Ensuring the Security of Your Company s Data & Identities. a best practices guide



Similar documents
Deploying RSA ClearTrust with the FirePass controller

Centrify Cloud Connector Deployment Guide

Flexible Identity Federation

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Six Best Practices for Cloud-Based IAM

FileCloud Security FAQ

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

PCI Requirements Coverage Summary Table

Security Overview Enterprise-Class Secure Mobile File Sharing

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

managing SSO with shared credentials

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Data Protection: From PKI to Virtualization & Cloud

API-Security Gateway Dirk Krafzig

NCSU SSO. Case Study

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

The Top 5 Federated Single Sign-On Scenarios

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Creating a Strong Security Infrastructure for Exposing JBoss Services

Dell World Software User Forum 2013

The Essential Security Checklist. for Enterprise Endpoint Backup

PCI Requirements Coverage Summary Table

2013 AWS Worldwide Public Sector Summit Washington, D.C.

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Vendor Questionnaire

Enterprise Architecture Review Checklist

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Security Best Practices for Microsoft Azure Applications

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Security Practices, Architecture and Technologies

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

How to Implement Enterprise SAML SSO

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

PortWise Access Management Suite

Tableau Online Security in the Cloud

Google Identity Services for work

Vidder PrecisionAccess

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Gabriel Magariño. Software Engineer. Overview Revisited

How To Manage A Plethora Of Identities In A Cloud System (Saas)

74% 96 Action Items. Compliance

Securing Virtualization with Check Point and Consolidation with Virtualized Security

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Connectivity to Polycom RealPresence Platform Source Data

TRUSTED IDENTITIES, MANAGED ACCESS Implementing an Identity and Access Management Strategy for the Mobile Enterprise. Introduction.

Introduction to Cyber Security / Information Security

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

BMC s Security Strategy for ITSM in the SaaS Environment

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Media Shuttle s Defense-in- Depth Security Strategy

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Protect Everything: Networks, Applications and Cloud Services

Mobile Device Strategy

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Managed Security Services for Data

Achieving PCI-Compliance through Cyberoam

2014 IBM Corporation

Entrust IdentityGuard Comprehensive

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

GoodData Corporation Security White Paper

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

SaaS Security for the Confirmit CustomerSat Software

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Sharepoint server SSO

nexus Hybrid Access Gateway

Speeding Office 365 Implementation Using Identity-as-a-Service

Security Information & Policies

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

This research note is restricted to the personal use of

Implementing Cisco IOS Network Security v2.0 (IINS)

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Grid and Multi-Grid Management

Interwise Connect. Working with Reverse Proxy Version 7.x

CloudPassage Halo Technical Overview

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Troux Hosting Options

Securing the Service Desk in the Cloud

MaaS360 Mobile Enterprise Gateway

Securing the Cloud through Comprehensive Identity Management Solution

Secure remote access to your applications and data. Secure Application Access

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Avoid the Hidden Costs of AD FS with Okta

Introduction to the Mobile Access Gateway

Transcription:

a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified

Safe and Secure Identity Management Best Practices The transition to Cloud means that companies often become reliant on security procedures implemented by each 3rd party SaaS provider they employ to keep their corporate data safe. This means that your security and user access could be placed in the hands of multiple cloud vendors, each having varying levels of strength and quality controls. This patchwork of cloud applications can leave your organization open to threats and vulnerabilities. Fortunately, Symplified offers an alternative to this lack of direct control. Symplified offers a complete solution, unifying federated single sign-on, access management, audit reporting, and user provisioning across on-premises, cloud, and mobile applications. No matter who the user is or the device they use to access applications, Symplified delivers the same seamless access experience. Organizations gain a single, secure portal to all of their existing cloud and web applications and services while utilizing their existing identity infrastructure for authentication. Safe, Secure and Flexible Architecture Symplified was architected from the ground up to be flexible, safe, and most importantly secure. A safe communications channel between your users, your identity hub or gateway, and their cloud applications is provided by Symplified via secure communication protocols, cryptography, authentication, and other techniques to ensure your data and access are protected. Symplified routinely scans for possible threats or other issues and promptly notifies its customers whenever preventative action needs to be taken. Physical security is also paramount and Symplified protects its data centers with the latest in physical access technology. FLEXIBLE DEPLOYMENT Symplified s central identity gateway, the Identity Router (IDR), can be delivered using either an on-premises managed virtual appliance or as a hosted cloud service utilizing the Amazon EC2 platform. Both IDR deployment methods afford your business a secure SSO identity gateway. The on-premises option allows your business to maintain the IDR behind your firewall within your existing data center. Choosing the hosted option means that your IDR will be managed by Symplified in the cloud. Both options, however, provide identical security features. User access events, for example, are logged and available for audits, forensics and other compliance requirements. This extensible and flexible architecture is continuously monitored by Symplified s Information Security Team. In order to publish new application connectors and policy rules to the IDR, Symplified maintains a separate yet equally secure Management Console. These two discrete components ensure that there is no one single point of failure that would prevent your users from accessing the resources that they need. The Identity Router (IDR) is the runtime component, a virtual appliance that can be deployed on-premises, at a Service Provider, or on Amazon EC2. The IDR provides co-located policy enforcement and a central decision point that enforces authentication and authorization for all users. The IDR also serves as an audit collection point for all user actions. This is a single-tenant component and is completely controlled by you, our customer. There is no chance for comingling of customer information, and is the most secure architecture for your SSO solution. 2» Ensuring the Security of Your Company s Data and Identities» www.symplified.com» @Symplified

The Symplified Management Console is a multi-tenant SaaS administration application that provides userfriendly policy configuration to manage all runtime components on the IDR. The Symplified Management Console also acts as a location for continuous monitoring and maintenance for your single-tenant SSO environment. system concept admin user symplified management console <<policy administration point>> >> hosted application >> multi-tenant >> configuration management >> status monitoring employees partners customers subscribers identity router (idr) <<policy enforcement + decision point>> >> runtime component >> single-tenant >> identity provider >> runtime integration CONTINUOUS MONITORING Your business depends on an identity management system that is secure and reliable. This requires consistent internal testing to insure the highest levels of protection. Symplified s Operations Team conducts regular network scans of all its systems, monitoring any vulnerabilities and necessary security patches. We also conduct 3rd-Party Security Assessments on a routine basis to ensure independent reviews of our internal network processes and practices. A summary report of these independent findings is always available to our customers by request. Symplified plans to be fully SSAE16/SOCII compliant in early 2013. Note that this audit has already been completed for our data center, where the Symplified Management Console is hosted. The additional 3rd-party assessments completed and available for review include: Application vulnerability threat assessments Network vulnerability threat assessments Select penetration testing and code review Security control framework review and testing Symplified continues to use the following methodologies and standards as best practices in the course of our solution development process: Employment of the Agile Development Methodology Process and Controls are audited against NIST 800 Standards and SOC II auditing DoD Technical Implementation Guide (STIG) hardening guideline 3» Ensuring the Security of Your Company s Data and Identities» www.symplified.com» @Symplified

During a release publication event, the code repository is digitally signed and the resulting signature is checked on the IDR to ensure code changes are not tampered with in-flight from the originating source. Symplified monitors all IDRs 24/7 no matter where they are deployed for a particular customer. The IDR is also maintained and updated during scheduled maintenance windows, all standard service components of our Identity as a Service (IDaaS) offering. SECURE COMMUNICATIONS Symplified is further protected across every step of the communications process between the Management Console, the IDR and the end users application access. Below you will find a high-level overview of each area of communication and how security is handled in each scenario. TYPE OF COMMUNICATION Symplified Management Console à Identity Router (IDR) IDR à SaaS Application IDR à Local Applications End User à IDR IDR à Simplelink SimpleLink à Userstore Administrator à Symplified Management Console TYPE OF SECURITY APPLIED SSL VPN tunnel, outbound UDP port (1194). Normally over SSL but the SaaS application determines the connection type supported. Normally over SSL. Network controls can be used to ensure application only accepts connections from the IDR to prevent side-door access. Information sent from the user s browser to the IDR is sent over HTTPS. The SSO session cookie contains a cryptographically random string, which contains the session ID. If the session cookie is tampered with the session is invalidated and the user must re-authenticate. SimpleLink is used to access user stores internal to a customer s network only when the IDR is deployed in the cloud. The connection is a SSL VPN tunnel that is initiated as the client to Studio as the server. The type of connection from SimpleLink to the user store is dependent on the security implemented by the user store. If the user store supports LDAPS then SimpleLink will use LDAPS. Access to the Symplified Management Console is protected by user name and password. Optionally, two-factor authentication can be enabled to access the Management Console. This connection is always over HTTPS port 443. 4» Ensuring the Security of Your Company s Data and Identities» www.symplified.com» @Symplified

Conclusion Symplified securely unifies federated single sign-on, access management, audit reporting, and user provisioning across any access device be it laptop, tablet or a smartphone. Symplified can be delivered as either an on-premises managed virtual appliance or via a fully-hosted solution available on the massively scalable Amazon Web Services platform. Symplified has been recognized by the Wall Street Journal, CRN, Network World, the RSA conference, and others for its Identity and Access Management innovations. Symplified s Management Team is composed of individuals that have deep roots in the seucrity and access management space. By way of example, Darren Platt (CTO) co-authored the SAML standard that has become one of the most popular federated identity protocols for application communication. THE SYMPLIFIED ADVANTAGE Symplified enables IT organizations to simplify user access to applications, regain visibility and control over usage and meet security and compliance requirements. Symplified provides single-sign-on, identity and access management, directory integration, centralized provisioning, strong authentication, mobile device support and flexible deployment options. Symplified is headquartered in Boulder, Colorado. Visit us at www.symplified.com. 5» Ensuring the Security of Your Company s Data and Identities» www.symplified.com» @Symplified

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information