Proposal Document TitleDocument Version 1.0 TitleDocument



Similar documents
STRONGER AUTHENTICATION for CA SiteMinder

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Two-Factor Authentication

A Symantec Connect Document. A Total Cost of Ownership Viewpoint

ADDING STRONGER AUTHENTICATION for VPN Access Control

Cisco Mobile Collaboration Management Service

How to reduce the cost and complexity of two factor authentication

RSA SecurID Two-factor Authentication

DIGIPASS as a Service. Google Apps Integration

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION

How To Make A Multi-Tenant Platform Secure And Secure

Azeus Convene Paperless Board and EXECUTIVE Meetings

White Paper. The risks of authenticating with digital certificates exposed

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Adding Stronger Authentication to your Portal and Cloud Apps

Guide to Evaluating Multi-Factor Authentication Solutions

RSA SecurID Software Token 1.0 for Android Administrator s Guide

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Research Information Security Guideline

SAP Single Sign-On 2.0 Overview Presentation

Copyright 2013, 3CX Ltd.

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

UDiMan. Introduction. Benefits: Name: UDiMan Identity Management service. Service Type: Software as a Service (SaaS Lot 3)

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

SafeWord 2008 Customer Release Notes

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

RSA SecurID Software Token Security Best Practices Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Protect Everything: Networks, Applications and Cloud Services

Mobile Device Management Version 8. Last updated:

Quick Start Guide. for Installing vnios Software on. VMware Platforms

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

PortWise Access Management Suite

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

This release bulletin relates to Version build 2701 of the Swivel Authentication Platform and other new capabilities.

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Why SMS for 2FA? MessageMedia Industry Intelligence

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Aurora Hosted Services Hosted AD, Identity Management & ADFS

RSA Authentication Manager 7.1 Administrator s Guide

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

Strong Authentication for Juniper Networks

How To Secure An Rsa Authentication Agent

Two-Factor Authentication

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

The increasing popularity of mobile devices is rapidly changing how and where we

White Paper. The Principles of Tokenless Two-Factor Authentication

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

FileCloud Security FAQ

Advanced Configuration Steps

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

ForeScout MDM Enterprise

BlackShield ID Agent for Remote Web Workplace

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

The ForeScout Difference

Symantec Mobile Management Suite

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Installation Guide Version 3.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

SLA, Terms & Conditions Website

Service Schedule for Business Lite powered by Microsoft Office 365

Swivel Secure and the Cloud

Welcome Guide for MP-1 Token for Microsoft Windows

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

A brief on Two-Factor Authentication

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

SAML Authentication Quick Start Guide

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

Proposed Service. Name of Proposed Service: Technical description of Proposed Service: Registry-Registrar Two-Factor Authentication Service

An Overview of Samsung KNOX Active Directory and Group Policy Features

Agilisys G-Cloud Service V

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

Ensuring the security of your mobile business intelligence

Security Provider Integration RADIUS Server

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Authentication Node Configuration. WatchGuard XTM

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

MANAGED FIREWALL SERVICE. Service definition

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

HOTPin Integration Guide: DirectAccess

Transcription:

G-Cloud - Strong Authentication Service - Service Definition Proposal Document Author TitleDocument Version 1.0 TitleDocument Document publication date - 02/12/2014 Title Document Classification - Public 2014 1 2013 1

Copyright & Confidentiality Statements This document is Copyright Ltd All rights reserved. The contents of this document may not be copied or duplicated in any form, in whole or in part, without the prior written permission of Ltd. The information in this document is subject to change without notice. Ltd shall not be liable for any damages resulting from technical errors or omissions which may be present in this document, or from use of this document. This document is an unpublished work protected by the United Kingdom copyright laws and is proprietary to Ltd. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of this document by anyone other than authorised employees, authorised users, or licensees of Accumuli Security Ltd without the prior written consent of Ltd is prohibited. Document Information Client Name: Document Title: G-Cloud - Strong Authentication Service -Service Definition Version: Document Version 1.0 Publication Date: 02 December 2014 Classification: Document Classification - Public Prepared by: Document Control Version Date Author Change Summary 1.0 02/12/2014 Public release 2014 2013 2 2

Contents 1 Introduction... 4 1.1 Purpose... 4 1.2 Subcontractor Statement... 4 1.3 About Signify... 4 1.4 Service Overview... 4 2 Service Features... 5 2.1 Flexible Token Options... 5 2.2 Complete Token Lifecycle Management... 5 2.3 Simple Integration... 6 2.4 Comprehensive End User Web Helpdesk... 6 2.5 Reliable Service... 6 2.6 Expert Customer Support... 6 2.7 Advance Identity Management Centre... 7 2.8 Cloud Single Sign On (SSO)... 7 3 Service Detail... 7 3.1 Ordering, Invoicing and Termination... 7 3.2 Service On-boarding... 7 3.3 Service Management... 8 3.4 Service Levels... 8 3.4.1 Availability... 8 3.4.2 Performance Levels... 8 3.4.3 Financial Recompense... 8 3.5 Technical Requirements... 8 3.6 Customer Responsibilities... 9 3.7 Training... 9 2014 2013 3 3

1 Introduction 1.1 Purpose The purpose of this document is to set out a clear description of the Accumuli strong authentication service. 1.2 Subcontractor Statement This service is delivered by Accumuli s wholly owned subsidiary, Signify Solutions Ltd. 1.3 About Signify Since 2000, Signify has built an outstanding reputation for delivering secure, reliable and flexible two-factor authentication which is quick and easy to deploy. We have an extensive client base across many sectors including major multi-national corporations, small and medium sized businesses, professional services, central government and local authorities. Signify's fully hosted authentication service delivers a choice of token and tokenless authentication to make it easy for our customers to provide the appropriate form of authentication to suit each group of their users. The successful deployment of two-factor authentication takes more than just technology; you also need to implement a framework of policies, procedures, logistics and user support. Through our focus on running hosted authentication services, we have learned, defined and automated many best-practice policies and processes into our service. Our service allows organisations of any size from any sector to deploy enterprise quality two-factor authentication (2FA). Signify has over 300 customers worldwide and nearly 100,000 users currently active on our service. Signify builds long term relationships with our customers; our stability and longevity allows us to do this, while we also have the resources to expand and meet any new requirements our customers may have. 1.4 Service Overview Signify is a cloud based strong two-factor authentication service. We deliver strong authentication and Single Sign On (SSO) services to a wide range of customers, from 2 man start-ups to 20,000+ user corporate customers. Signify provide and manage the authentication infrastructure, and deliver our unique cloud based Identity Management Centre (IMC) which provides a single administrative and web helpdesk interface for administrators and end users. By delivering a cloud based solution, customers benefit from significant Total Cost of Ownership (TCO) savings, as Signify offer a highly resilient and reliable service with an intuitive workflow driven administrative interface. Figure 1 - Signify Overview 2014 2013 4 4

2 Service Features Our service provides a number of unique features, including: 2.1 Flexible Token Options As a flexible service, additional users can be added at any time and will be co-terminated within the main service agreement. Users can be moved between credential types during the course of the service agreement, and indeed have more than one credential if required. Token and tokenless options are made up of the following credential types. RSA SecurID hardware tokens Signify offer both three and five year RSA hardware tokens, which benefit from the following features: Waterproof and highly robust Warrantied for the life of the token Highly secure and tamper proof can provide global logistic support as part of the service if specified RSA SecurID software tokens Signify offer RSA software tokens, which are supported on a wide range of mobile devices. Allow a user s smartphone such as Apple iphone, Blackberry, Android, or Windows Mobile device to become the authenticator Once provisioned the software token doesn t require a network signal or connectivity to operate Can t be lost if the device is lost or broken the software token can be securely re-assigned Transferable As user s upgrade their devices, or leave your organisation the software tokens can be securely re-assigned Passcode on Demand For customers who do not want to use hardware or software tokens, Signify deliver one time passcodes which can be delivered by SMS or email. Uses the mobile device already assigned to a user, without the need to install anything The option to send either SMS One Time Passcodes (OTP), or Email OTP to the registered user Perfect for user s with ad-hoc or temporary access requirements Email OTP is ideal when used in conjunction with secure email, and removes the need for SMS Pre-send mode for SMS delivery (have an OTP ready to go) increases the reliability for users who may have intermittent network coverage Up to 4 OTP can be delivered in any single SMS or Email 2.2 Complete Token Lifecycle Management When a user is added to the Signify Identity Management Centre (IMC) by a customer s administrator, we will provision the token and ship it directly to the end user (depending on the security policy, token type and service options taken by the customer). The user is also sent a welcome email, and asked to log in to the IMC to set up security questions and contact details. We will also organise replacements when tokens are lost, stolen, broken or expired. This is a key differentiator for our service, and prevents the customer s IT department from having to be involved in the time consuming process of provisioning tokens and issuing them to employees. 2014 2013 5 5

2.3 Simple Integration New customers can implement our service very quickly, in the case of most customers that could be on the same day the service is created. In larger enterprise rollouts Signify will ensure you have the right mixture of technical and project management resources to ensure a smooth delivery. Compatible with all leading VPN s, Firewalls and Web Servers No on premise hardware or software required In most cases no training is required Easy to understand Admin Web Portal 2.4 Comprehensive End User Web Helpdesk The web helpdesk allows users to manage their own tokens, without the need for support from your internal IT department, which provides a significant time and cost saving. We provide an intuitive web helpdesk interface, which end users can use to: Reset their pin Report lost or stolen token Request emergency access, when they have forgotten their token (and security policy allows it) Update their contact details 2.5 Reliable Service Figure 2 - Web end user helpdesk The Signify cloud based service provides a reliable and resilient two factor authentication solution, which we scale as customer demand grows. Our service is backed up by a 99.95% availability SLA, so you can depend on our platform to be available when you need it and we have been successfully operating the service for more than 14 years. Our customers do not have to absorb the expense of specifying a highly available on premise solution, or run with the risk of operating from a standalone platform. 2.6 Expert Customer Support Our support team consistently receive great feedback from our customers, and are able to provide administrators (not end users) with advice and support on troubleshooting integration of authentication nodes. Our support team can also provide administrator training for advanced features of the IMC, if required. 2014 2013 6 6

2.7 Advance Identity Management Centre The Signify IMC is a workflow based administration portal that allows your administrators to set up a security policy, add two factor authentication users and configure authentication nodes. It provides a simple and intuitive interface, preventing your administrators from having to learn a complex vendor tool. The IMC has a number of powerful features including: Two-factor user administration, including adding and revoking tokens Granular security policy configuration Active Directory synchronisation Authentication logging and reporting 2.8 Cloud Single Sign On (SSO) Figure 3 - Signify Identity Management Centre Signify support Signify Single Sign On to cloud applications, including SalesForce and Google Apps for Business using their Signify two factor authentication token. The system is integrated with cloud based resources using SAML, and can extended by the Signify development team to support Customer s cloud based applications as an optional chargeable project. 3 Service Detail 3.1 Ordering, Invoicing and Termination Signify strong authentication services can be ordered by contacting our sales team on 01223 472572 or sales@signify.net. Service terms are agreed at time of contract let, but are usually annually in advance, with termination notification 90 days prior to the annual renewal. Payment terms are typically 30 days from invoice. 3.2 Service On-boarding Having procured the service, our customers use the cloud based Identity Management Centre (IMC) to set up their security policy, integrate their authentication nodes and set up users. Comprehensive on-line help is provided to guide Customers through the process of setting up the service, and your administrators also have access to our UK based support experts, who can help you resolve any issues. 2014 2013 7 7

Signify also provide integration guides for common authentication nodes, including VPNs and web servers. These documents provide instruction on how your infrastructure should be integrated with the Signify service, to enable strong authentication. 3.3 Service Management Signify Customers can complete all service management tasks from the IMC portal, including: Revoking tokens Setting up new users Assigning tokens Administering the security policy Setting up new authentication nodes Download reports 3.4 Service Levels A detailed service level agreement will be provided to the customer at the time of contract let, which shall act as the contractual service level agreement. The following information provides an overview of the service level provisions for the Signify Service: 3.4.1 Availability Signify will use its reasonable efforts to ensure that in each calendar month: End User authentication is in Normal Operational State for not less than 98% of the time; End User authentication operates in Failover State for no more than 2% of the time; End User authentication is in Unavailable State for no more than 0.05% of the time; 3.4.2 Performance Levels Signify will use its reasonable efforts to ensure that in each calendar month, while in the Normal Operation State, the authentication response time is: less than 2 seconds for 95% of all test authentications; and less than 6 seconds for 99.99% of all test authentications; And while in the Failover State, the authentication response time is: less than 6 seconds for 95% of all test authentications; and less than 30 seconds for 99.99% of all test authentications; 3.4.3 Financial Recompense If one or more of the availability or performance levels detailed above is breached in any given month, then the Customer may claim a credit allowance of the equivalent of one month s Service for each of the Customer s end users and authentication nodes which are affected by the breaches and actually experience a degraded service. 3.5 Technical Requirements The Signify service is compatible with all leading VPN s, Firewalls and Web Servers, and supports RADIUS and the RSA SecurID protocol. RSA agents are supported on all major Windows and Linux operating 2014 2013 8 8

systems as well as IIS and Apache web servers. The mobile application is supported on the most popular mobile platforms, tablets and PCs including Windows Phone, Blackberry, iphone and Android operating systems. Our Web Single Sign On (Web SSO) platform can be integrated with cloud resources by our development team using the Security Assertion Mark-up Language (SAML) specification. 3.6 Customer Responsibilities The customer is responsible for setting up and administering the strong authentication service, using the cloud based IMC portal. UK based telephone support is available to IMC administrators, and end users have access to our unique web helpdesk which allows end users to manage their own strong authentication tokens, PINs and personal details. 3.7 Training Signify offer optional chargeable on-site training for the IMC portal, to enable strong authentication service administrators to set up complex security policies, and enable the advanced features of the service. However, training is not always required as the IMC is an intuitive interface and provides comprehensive online help documentation. 2014 2013 9 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information