modern architectures
DESCRIPTION
Learn what a modern architecture looks like. It accepts any identity, authenticates users, and asserts those identities to any cloud, mobile, web, or network resource without requiring directory migration or duplication. Learn from security experts at Deloitte how you can rethink your architecture with a fresh outlook that meets the needs of your agile enterprise.TRANSCRIPT
© 2012 SecureAuth. All rights reserved.
May 8, 2014
www.SecureAuth.com
SecureAuth andDeloitte & Touche, LLPPresents:Enterprise Architectures in a Hybrid World for the Public Sector
<internal> Proposed Agenda
Section Presenter Time Notes
Intro Emcee 2/3 minutes
Public Sector Challenges
Treb / Deloitte ~10 minutes
This portion of the presentation will provide a point of view on the IAM challenges that public sector clients face. It will also outline how these challenges can be overcome with the deployment and adoption of specific IAM services. This section will also introduce the concept of a hybrid world.
SecureAuth Solution Overview
Garret Grajek(SecureAuth)
15 minutes
SecureAuth Hybrid Overview:• Web • Cloud • Mobile • NetworkGovernment Focus: • Cloud • CAC / PIV • Derived Cred • GFIPM / CJISUse case discussion of GSA and other state/local customers
DemoChris Hayes (SecureAuth)
10 minutes
Live use case demonstration:(1) Ease-of-use – deploying internal SSO and mobile
access(2) Extensibility – federated access to cloud-based and
external applications (e.g. Texas DPS)
Deloitte Deployment Practices
Treb / Deloitte 10 minutesThis section provides insights and deployment best practices that customers should consider, as well as service offerings.
Contacts / Q&A Emcee ~5 minutesKey points of contact from both Deloitte and SecureAuth. Canned questions and answers for 5 minutes.
• All attendee audio lines are muted• Questions will be answered at the end of the session• Submit brief questions on the Q&A panel• Send longer questions or off-line topics via email to
Chris Hayes, SecureAuth Corporation Chief Solutions Architect Garret Grajek, SecureAuth Corporation
Co-Founder and CTO/COOTreb Farrales, Deloitte Senior Manager, Deloitte & Touche LLP, Cyber Risk Services
Welcome to the WebinarPresented by SecureAuth Corp. and
Deloitte & Touche LLP
AGENDA
Public Sector IAM Challenges
SecureAuth IdP
Demo
Deployment with Deloitte
Q & A
5
Public Sector Challenges
Treb Farrales, Sr. ManagerDeloitte & Touche LLP
Public Sector Challenges
ICAM Challenges
facingIT Security
Leaders
C2G identity convergence
Shrinking IT budgets
Enforcing need-to-know and user centric authorization
Enforcing cyber security and compliance
Securing and sharing big data across domains
IT efficiency through conslidation
Governance across a decentralized IT ecosystem
Mobile secureaccess expectations
• Be a simple but agile security architectures• Minimize credential management and exposure• Control IT costs and improve efficiencies• Be ready to harness the cloud capabilities • Be capable of consolidating IAM services while
scaling capabilities ICAM services such as:• Strong Authentication• Internal SSO• Cloud SSO (Federation)
IT Security Leaders Need ICAM to
• Web/Cloud SSO• Mobile Access
SecureAuth IdP for the EnterpriseSecure Enterprise Architecture
Accept Authorize Analyze Authenticate Assert
Garret Grajek, CTO / COOSecureAuth Corporation
9
Enterprises need to enforceTHE SAME PROFILES, POLICIES, AND PROCEDURES
to Mobile, Cloud, and Web/Network Resources
PROFILES POLICIES PROCEDURES
(1)
(2)
(3)
(4)
SecureAuth IdP meets this challenge with a new design
SSO/2-Factor for All Resources
1. Web
2. VPNs
3. Cloud
4. Mobile
SecureAuth IdP forthe Enterprise
Key FeaturesSSO between Web and Cloud Apps
Configurable 2-Factor Authentication for All Resources
Full Support for Mobile Devices and Apps
Full Identity Management of Enterprise Identities
12
Public SectorKey Requirements
1. Mandated Cloud FederationCloud First Policy
2. HSPD-12 Federal RequirementLogical Access via CAC / PIV Identity Card
3. Derived Credential SupportMobile Access
4. GFIPM (Federation) and CJIS (Advanced Auth)Law Enforcement
13
1. Federal “Cloud First” Initiative
ObjectivesReduce Federal I.T. CostsImprove Server UtilizationEnable Elastic Environments for Modification
First ProjectsMoving Infrastructure to CloudE-mail, Public Websites
First MoversDepartment of Treasury, GSA, U.S. Navy
Focus: Public Sector
14
SecureAuth IdP is“Shrink-wrapped” for Cloud First
Retain Credentials in the Enterprise
Control Access to Identity Provider
Conduct “Risk-based” Authentication
Enable SSO for On-premises Users
Enable 2-Factor Authentication for External Users
Create Derived Credentials
Validate Derived Credentials
Focus: Public Sector
15
2. Federal HSPD-12Homeland Security Presidential Directive 12Mandates for Federally-issued Identity Cards for Federal Employees and Contractors
ChallengeEmploy Cards for Logical Access
Web, Network, SaaSUnusable on Mobile Devices
Focus: Public Sector
16
SecureAuth IdP is“Shrink-wrapped” for CAC / PIV
Validates CAC / PIV Credentials
Maps to Enterprise Directory
Authorizes for Application Access
Asserts Enterprise Identity toWeb, Network, Cloud ResourcesAnd Mobile Apps
Focus: Public Sector
17
3. Derived Credentials for Mobile Devices
Use CaseUser has CAC / PIV CardUser has Mobile DevicesUser Requires Access to Applications
ChallengeConduct CAC / PIV AuthenticationTranslate that into Derived Credential on Mobile Device
Focus: Public Sector
18
SecureAuth IdP is“Shrink-wrapped” for Derived Credentials
Generates a One-time Code
User Enters Username on Mobile Device
User Enters One-time Code
User Enters Password
SecureAuth Generates Derived Credential
Focus: Public Sector
19
4. CJIS and GFIPM Requirements for Law Enforcement
CJISCriminal Justice Information SystemRequires Advanced Authentication (2-Factor) for AccessGFIPMGlobal Federated Identity and Privilege ManagementMandates IdP / SP Exchange on InformationFor Law Enforcement Agencies WorldwideChallengeMeet the Requirements in Cost- and Time-efficient Manner
Focus: Public Sector
20
SecureAuth IdP is“Shrink-wrapped” for CJIS / GFIPM
Meets 2-Factor RequirementsSMS, Telephony, X.509, and more
Secure Attribute ExchangeUp to 200 Attributes
Based on Roles / Rules by the SP
GUI-driven
Focus: Public Sector
CJIS
GFIPM
21
DemoSecureAuth IdP
Chris Hayes, Chief Solutions ArchitectSecureAuth Corporation
Accept Authorize Analyze Authenticate Assert
22
Public Sector Deployment Best Practices
Treb Farrales, Sr. ManagerDeloitte & Touche LLP
Deployment Best Practices
External demands and internal operational challenges are placing a greater emphasis on finding a flexible and comprehensive ICAM solution
TechnologyGovernance
• Establish a IAM Governance Group to facilitate collaboration and sharing between disparate IAM component owners and operators
• IAM Governance Group defines IAM standards that should be adopted to achieve the agency’s mission
Application Integration
• Conduct app integration studies to determine app ROI, integration cost, and integration time
• Integrate app integration objectives in phases to reduce the time-to-delivery and maximize ROI
• Enable account management virtually through directory consolidation tools or capabilities
• Reduce risks of poorly executed IT ICAM disciplines by leveraging cyber security engineers solely focused on identity and access management
• Transfer the operations of highly available IAM components in the cloud or to a IAM managed service
ICAM Capabilities
Executive Sponsorship
• Collaboratively develop and constantly update the business case or strategic plan to clearly articulate the IAM goals, charter, challenges, and align program objectives with the agency’s goals
• Develop cost recovery and charge back models
• Provide assistance to agencies to educate future customers on charge back model options
• Establish a vehicle to collect fees from agency operational divisions
Cost Recovery
• Duplicative IAM solutions deployed in an agency
• Security technologies are deployed incorrectly
• IT assets are not discoverable and shared poorly
• Lack of enterprise IT standards applied across the agency
TechnologyGovernance
Cost Recovery
• Lack of integration funding budgeted by app owners
• Lack of steady-state funding budged by IAM service operators
• Agency lacks a defined and accepted cost recovery or charge back model
• Applications unwilling to use or fund your ICAM system because they don’t see the value and they don’t want to lose control of their users
Executive Sponsorship
Application Integration
• App integration scope creep often delays integration projects
• Lack of integration funding often delays the integration start or completion date
• App owners unwilling to give up account management controls
• Organizations think that knowing AD is all they know to know about identity management and then wonder why they struggle to deliver access across disparate IT application portfolios
ICAM Capabilities
ICAM Deployment Challenges ICAM Deployment Best Practices
Public Sector ICAM Solution
HIVE
Center for Public InnovationHomeland Security Incident Command & Emergency Operations Center Geospatial (Google Earth)
Enterprise Applications Oracle Workforce Event Automation Next Gen IT Management Green Computing Virtualization
Business Intelligence Cognos Budget (POM) Tool Budget Evaluation Cost Estimation Tool SAS analytics
Center for Cyber Innovation Identity, Credential and Access Management (ICAM) HSPD-12 Credentialing Enrollment and Issuance
Workstations Physical Access and Biometrics IT Risk Catalog Cyber Command & Control (Cyber C2) Storefront*
Federal Innovation Design Center (located in Alexandria, VA) Solution Demo Center and Rapid Application Development
(RAD) Lab Facilitates building conceptual designs and prototypes,
executing conference room pilots, and testing pre-production systems
The Highly Immersive Visual Environment (HIVE) is a client-facing showroom and technology center you can use to share with clients “C-level” demonstrations, strategy sessions and prototyping.
25
Who Title E-mail Phone
Treb Farrales Sr. Manager [email protected] +1. 571.882.6823
Chris HayesChief Solutions
[email protected] +1.860.383.5907
Garret Grajek CTO/COO [email protected] +1.949.777.6970
SecureAuth Sales [email protected] +1.949.777.6959
Contacts
www.secureauth.comwww.deloitte.com
Thank you!