Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution .

Cognizance Identity and Access Management

Identity Management ● Authentication ● Authorization ● Administration

The next generation security solution

www.cognizancesecurity.com

2003 RSA Security Conference

2

Agenda

Identity Management Objectives Cognizance Solution Demo Features Benefits

3

Identity Management Objectives

The problem:Multiple accounts per employee

Growing number of applications and platforms

Access from employees, business partners, customers & suppliers

Open enterprise cannot rely on the disappearing physical perimeter for security

Email

Network

SAP

Citrix

VPN

Web

More …

Finance

MarketingSales

ServiceB2B

Partners

Customers

Employees

60% of fraud is internal

Increase in portals failure

Control over email groups

Failing policies & procedures

4

Identity Management Objectives

The problem:Multiple accounts per employee

Growing number of applications and platforms

Access from employees, business partners, customers & suppliersOpen enterprise cannot rely on the disappearing physical perimeter for security

Increase access flexibility and security without budget increase

5

Cognizance Solution

The solution:Consolidated security framework: users, policy & applicationsConsistent user identity combines multiple user accountsStrong authentication and role based access control

The right information

To the right people

Any application

Any time

Anywhere

Role/Resource

Sales

Logistics

Guest

HR

Logon X X X

Print X X X

DB Access

X

CRM X

Web X X

Intranet App

X X X

Payroll X

Education

X X

This is a RoleThis is a Role

6

Cognizance Solution

The solution:Consolidated security framework: users, policy & applications

Consistent user identity combines multiple user accountsStrong authentication and role based access control

Delegated administration and user self-service

Centralized

Delegated

Self Management

User Self-Registration

7

Cognizance Solution

The solution:Consolidated security framework: users, policy & applicationsConsistent user identity combines multiple user accountsStrong authentication and role based access control

Delegated administration and user self-service

Built-in identity applications and services

Network logon

VPN and Remote Access

Single Sign-On

PKI support

Web Access

8

User Identity•User Profile•Network accounts•Application list•Encryption keys•Shared tokens•Certificates•Virtual Tokens•Multiple Roles•SSO XML scripts•Application data

Cognizance Identity & Access Management

•Password•Certificates•Smart cards•Biometrics•USB Tokens•Virtual tokens Other/Custom

•Authentication method•Time•Date range•Group/unit membership•IP Address range•Ports and protocols•Business rule based•Custom

•User administration•Profile maintenance •User registration•Group operations•Credential store •Multi directory support

Applications & Services

LogonMS & Novell

LogonMS & Novell

Web AccessWeb Access

Self Service Self Service

Single Sign-OnSingle Sign-On

VPNRemote Access

VPNRemote Access

CitrixMetaframe

CitrixMetaframe

PKI ClientPKI Client

AuthenticationAuthentication

AuthorizationAuthorization

IdentityManagement

IdentityManagement

9

The Market

Analyst firm IDC expects this market to grow from $2.6 billion in 2002 to nearly $6 billion by 2006

Based on a Gartner survey of 30 senior security executives in large companies, many organizations already have internal secure identity management initiatives underway:

• 80% of Financial Services• 70% of Retail• 70% of High Tech

10

What the analysts are saying…

“The typical enterprise must manage increasingly virtual relationships with employees, contractors, customers, partners, suppliers, and a variety of other network constituents. The old way of thinking about corporate boundaries and network security—the firewall as an impenetrable perimeter—no longer apply.

Suddenly, the ability to manage identity has a direct impact on your company’s brand and its ability to adapt to new business models. Do it well and your company can make money in new ways. Do it poorly and your company will be damaged severely.”

Jamie LewisCEO and Research ChairBurton Group

11

Cognizance Administration Center

Cognizance Administration CenterManages users, user profiles, policies and applications from a single administration toolManages all aspects of user identities across multiple directoriesProvides a consistent view of the enterprise security modelSupports delegated administrationWeb enabledIncludes a complete smart card management systemAllows centralized SSO application registration

12

Cognizance Administration Center

13

Cognizance Multifactor Authentication

Provides the following authentication methods out-of-the-box:PasswordSingle-use passwordSmart card and USB tokenVirtual token (encrypted containers with the user identity)Digital certificatesBiometrics

Supports any arbitrary combination of the above authentication methods

Allows the use of multiple alternative authentication methods per user

Supports interface for plug-in authentication methods

14

Cognizance Role-Based Authorization

Dynamic and static policy elements Authentication method, time, date, IP address and protocolsAutomatic policy generation based on business rulesUser sets allow combining users from different groups and directories

Role Based Authorization and Access Control (RBAC)

Maps complex policies and business rules to multiple rolesSimplifies policy managementReduces the number of policy relationshipsSimplifies application managementProvide both application role and role application views of the enterprise access control

15

Cognizance Role-Based Authorization

Role of a Sales PersonADS biometric LogonSSO biometric accessCRM biometric accessWeb – anonymousEmail – ADS authenticationCitrix published applications – biometric accessVPN access `- password

Role of a Sales PersonADS biometric LogonSSO biometric accessCRM biometric accessWeb – anonymousEmail – ADS authenticationCitrix published applications – biometric accessVPN access `- password

Role of a Finance PersonADS biometric LogonSSO biometric accessCRM biometric accessWeb – anonymousEmail – ADS authenticationHR – biometric with revalidationSAP – biometric authentication

Role of a Finance PersonADS biometric LogonSSO biometric accessCRM biometric accessWeb – anonymousEmail – ADS authenticationHR – biometric with revalidationSAP – biometric authentication

Application Roles AccessActive Directory Sales, Financing AllowSingle Password (Win32, Web) Sales, Financing AllowCRM Sales, Financing AllowWeb access Everyone AllowEmail Sales ADS, Financing ADS AllowCitrix published applications Sales AllowVPN access Sales AllowSAP Financing AllowAll Services & Applications Everyone Deny

Authentication User Set Schedule Location RoleBiometric Sales Worktime only Internal network SalesBiometric Finanicing Worktime only Internal network FinancingADS Auth Sales Worktime only Internal network Sales ADSADS Auth Finanicing Worktime only Internal network Financing ADSAny method All Users Anytime Anywhere Auth Users

16

Cognizance Built-In Applications

Logon for Microsoft Windows, NDS and CitrixVPN and Remote Access client for CheckPoint and MicrosoftEnterprise Single Sign-On (SSO)

MS Windows, Web- or host-based applicationsCentralized, administrator-initiated and user-based SSO modelBuilt-in XML scripts for popular applicationsPowerful language for new applications registration

PKI client with support for CAPI and PKCS#11Supports smart cards and virtual tokensCertificate issuanceAutomatic delivery of the certificates

Self-service administration toolMaintains user profilesManage SSO applicationsRegister credentials

New user sign upAllows policy driven new user self-registration

17

Cognizance User Self-Services

Single user self-service tool allows:Centrally controlled profile maintenance by the userRegister new SSO applications Enroll/change user credentialsRegister new network/VPN accountsIssue and install new certificatesStore/load identity to smartcard, USB or virtual token

Launch PanelInstant access to all authorized applications

New user sign upPolicy driven registration sequenceIncludes profile creation and credentialenrollment

18

Benefit Analysis

Productivity increase – AdministratorSingle administration tool increase administrator efficiencyRole-based access control simplifies policy and application managementAutomatic policy generation reduces administrator workload Unified user identity model reduces number of duplicate accountsSingle deployment installs multiple integrated applications, including network logon, SSO, VPN, user self-service and PKI clientEasy and flexible smart card/virtual token deploymentSimplified PKI deployment and use via user self-servicesUser self-service tool reduces administrative workloadBuilt-in enterprise SSO eliminates multiple password requirementsUse of smart cards or biometrics can reduce need for passwords

19

Benefit Analysis –– Continued

Productivity increase – UserSingle easy to learn self-service user interfaceLaunch panel provides immediate access to authorized applicationsUser can add new SSO applications, eliminating need for passwordsBiometrics or smart card can reduce needs for passwordsAutomated sign up: fast productivity for new employeesDisconnected user identity with virtual tokensEasy PKI deployment

20

Benefit Analysis –– Continued

Security benefitsCentralization of the information securityConsistent security policy throughout the enterpriseFlexible security targets specific danger areas, such as external access or after hours, without complicating regular user accessStrong multifactor user authenticationEasy deployment of smart card/virtual token combination

21

Benefit Analysis –– Continued

Architecture benefitsFramework approach: expandable architecture via Cognizance SDK

Add custom data sources, authentication methods, policies, and applications

High performance authorization architecture does not require fast connection between Cognizance server and authorized applications

Special case: user identity on a smart card does not require connection to Cognizance server

Large enterprise scalability with a standard load balancer and multiple installations of Cognizance serverCan be used as part of managed services to provide security services to multiple enterprises

Cognizance Identity and Access Management

Identity Management ● Authentication ● Authorization ● Administration

The next generation security solution

www.cognizancesecurity.com

2003 RSA Security Conference