Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access



Similar documents
Secure Cloud Computing

Meet the Cloud API The New Enterprise Control Point

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

1 The intersection of IAM and the cloud

PortWise Access Management Suite

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Centrify Cloud Connector Deployment Guide

How To Manage A Plethora Of Identities In A Cloud System (Saas)

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

NCSU SSO. Case Study

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Identity in the Cloud

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

2013 AWS Worldwide Public Sector Summit Washington, D.C.

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

STRONGER AUTHENTICATION for CA SiteMinder

Security & Cloud Services IAN KAYNE

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Flexible Identity Federation

Mobile Security and Management Opportunities for Telcos and Service Providers

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Creating a Strong Security Infrastructure for Exposing JBoss Services

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Google Identity Services for work

HOL9449 Access Management: Secure web, mobile and cloud access

Mobile Security. Policies, Standards, Frameworks, Guidelines

PortWise Access Management Suite

API-Security Gateway Dirk Krafzig

Proactively Secure Your Cloud Computing Platform

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Ondřej Výšek Sales Lead, Microsoft MVP.

A Survey on Cloud Security Issues and Techniques

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Security Best Practices for Microsoft Azure Applications

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Agenda. How to configure

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Integrating Single Sign-on Across the Cloud By David Strom

Intel Identity Protection Technology (IPT)

How To Use Salesforce Identity Features

OneLogin Integration User Guide

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Data Protection: From PKI to Virtualization & Cloud

Dell World Software User Forum 2013

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

How to Grow and Transform your Security Program into the Cloud

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Single Sign On. SSO & ID Management for Web and Mobile Applications

Credit Unions and The Cloud. By: Chris Sachse

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Beyond passwords: Protect the mobile enterprise with smarter security solutions

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Building Secure Applications. James Tedrick

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Incident Handling in the Cloud and Audit s Role

Securing Virtual Desktop Infrastructures with Strong Authentication

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Executive Summary P 1. ActivIdentity

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Creating a Single Sign on Web Portal using Azure. Robert Crane Office 365

Cloud Data Security. Sol Cates

FileCloud Security FAQ

T-SYSTEMS Cloud STORY

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Cloud-Security: Show-Stopper or Enabling Technology?

Security Issues in Cloud Computing

The Cloud App Visibility Blindspot

Transcription:

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID: SP01-201 Session Classification: Intermediate

Agenda Client to Cloud Security Layers User to Cloud SSO Strong Auth for Cloud Cloud App API Security Demo 2

The Goal Security Connected Client to Cloud Extended Enterprise Security Continuum Devices & Infrastructure Security Layers Cross Hardware & Software Cloud APIs App Services Data OS/VM Chip/CPU On-Prem to Cloud Private, Public, Hybrid SaaS, PaaS, IaaS Security Connected! 3

Anatomy of Client to Cloud Security Layers to Address Assurance and Compliance: Emerging Attacks Data Use Policy Enforcement Compliance Reporting Pro-active SEIM integration & Alert Datacenter Enterprise Apps Applications Assurance & Compliance Trust and Control AuthN & AuthZ at edge tied to IdM Federated Trust Data confidentiality, PKI, Encryption Trust & Control Perimeter Defense Edge AuthN Perimeter Defense: New Attacks Secure Hypervisor Anti-Virus and Malware Content Threat Protection Secure API Management Device Enterprise Clients Employees Developers Admins Mobile Client Security: Traditional Attack Vector Protection from Malware Secure Federated Session Secure Client/Browser Exe Environment Effective Client to Cloud Trust Involves Connecting these Layers of Cloud Security

User to Cloud Access Challenges? Multiple Logins / Weak Security Lack of Visibility Manual Provisioning Single Sign On (SSO) & Strong Authentication Centralized Management Console Auto Account Provisioning & Profile Sync ID Infrastructure Integration Audit Silos Scalable, Federated Trust AuthN & Provisioning Connectors AD & IAM Centralized Audit Logging Standards Based

Ubiquitous Access Requirement: Any Device, Any Network, Any Cloud App Multiple devices Client Aware Security Any network Accessing Apps from multiple cloud vendors Browser Users Desktop Mobile Work, Home, Wireless

Typical solution should include Enterprise SSO Provisioning Strong Auth Combine Enterprise Class Strong Auth with SSO Provision Access Adaptive Strong Auth Secure SSO Regulatory Compliance Selectively apply 2nd factor OTP AuthN Provision/de provision accounts AD integration Sync Id Profiles Variety of software AuthN methods & devices mobile devices, SMS, email Federate windows/ad log in via portal To popular SaaS like Salesforce & Google Apps Rich audit trail of user login showing AuthN level De provision & orphan account reports 7

Client Aware, Adaptive Authentication Network, IP, Geo Location, Time Credential Type User Attribute Role, Group, Dept., etc. Device, type of target app Joe @company OTP Joe @hotel room w/o VPN Access Broker OTP Mary (remote worker) 8

Out of band Signed Authentication More secure way for 2 nd factor authentication Authentication is performed on a separate channel different from the transaction channel Convenient User approves using a simple Approve/Reject button from their mobile phone 9

Authentication 1 10 0

Authentication 1 11 1

Authentication 1 12 2

Authentication 1 13 3

Authentication 1 14 4

Digital Signing 1 15 5

Digital Signing 1 16 6

Digital Signing 1 17 7

Digital Signing 1 18 8

Digital Signing 1 19 9

Digital Signing 2 20 0

Hardware Assisted Security at the Endpoints Silicon OTP Enables frictionless 2 factor user authn. Determines trusted platform. OTP: 927316250 + Username Password Virtual Keypad Protects PC display from malware scraping and proves human presence at PC. Great for transaction verification and ACH fraud prevention. Password Entry Server 927316250 Token Server TXT Data Center Root of Trust Secure boot of VMs in Cloud PKI certificates to authenticate User and Server to each other, digitally sign documents and emails and encrypt files and messages. Server Digital Certificate

Cloud Apps- APIs are New Cloud Control Point Cloud Provider API Applications move off premise API Cloud Provider Leverage third party services Enterprise 1/3 of Enterprise Traffic is via APIs

Service Gateway Broker Technology Makes a lot of Sense Cloud Provider Cloud Provider API Enterprise APIs can be exposed, consumed, and proxied to a Service Gateway to offload security & communicate with back end infrastructure vs point to point integration

Demo 24

Demo 1-100% In the Cloud SSO My Apps Enterprise 4 Laptop Account Provisioning SSO Portal One Time Password ipad Browser Access 100s of Apps Mobile Delivers same level of control as on prem IAM Leverage Salesforce or enterprise accounts for SSO Trigger mobile & hardware assisted strong authentication

Slide 25 4 new slide to import SSO Portl Kelly Anderson, 2/17/2012

Demo #2: Trusted Client to Cloud SSO User Trusted Client On Premise Ultrabook IWA (Kerberos) AD Federation (SAML) Access IPT based Trusted Client Authentication SSO 100+ apps Custom Apps 26

Unique Context Aware Strong Authentication Hardware Assisted AuthN Intel Identity Protection Technology Embedded in 120 million Ultra Books Fast enrollment mobile OTP Access Decision Equip IT with Same Level of On prem Security Controls

How to Apply What You Have Learned Today In the first three months following this presentation you should: Identify all the cloud applications your Enterprise uses Understand how many passwords are being managed Define appropriate compliance controls for events such as a user leaving the company Within six months you should: Select an IAM system which allows policy based integrated SSO portal according to your organization s needs Drive an implementation project to secure access to cloud applications 28

Visit Intel Booth for Demos www.intelcloudsso.com Free Trial April 12 Bonus Free Box.net Account www.intel.com/go/identity www.mcafee.com/cloudsecurity Mar 29 Kuppinger Cole Webinar How To Outsource Identity to the Cloud On Demand Webinar Cloud Service Brokers w/csa & NIST Meet the Cloud API w/forrester Research