EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report



Similar documents
EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

1 Introduction Product Description Strengths and Challenges Copyright... 5

ObserveIT User Activity Monitoring

1 Introduction Product Description Strengths and Challenges Copyright... 5

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Flexible Identity Federation

Connecting Users with Identity as a Service

Cloud User and Access Management

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

NextLabs Rights Management Platform

managing SSO with shared credentials

SECUREAUTH IDP AND OFFICE 365

NCSU SSO. Case Study

Secure Access Control for Mobile, Cloud, and Web Apps

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

SAML SSO Configuration

IBM Tivoli Federated Identity Manager

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

The Top 5 Federated Single Sign-On Scenarios

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

White paper December Addressing single sign-on inside, outside, and between organizations

Azure Active Directory

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

nexus Hybrid Access Gateway

Protecting the keys to your kingdom against cyber-attacks and insider threats

WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

Security Overview Enterprise-Class Secure Mobile File Sharing

CA Federation Manager

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Strengthen security with intelligent identity and access management

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

HP Software as a Service. Federated SSO Guide

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Leveraging SAML for Federated Single Sign-on:

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Identity. Provide. ...to Office 365 & Beyond

An Overview of Samsung KNOX Active Directory and Group Policy Features

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Extend and Enhance AD FS

expanding web single sign-on to cloud and mobile environments agility made possible

USING FEDERATED AUTHENTICATION WITH M-FILES

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Vyom SSO-Edge: Single Sign-On for BMC Remedy

CLAIMS-BASED IDENTITY FOR WINDOWS

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Adding Stronger Authentication to your Portal and Cloud Apps

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

INTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT

Single Sign On. SSO & ID Management for Web and Mobile Applications

The increasing popularity of mobile devices is rapidly changing how and where we

HP Software as a Service

Simplify and Secure Cloud Access to Critical Business Data

Closing the Biggest Security Hole in Web Application Delivery

Building Secure Applications. James Tedrick

CA Technologies Strategy and Vision for Cloud Identity and Access Management

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Google Identity Services for work

SIEM and IAM Technology Integration

OVERVIEW. DIGIPASS Authentication for Office 365

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Understanding Enterprise Cloud Governance

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

SAML-Based SSO Solution

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

Hybrid Cloud Identity and Access Management Challenges

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Cisco Mobile Collaboration Management Service

How To Get A Single Sign On (Sso)

Global Headquarters: 5 Speen Street Framingham, MA USA P F

CA SiteMinder SSO Agents for ERP Systems

MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing on both internal and external users that want to access to both on-premise and cloud services. by Dave Kearns dk@kuppingercole.com March 2015 Content 1 Introduction... 2 2 Product Description... 2 3 Strengths and Challenges... 4 4 Copyright... 5

1 Introduction Cloud Computing is a reality for most organizations today. More and more organizations, from the smallest SMEs to the largest multi-nationals, rely on SaaS (Software as a Service) and other types of cloud services. On the other hand, organizations are challenged by the increasing demand for granting business partners and customers access to their applications, whether these applications are running on-premise or in the cloud. There are many terms for what we call Cloud IAM for Cloud Identity and Access Management. IDMaaS (Identity Management as a Service), IDaaS (Identity as a Service), and various other names are used. However, there is no common understanding of what constitutes that market segment to which vendors have taken different paths. One common denominator is Cloud Single Sign-On, which allows users to access a portal that links to his (or her ) Cloud services and provides a seamless login, either based on passing through username and password or relying on Identity Federation standards. While there are a multitude of solutions available on the market addressing some or all of these new challenges, the risk is that organizations opt for tactical point solutions, rather than integrated or holistic approaches, to address certain business requests. However, on closer examination all this is basically about the same challenge: Managing identities and access, regardless of the type of user and the deployment model of services. Thus, organizations should focus on platforms that cover a broad range of requirements, e.g. beyond pure Cloud SSO or other specialized use cases. Currently, there are two groups of solutions on the market covering the business demand for connecting the enterprise on a broader basis. One contains cloud services in the segment KuppingerCole has defined as Cloud User and Access Management, while the other encompasses on-premise services that support Identity Federation and Web Access Management requirements. SecureAuth, a part of this market, has chosen to call its product IdP, which should not be confused with the three part system promulgated by the OpenID Foundation and later adapted by OASIS for use with the Security Assertion Markup Language (SAML). The three parts are: Principal (SAML) or User (OpenID); Service Provider (SAML) or Relying Party (OpenID); Identity Provider (both) While the idea of a standalone, third party Identity Provider never did catch on, SecureAuth has built a business on its interpretation of being an IdP, and only an IdP, with a good deal of success. 2 Product Description SecureAuth IdP more closely resembles a Simplified SignOn (SSO) provider, and competes with other vendors in what we call the Cloud Identity and Access Management sector. But, should Relying Parties (or Service Providers) decide to accept Identity tokens issued by SecureAuth there would be no time lag in putting that service into practice. Page 2 of 6

Nevertheless, SecureAuth IdP is just what the name implies, an identity provider. Its sole purpose is to secure user access control, for all users, for all data, for all platforms. In today s world, control of the device, application, and even the infrastructure is moving out of the datacenter, and a service such as SecureAuth IdP is an excellent solution to ensure that the enterprise maintains secure control of user access to its resources and data, whether in the cloud, on the web, via a mobile device or through VPN. The product includes multi-factor authentication as well as single sign-on in one solution. Among its advanced features are: adaptive authentication (to examine the context of each request) and user selfservice tools (such as self-enrollment and password reset). The service accepts over twenty different methods of authentication (with more being added) either singly or in combination with step up, or adaptive, authentication being an option for all. The operation of SecureAuth IdP is a six step process: 1. It accepts an identity from the user through one of the configured methods (such as Browser, Kerberos, Web Portal, Proxy, Social ID/OAuth, OpenID, SAML, Cookie, X.509 Certificate Device Independent, or even Username/Password) either alone or in combination; 2. It validates the identity against your chosen identity datastore (such as Active Directory, LDAP, SQL, JDBC, ODBC, Sun One, Novell edirectory, Tivoli Directory, Web Services, etc.); 3. It analyzes the context of the authentication event and user (Login History, Device Type, Location, IP Address and Reputation, Geo-fencing, Geo-velocity, Domain, Heuristic) then applies a risk metric and can optionally ask for more data, limit the activity of the user, or deny access entirely; 4. It presents the user s credentials (Password, E-mail, SMS, Telephony, X.509, PIN, Yubikey, CAC/PIV, Kerberos, OAuth, Browser Print) as an SSO provider; 5. It can also assert the identity to services which accept tokens (Web, Gateway/VPN, Cloud, Mobile, and/or Identity Management) 6. Finally, SecureAuth IdP centralizes and inspects access control activity through unified user access which streamlines your audit trail which simplifies being in, and proving to be in, compliance SecureAuth IdP does offer on-boarding capabilities. It provides, in one package, a focus on both internal and external users that want to access both on-premise and cloud services. As such, it can replace multiple other products in your IAM/IAG and Cloud IAM/IAG portfolio. SecureAuth IdP installs as either a datacenter based appliance or a cloud based service. If deployed as a Cloud service, SecureAuth offers AWS (Amazon Web Services) as a potential provider. SecureAuth does not own its own datacenters, but that is quite common in this market. There is, though, a standard option for running the service only within the EU, as far as Cloud deployments are concerned. Also, the service is already run from some EU hosted datacenters. Page 3 of 6

3 Strengths and Challenges A major strength of SecureAuth IdP is its option to use Adaptive Authentication. Adaptive Authentication uses risk-based policies to evaluate a user s login and post-login activities against a range of risk indicators. Systems then ask for additional assurance of the user s identity when a risk score is out of range or policy rules have been violated. This risk and context-based authentication and authorization methodology provides transparent authentication for the majority of the users, and provides an appropriate level of risk mitigation for those who are in untrusted positions. The level of assurance for a given identity depends on the risk of identity fraud calculated from the user's activity or the criticality of the resources to which access is requested. With the latest in adaptive methods built in, IdP can help you quarantine suspicious actors to prevent them from moving laterally in your network. Whether you want to inspect IP addresses and device fingerprints, analyze group memberships or ensure that geo location and velocity make sense, you can easily build risk analysis into your authentication workflows where needed and stay one step ahead of trouble. In the past we ve criticized SecureAuth for a lack of worldwide partners and presence. The company now has an EU office (in London), as well as strong partnerships worldwide including Cisco, Juniper, F5, Citrix, Microsoft, Google and Amazon. SecureAuth combines cloud single sign-on capabilities with strong authentication and user on-boarding capabilities, focusing on both internal and external users that want to access to both on-premise and cloud services. Organizations looking to improve both security and ease-of-use for their data and users should definitely consider SecureAuth IdP for Access Control services. Strengths/Opportunities Multi-factor and adaptive authentication support Well thought-out approach to Cloud Single Sign-On Integrated cloud and datacenter services Tight integration with identity datastores especially with on-premise Microsoft Active Directory Strong standards support Well thought-out approach to security and data privacy Weaknesses/Threats Third party datacenters (Amazon, Google) Limited, but growing global ecosystem Somewhat limited, but expanding support for external users such as business partners and customers Page 4 of 6

4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. Page 5 of 6

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Strasse 16 65193 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information