: Public Sector

17

3. Derived Credentials for Mobile Devices

Use CaseUser has CAC / PIV CardUser has Mobile DevicesUser Requires Access to Applications

ChallengeConduct CAC / PIV AuthenticationTranslate that into Derived Credential on Mobile Device

Focus: Public Sector

18

SecureAuth IdP is“Shrink-wrapped” for Derived Credentials

Generates a One-time Code

User Enters Username on Mobile Device

User Enters One-time Code

User Enters Password

SecureAuth Generates Derived Credential

Focus: Public Sector

19

4. CJIS and GFIPM Requirements for Law Enforcement

CJISCriminal Justice Information SystemRequires Advanced Authentication (2-Factor) for AccessGFIPMGlobal Federated Identity and Privilege ManagementMandates IdP / SP Exchange on InformationFor Law Enforcement Agencies WorldwideChallengeMeet the Requirements in Cost- and Time-efficient Manner

Focus: Public Sector

20

SecureAuth IdP is“Shrink-wrapped” for CJIS / GFIPM

Meets 2-Factor RequirementsSMS, Telephony, X.509, and more

Secure Attribute ExchangeUp to 200 Attributes

Based on Roles / Rules by the SP

GUI-driven

Focus: Public Sector

CJIS

GFIPM

21

DemoSecureAuth IdP

Chris Hayes, Chief Solutions ArchitectSecureAuth Corporation

Accept Authorize Analyze Authenticate Assert

22

Public Sector Deployment Best Practices

Treb Farrales, Sr. ManagerDeloitte & Touche LLP

Deployment Best Practices

External demands and internal operational challenges are placing a greater emphasis on finding a flexible and comprehensive ICAM solution

TechnologyGovernance

• Establish a IAM Governance Group to facilitate collaboration and sharing between disparate IAM component owners and operators

• IAM Governance Group defines IAM standards that should be adopted to achieve the agency’s mission

Application Integration

• Conduct app integration studies to determine app ROI, integration cost, and integration time

• Integrate app integration objectives in phases to reduce the time-to-delivery and maximize ROI

• Enable account management virtually through directory consolidation tools or capabilities

• Reduce risks of poorly executed IT ICAM disciplines by leveraging cyber security engineers solely focused on identity and access management

• Transfer the operations of highly available IAM components in the cloud or to a IAM managed service

ICAM Capabilities

Executive Sponsorship

• Collaboratively develop and constantly update the business case or strategic plan to clearly articulate the IAM goals, charter, challenges, and align program objectives with the agency’s goals

• Develop cost recovery and charge back models

• Provide assistance to agencies to educate future customers on charge back model options

• Establish a vehicle to collect fees from agency operational divisions

Cost Recovery

• Duplicative IAM solutions deployed in an agency

• Security technologies are deployed incorrectly

• IT assets are not discoverable and shared poorly

• Lack of enterprise IT standards applied across the agency

TechnologyGovernance

Cost Recovery

• Lack of integration funding budgeted by app owners

• Lack of steady-state funding budged by IAM service operators

• Agency lacks a defined and accepted cost recovery or charge back model

• Applications unwilling to use or fund your ICAM system because they don’t see the value and they don’t want to lose control of their users

Executive Sponsorship

Application Integration

• App integration scope creep often delays integration projects

• Lack of integration funding often delays the integration start or completion date

• App owners unwilling to give up account management controls

• Organizations think that knowing AD is all they know to know about identity management and then wonder why they struggle to deliver access across disparate IT application portfolios

ICAM Capabilities

ICAM Deployment Challenges ICAM Deployment Best Practices

Public Sector ICAM Solution

HIVE

Center for Public InnovationHomeland Security Incident Command & Emergency Operations Center Geospatial (Google Earth)

Enterprise Applications Oracle Workforce Event Automation Next Gen IT Management Green Computing Virtualization

Business Intelligence Cognos Budget (POM) Tool Budget Evaluation Cost Estimation Tool SAS analytics

Center for Cyber Innovation Identity, Credential and Access Management (ICAM) HSPD-12 Credentialing Enrollment and Issuance

Workstations Physical Access and Biometrics IT Risk Catalog Cyber Command & Control (Cyber C2) Storefront*

Federal Innovation Design Center (located in Alexandria, VA) Solution Demo Center and Rapid Application Development

(RAD) Lab Facilitates building conceptual designs and prototypes,

executing conference room pilots, and testing pre-production systems

The Highly Immersive Visual Environment (HIVE) is a client-facing showroom and technology center you can use to share with clients “C-level” demonstrations, strategy sessions and prototyping.

25

Who Title E-mail Phone

Treb Farrales Sr. Manager tfarrales@deloitte.com +1. 571.882.6823

Chris HayesChief Solutions

Architectchayes@secureauth.com +1.860.383.5907

Garret Grajek CTO/COO ggrajek@secureauth.com +1.949.777.6970

SecureAuth Sales sales@ecureauth.com +1.949.777.6959

Contacts

www.secureauth.comwww.deloitte.com

Thank you!