Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data
NetSwift igate: Hardware Appliances - SSL VPX to Secure Network Access using 2 Factor Authentication
Agenda Overview of SSL VPNs SSL vs. IPSec Evaluation Criteria ROI NetSwift igate Overview Case Studies Forward Looking
SSL VPN Definition SSL Secure Sockets Layer An industry-standard Internet security protocol, embedded in a web browser IPSec is another security protocol, delivered as a software client VPN Virtual Private Network A private network created within a public or shared network Combined, a SSL VPN is created Provides external users, without device modification, a means to securely access internal enterprise resources over the public Internet
SSL VPN Value Proposition Improve enterprise productivity without higher costs Anywhere, any type access Any Internet connectivity methods wireline and wireless Controlled and uncontrolled, managed and unmanaged access environments Low impact on users and IT organizations No new software to install, configure, and maintain on access devices NAT and firewall traversal issues eliminated Non-disruptive to existing private network, security, and directory infrastructure Flexible Easy to set up and manage users No downtime for user deployment
Why this is Important The measurement of competitive advantage continues to change Increasingly, getting the right information, in the right form, to the right people, at the right time is the means to competitive advantage Culturally and operationally, the enterprise is changing Enterprise network borders are being pushed outward Rise in nomadic workers and teleworkers Growing establishment of dynamic business partnerships
Why this is Important Infrastructure is less of a barrier Internet access is becoming as pervasive and as demanded as oxygen By any measurement (# of connections, bandwidth level, quality, type), broadband connectivity is rapidly growing To succeed in this changing environment, however, the right set of secure networking solutions are required
SSL VPN Device Functionality Central gatekeeper Validates user credentials (authentication) Applies granular access policies (authorization) Single proxy between users and applications Accepts authenticated user s requests and presents them to authorized application and file servers Receives server responses and forwards responses back to users Recoding of applications not required, transformation handled in SSL VPN device for HTTP transmission Single point for encryption/decryption Decrypts incoming user requests and encrypts outgoing app. responses
IPSec VPN vs. SSL VPN
IPSEC VPN Configure VPN VPN software internet Partner Computer: Almost impossible to install - Need to get permission from IT Home Computer: Difficult to install no control of hardware or network IPSEC VPN Web Apps Server Applications Server/Data Exchange Lotus Notes Terminal Services PeopleSoft Networked Machines File Server Partner Executive @ home Sales Person traveling Corporate Notebook: Easy to install but still one more piece of software to manage Corporate Network
SSL VPN internet SSL VPN Applications Server/Data Lotus Notes Terminal Services PeopleSoft No No client client software to to install install --Does Does Web not not Apps modify the the operating Server system. Use Use only only a browser File Server Networked Machines Exchange Benefits: No No support calls calls with with troubled implementations or or client client software to to manage Corporate Network Partner Executive @ home Sales Person traveling
IPSEC VPN Doesn t work with NAT internet NATs NATs in in the the corporate network change IPSec IPSec packets and and break break the the IPSEC IPSEC connection IPSEC VPN X Web Apps Server Applications Server/Data X Lotus Notes Terminal Services PeopleSoft X File Server X Exchange Networked Machines Partner Executive @ home Sales Person traveling This This forces forces admins to to place place critical servers directly onto onto the the internet or or not not allow allow access access Corporate Network
SSL VPN internet igate Applications Server/Data Lotus Notes Terminal Services PeopleSoft NAT NAT doesn t interfere with with SSL...it Web Apps always works Server works File Server Home Home Hotel Hotel Exchange Networked Machines Partner Benefits: --No No support calls calls when when the the connection breaks. --Opportunites are are not not lost lost because of of downtime Executive @ home Sales Person traveling Corporate Network
IPSEC VPN X internet IPSEC VPN Force Force partner to to change their their firewall Web Apps Server Applications Server/Data Lotus Notes Terminal Services PeopleSoft File Server Networked Machines Exchange Corporate Network Partner Executive @ home Sales Person traveling
SSL VPN internet igate Web Web ports ports are are open open on on Firewalls Web Apps Server Applications Server/Data Lotus Notes Terminal Services PeopleSoft File Server Benefits: --Roll Roll out out Access to to any any partner --No No modifications needed for for their their firewall --Quick Quick time time to to deploy Exchange Networked Machines Corporate Network Partner Executive @ home Sales Person traveling
IPSEC VPN Bridging Networks Open Open Access to to Resources internet IPSEC VPN Applications Server/Data Lotus Notes Terminal Services PeopleSoft File Server Web Apps Server Networked Machines Exchange Corporate Network Partner Executive @ home Sales Person traveling
SSL VPN internet igate No No Bridging igate igate terminates sessions between it it and and the the client client side side applications Web Apps Server Applications Server/Data Lotus Notes Terminal Services PeopleSoft File Server Networked Machines Exchange Corporate Network Partner Executive @ home Sales Person traveling
ROI SSL remote access is 45 percent less expensive than IPSec solutions and 72 percent cheaper than dialup. The Yankee Group
ROI Category IPSec VPN SSL VPN Initial Investment Medium Medium Deployment Painful Painless Operating Expense Medium Low Level of Security Medium High Corporate Strategic Low High End User Satisfaction Low High
NetSwift igate SSL VPN The Next Generation of Secure Remote Access
ikey Overview Strong two-factor User Authentication Insert the ikey into a USB port - gain access from anywhere If stolen, security is not compromised because PIN is unknown Key Benefits Can t be duplicated.. Can t be written down Portable - small enough to fit on a key chain Easily revoked..remove user from database Easier to use than passwords
Authentication Options Manage access control by user types application access AND/OR AND/OR Support diverse range of users Tailor level of security to your policies ikey eliminates Password hacking ikey extends security from application to the user Removing the ikey closes the session
VPX - Central Application Access Browser Any protocol can be securely sent via SSL through NetSwift igate Web Application Servers Client Server Applications SSL internet NetSwift igate igate Client Mail Server v Terminal Services/ Citrix
Benefits of VPX Support Single solution for all remote access Secure any application over SSL/port 443 Protect non-web based applications the same way as web based applications All data is continuously authorized and encrypted by igate for transport over SSL Client side applet manages decryption and port and host file mapping changes
Portal and Direct Access Resources Access resources directly or through Portal igate supports both types - simultaneously Portal Page Benefits Ease of Use / Management Users need to only remember one URL One SSL Certificate to buy and manage Host only a single IP address Customized by Company
Portal and Direct Access Resources Portal Page Benefits Security of One external secure access site and one IP address Users can t access sites directly - required to go through portal Encrypts and obscures links in real time Only applications that users have access to are shown on the portal page
Do More With NetSwift igate SSL VPN Central Resource Management Fine Grain Control Clientless Security SSL Encryption NetSwift igate Secure Any Application Portal Management Hardware based SSL Encryption HTTP Compression Role / Group Management Advanced Auditing Integrated Strong Authentication Auto Log-Off
Executive Information Portal Requirements Anywhere Access for Board Members Secure Access Control Ensure passwords aren t shared or written down Comply with Audit compliance standards Easy to use Solution: igate SSL VPN Allows users to use only a browser to access data No integration or complicated VPN set up USB Token with URL preconfigured Meets compliance standards
Healthcare Remote Access Requirements Doctors need to access patient records and images from any location Secure Web based PACS system Comply with privacy legislation (PIPEDA, HIPAA) Easy to deploy and use Central system for web and legacy applications Solution: igate SSL VPN Secure access with just a browser Integrated ikey authentication offers secure access ikeys are easier than complicated passwords Works with leading PACS systems and Billing Systems
Partner Access Requirements Roll out access to partners for CRM system Use same system for employees as well Enable partner access more efficiently Enforce Strict Access Rights Solution: igate SSL VPN Deploys without control of the desktop No training needed Fine Grain Access Control Ensure Actions can be tracked - Audit
Trends / Forward Looking SSL VPNs will dominate remote Access as apps move to the Web Users will increase demands for SSO IT & Security need to deliver Certificate based authentication will increase Token adoption will grow as security & ease of use are balanced Encrypted tunnels will be extended to the desktop SSL VPNs will be tightly integrated with leading Apps
Thank You