expanding web single sign-on to cloud and mobile environments agility made possible

Similar documents
Authentication Strategy: Balancing Security and Convenience

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

CA Arcot RiskFort. Overview. Benefits

How To Comply With Ffiec

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Closing the Biggest Security Hole in Web Application Delivery

CA SiteMinder SSO Agents for ERP Systems

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

Beyond passwords: Protect the mobile enterprise with smarter security solutions

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

White paper December Addressing single sign-on inside, outside, and between organizations

An Enterprise Architect s Guide to API Integration for ESB and SOA

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

CA Technologies Solutions for Criminal Justice Information Security Compliance

Security Services. Benefits. The CA Advantage. Overview

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

agility made possible

STRONGER AUTHENTICATION for CA SiteMinder

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Elevate the Consumer Experience: Creating a Win-win for Both IT and its Consumers

CA Federation Manager

CA Technologies Healthcare security solutions:

CA Technologies optimizes business systems worldwide with enterprise data model

Designing a CA Single Sign-On Architecture for Enhanced Security

SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible

how can I improve performance of my customer service level agreements while reducing cost?

NCSU SSO. Case Study

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

how can I comprehensively control sensitive content within Microsoft SharePoint?

CA NSM System Monitoring Option for OpenVMS r3.2

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Adding Stronger Authentication to your Portal and Cloud Apps

Top 5 Reasons to Choose User-Friendly Strong Authentication

IBM Tivoli Federated Identity Manager

managing SSO with shared credentials

Strengthen security with intelligent identity and access management

An Overview of Samsung KNOX Active Directory and Group Policy Features

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Connecting Users with Identity as a Service

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Moving Single Sign-on (SSO) Beyond Convenience

Advanced Authentication Methods: Software vs. Hardware

Building a Roadmap to Robust Identity and Access Management

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

5 Pillars of API Management with CA Technologies

Cybersecurity and Secure Authentication with SAP Single Sign-On

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

Securing Enterprise Mobility for Greater Competitive Advantage

An Overview of Samsung KNOX Active Directory-based Single Sign-On

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

The National Commission of Audit

Single Sign-on to Salesforce.com with CA Federation Manager

How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

CA Service Desk Manager - Mobile Enabler 2.0

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Technology Partner Program

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

ACI Response to FFIEC Guidance

can you simplify your infrastructure?

How Can I Deliver Innovative Customer Services Across Increasingly Complex, Converged Infrastructure With Less Management Effort And Lower Cost?

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

Provide access control with innovative solutions from IBM.

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

Understanding Enterprise Cloud Governance

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Google Identity Services for work

Federated Identity and Single Sign-On using CA API Gateway

Radix Technologies China establishes compelling cloud services using CA AppLogic

How To Manage A Plethora Of Identities In A Cloud System (Saas)

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

agility made possible

Transcription:

expanding web single sign-on to cloud and mobile environments agility made possible

the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online banking, bill payment and other Internet-based business. Today, however, millions are comfortable performing a host of transactions online and relying on the supporting organizations to maintain a secure environment. As a result, companies are rapidly expanding the ways they provide online services to customers, employees and partners to make convenient anywhere, anytime access and any-device options the new standard. Their goal? Gain greater efficiencies, enable improved responsiveness and deliver a better user experience. This includes delivering secure services via: Web browser-based applications Mobile applications Open Web services interfaces But no matter how online services are accessed, or how many users access them, a fundamental concern remains: Organizations need to protect larger and larger volumes of sensitive data while still allowing users to easily conduct business. 02

...and single sign-on (SSO) is evolving with it Customer Online banking website Separate financial institution 2 1 4 3 Financial planning website Even a simple transaction requires comprehensive security. The use of traditional Web single sign-on (SSO) in web access management (WAM) has been critical to controlling access to resources, while providing a seamless and secure experience for online users. It has enabled them to readily move from one web-based transaction to another, smoothly interacting with other applications or external sites along the way. For example, the simple transaction above requires multiple security steps to confirm the customer s identity and allow the requested online banking actions to be performed. Yet, the customer only needs to log in once, using one set of credentials, to access personal account details and information from an affiliated, external financial planning website. 03

...and single sign-on (SSO) is evolving with it Customer Online banking website Separate financial institution 2 1 4 3 Financial planning website Even a simple transaction requires comprehensive security. THE STEPS IN A TYPICAL ONLINE BANKING SCENARIO: 1. First, the customer s identity must be confirmed. Methods to do this today include asking the customer to associate an image with an account, or to confirm the answer to questions created upon customer account set-up. 2. Based on the identity confirmation, the customer is allowed or disallowed to conduct the requested transaction. Enabling this requires security features to be built into the website, related security policies maintained and audits performed of the customer s actions after logging in. 3. Next, the security of back-end transactions must also be ensured. Connecting to the bank s applications, perhaps at a separate financial institution, must be done in a secure fashion. 04 4. Lastly, the connection to the bank s financial planning partner must be securely achieved also with a SSO. If the bank were to force the customer to log in again to the financial planner s website, he or she might find that process onerous and leave the bank. But as your organization moves beyond early web-based operations and introduces mobile and cloud-based initiatives, you need to extend SSO to secure these new services and related methods of access. At the same time, you must address the unique requirements of an increasingly diverse portfolio of applications, such as Microsoft SharePoint Server and SAP, and the varied types of users who interact with them. As part of an ongoing process, making changes like these requires a flexible solution that will enable you to act quickly to meet new demands.

building on the basics While supporting an increasingly complex array of access requirements, your security and SSO fundamentals remain the same. You need to know who your users are, control what they can do and be able to both monitor and audit their actions based on individual entitlements. Starting with the basics helps you build a strong security foundation. But new technology requirements are changing the SSO landscape. In particular, three key areas are having a major impact: Extended services Cloud adoption Mobile and the consumerization of IT As access requirements grow and change, proactive organizations implement additional safeguards while sticking to security essentials. This helps them prevent risks ranging from malicious attacks to threats from internal users who fail to follow security policies and procedures. 05

extended services for advanced authentication To stay competitive, organizations are rapidly complementing existing business models with online services that take advantage of the latest technologies. This often involves supporting multiple device types such as laptops, tablets and smartphones, as well as new mobile- and cloud-based infrastructures. And it creates a number of authentication challenges, including: Addressing the specific usage and access-level requirements of all end users Supporting situation- or risk-based authentication Providing convenient online access with full protection for both the user s identity and sensitive application data Securing on-premise and cloud-based applications Protecting critical transactions from online fraud So what can you do to minimize all these access-related risks, while simultaneously keeping your data safe and promoting online activity? Traditional Web SSO relies on risk-appropriate authentication to protect transactions based on pre-defined rules and models. But given the complexity of user interactions in today s IT environments, more advanced forms of authentication are required. Solutions for extended services provide an effective response through risk-based evaluation. Using risk-based evaluation, you can apply adaptive authentication techniques to assess a user and determine an appropriate risk score based on a mix of access factors. The same features that add to user convenience support for various device and user types, along with multiple application access points contribute to potential security risks without proper authentication and authorization mechanisms. 06

extended services for advanced authentication continued More advanced authentication using risk-based evaluation provides the context you need to comprehensively gauge the risk of individual users. By continually monitoring their typical application usage and access patterns, you ll be able to quickly identify actions that fall outside of normal behavior such as their logging in from a coffee shop instead of at home. You can then request additional credentials to confirm their access rights or take whatever steps are necessary to prevent unauthorized use. This is especially critical when users are attempting to perform high-risk actions. A key feature of advanced authentication is the ability to profile users based on past behavior, and then flag out-of-the-ordinary actions that could present serious security risks. 07

best practices in extended-service environments: federated SSO and beyond Federated SSO enables user credentials to be trusted across multiple IT systems or applications, leveraging industry standards such as security assertion markup language (SAML) and its identity cookie approach to authenticate in-bound data. In an extended-service environment, however, people may be accessing systems using multiple authentication methods, including smart cards, biometric devices and two-factor authentication. For this reason, it makes sense to employ an authentication solution that also offers session management functionality, as it provides the ability to perform both hardware- and software-based token translation. 08

best practices in extended-service environments: federated SSO and beyond continued Session management offers other sophisticated capabilities to enhance the security of identity access and management processes. Depending on your extended-service needs, it may also be worthwhile to implement: SSO zones to isolate and lock down all or part of high-security applications Authentication selectors to allow users to select different ways to log in Directory chaining to link multiple user directories, simplifying access rights management and eliminating the need for users to re-establish credentials during a session Levels of trust to enable step-up authentication based on an established ranking A centralized audit of all user log-ins, as well as related activities following log-in, for improved monitoring and compliance Enterprises that employ session management to enable advanced authentication and enhance federated SSO are better prepared to handle extended-service requirements. 09

cloud adoption creates new security considerations Private clouds, public clouds and Software-as-a-Service (SaaS) offerings. Without the need to manage a physical infrastructure, these and other variations on the cloud can give enterprises a lower-cost, flexible way to provide services. For this reason, cloud adoption has soared, increasing the ever-growing base of internal and external users accessing online applications. While adding another layer of access requirements, cloud-based services must still be delivered conveniently and securely. As you implement them, you need to enhance existing SSO mechanisms with stronger forms of authentication that protect your data, but don t detract from the user experience. 10

engaging mobile users Driven by both employee and customer demands, mobile technologies have surged in popularity. The result? According to Forrester Research, Mobile spend will reach $1.3 trillion as the mobile apps market reaches $55 billion in 2016. Forrester also states: In 2016, 350 million employees will use smartphones 200 million will bring their own. * Given these trends, it s no wonder the use of mobile technology is spreading like wildfire. Organizations like yours have found it to be a highly effective way to engage their customer base and drive top-line revenue. From improving access to products and services to enabling mobile sales teams, they re building mobile applications to make both customer and employee transactions faster and easier to perform. But to promote user adoption, you need to deliver a consistent, secure user experience. Big browsers, small browsers and mobile applications PC/laptop browsers Browsers on phone/tablet Web services Non-traditional devices Phone/tablet native apps Whatever mobile applications and browser types companies support, they need to keep ease of use and secure access top of mind. * Mobile is the New Face of Engagement, Forrester Research Inc., February 13, 2012. 11

meeting mobile requirements, protecting mobile data To give users the mobile access they desire and protect sensitive data, you need to build appropriate levels of device- and application-specific security without inserting unnecessary steps that inconvenience customers or delay transactions. This requires a solution capable of handling: 3 Location-related requirements: IP addresses assigned by carriers and access through virtual private networks may reflect switch-versus-actual locations. This makes it impossible to know if the user is at an expected location, and calls for validation against multiple factors to confirm the identity of the person attempting access. 3 Multiple form factors for credentials: Because mobile devices can be easily misplaced or stolen, you may need to provide additional security measures aligned to transaction risk levels. For example, a one-time password may be used to verify valid credentials for online purchases. It may also be prudent to require a supplemental voice biometric in other situations. 3 Integration of authentication: As you develop mobile applications, you must be able to embed authentication methods so that you can meet your access-related security requirements. Alternatively, if the mobile device allows, you can employ cookies to pass along credentials from an approved device to the application in question for the same purpose. And when mobile users interact with external applications, you ll also want to allow them to seamlessly and securely extend their sessions to other applications. 12

assessing your capabilities By fully evaluating how you are providing user access today, you can pinpoint where advanced authentication and authorization methods should be applied to improve the security of web-, mobile- and cloud-based transactions. practices to enable greater control over access management. At the same time, it helps you more cost-effectively implement the enterprise-wide security required to safeguard critical data and applications. As you do, keep in mind that employing a single, robust security solution is the ideal way to support all your user access requirements. Such an approach eliminates fragmented security Ultimately, it allows you to better address user expectations for convenience while providing added protection from all types of access-related security threats. With the right solution in place, you ll be able to meet multiple IT challenges while securely expanding your online presence for strategic business benefit. 13

CA security solutions At CA Technologies, we understand how important it is to strike the right balance between enterprise data security and convenient user access. And, we ve developed solutions that address advanced access security requirements in Web, mobile and cloud environments. CA SiteMinder CA SiteMinder provides an essential foundation for user authentication, SSO and browser- and mobile-based authorization, as well as reporting activities. It enables you to create granular policies that can help control access to critical applications based on a flexible set of static or dynamic criteria, such as user attributes, roles, time, location or data sensitivity. A standards-based identity federation solution, CA SiteMinder Federation enables users of one organization to easily and securely access data and applications of partner organizations. It can be integrated with CA SiteMinder or deployed as a standalone solution. CA RiskMinder CA RiskMinder provides real-time protection against identity theft and online fraud using risk-based adaptive authentication. It evaluates the fraud potential of online access attempts from enterprise Web services to consumer e-commerce transactions and calculates the risk score based on a broad set of variables. All this is done transparently without inconveniencing legitimate, low-risk users. CA AuthMinder CA AuthMinder includes a wide range of fraud detection and multifactor authentication methods to reduce the risk of online fraud for e-commerce, Web portals and remote access. CA AuthMinder and CA RiskMinder are visible as authentication services within the CA SiteMinder interface. Used for authentication Initial user and step-up authentication Applied against specific SSO Zones In conjunction with the authentication levels of CA SiteMinder Used for authorization Risk score is passed to CA SiteMinder and held throughout the user s session to be evaluated for additional access requests or transactions. CA AuthMinder can be utilized to help enforce policy-based step-up authentication based on the risk score. For more information about CA security solutions, visit www.ca.com. 14

CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at ca.com. Copyright 2012 CA. All rights reserved. Microsoft and SharePoint are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information