Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Verizon IAM Services Presentation to CTST 2009 May 5, 2009
21
Embed
Verizon IAM Services - sourcemediaconferences.com€¦ · 2.8 Million FiOS Internet Customers. Confidential and proprietary material for authorized Verizon personnel only. ... •
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Verizon IAM Services
Presentation to CTST 2009
May 5, 2009
2Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Agenda• Overall Verizon Customer Base • Overview of Current IAM Offerings• Vision for Identity Management Services• Strategy• Roadmap• Smart Card Initiatives
3Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Verizon Customers
• Wireless Business
86.6 Million Customers overall. 84.1 Million Retail (most of any US wireless company)
• Wireline Business
2.8 Million FiOS Internet Customers
4Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Verizon Identity Solutions-What We Do
We provide organizations with the tools to provision, manage and enableidentity credentials, and to create a comprehensive and efficient approach to managing identities and access to resources across the extended enterprise.
5Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
How We Do ItIdentity Management Offerings
• IdM Professional Services – Strategy: Assessments, Business Case, Strategic Planning, Security Policies– Technology Planning: Gap Analyses, Identity Roadmap, Operational Procedures– Solution Deployment: Controls, Standards and Implementation
• Security Resale Services – Offers products for a variety of IAM technologies – Third Party Identity Software and Appliances– On premise deployments customer or remote managed
6Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
•• CorporateIDCorporateID and Government IDGovernment ID: set of managed issuance and post-issuance services supporting multiple types of credentials, including certificates, OTP, tokens and smartcards
•• Device IDDevice ID: managed service allowing bulk delivery of certificates to authenticate devices such as mobile phones, set-top boxes, game consoles, …
•• SSL OnDemand:SSL OnDemand: managed service allowing organizations to issue SSL and EV SSL certificates governed under the Cybertrust CPS
Current IdM Managed Service OfferingsCore Capabilities In PKI and OTP
7Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Vision for IdM• IdM will be increasingly outsourced due to variety of factors
– Maturation of technologies• Many IdM applications being architected for hosting/multi-tenancy
– Limited budget, skills, and other resources in-house to bring on new technologies– Cost and complexity managed better by experts with competencies and scale, e.g.
• LAN management• Exchange Hosting• Saleforce.com• Managed Credentials
– Belgian Citizen ID– U.S. Shared services provider– Commercial PKI and OTP ”product” customers migrating to hosting
• Identity will reside outside applications moving to Service-Oriented- Architecture– User and security policy data provided to applications as needed– Increased Federation of Identities– Provisioning, Access Management, Authorization can be modules
8Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Vision >>> Strategy For Vision >>> Strategy For IdMIdMManaged ServiceManaged Servicess TTo Enable Trusted Business Processeso Enable Trusted Business Processes
Enable Seamless Trusted Business Processes Across the Extended EEnable Seamless Trusted Business Processes Across the Extended Enterprisenterprise
MultipleUser & Role
Types
Multiple Device Types
Multiple Applications, Platforms & Networks
9Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
IAM Roadmap Multi-Phased Portfolio Expansion
Authentication (P1)
Secure Transactions (P2)
Identity Enablement (P3)
Identity as a Service (P4)
• Encryption Management Platform• Secure email and document services • Reduce paper-based transactions guard against data leakage
2009 and Beyond
User Administration & Identity Auditing • Identity Lifecycle Management• efficiently add/remove users across applications
for greater productivity, increased compliance
Val
ue
Add
Identity Enablement of Services & Mainstream Applications
• Hosted Identity Services• Menu of Identity management functions• Plugable use of Identities by applications
Expanded CorporateID Services (Authentication)• Extended form factors (VzW phones, Cards) for SecurID , Digital Certificates• Quickly & cost effectively provide credentials for secure logon and access
10Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Phase 1: Extend CorporateID Core Capabilities
Enable Wider Deployment and Combine Verizon Services
• Standardized and Enhanced Managed Authentication Services– Ability to address smaller user bases and offer global availability – Extending form factors (OTP on VzT phones, Card Systems) will be addressed – Launch bundled and integrated offers which leverage existing user
authentication methods (PKI, OTP) tied to both remote and local access
11Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Managed OTP -SecurID
Existing OfferingsExisting OfferingsManaged SecurIDManaged SecurID• Premise based remote
management of primary and replica servers
• End user help desk support• Bulk registration• US availability
Hosted SecurID Hosted SecurID • Custom offering available for
large deployments• Globally available• Help desk to help desk support• Full hosting and management of
– Burst capacity- business continuity• BREW Handset capabilities• Shared platform option (as available).• End-user token distribution
12Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Smart Card InitiativesManaged Service Offering
13Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
First Responder Needs and Challenges
Goal: An interoperable credential and validation system that can issue LOCAL credentials AND validate Federal, FEMA, DoD, National Guard credentials
• Challenges:– To facilitate emergency management with IT systems– To facilitate multi-agency and multi-jurisdictional coordination,
between local governments, special districts, and state and federal agencies during emergency operations in compliance with the National Incident Management System (NIMS)
– To support requirements imposed by FEMA and mutual aid
14Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Objectives• Secure and reliable forms of identification
– Issued based on sound criteria for verifying an individual employee's identity
– Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
– Can be rapidly authenticated electronically– Issued only by providers whose reliability has been established
by an official accreditation process• Convergence of multiple uses
– First Responders– Logical Access– Physical Access
• One Card = One Identity – Based on a security framework that promotes interoperability
and privacy• Standard
– Cards issued and compliant with widely accepted standard practices, processes, and products
15Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
FIPS-201Interoperable Standards
• National Institute of Standards and Technology (NIST) released FIPS-201 Standard
– Outlines required implementation standards for interoperable andconverged credentials
– Identity proofing, registration and issuance requirements– General technical specifications
• Dozens of HSPD-12 related NIST Special Publications with detailedspecifications
• NIST Testing Lab– Performs testing on all components and certifies technology for use
• FIPS-201 has become the new de-facto national and international standard
– ANSI Workgroups and International Smart Card community adopting standards
– Use by both Public and Private Sector Organizations • Current adoption in the commercial and international markets validates
the standard– E.g. Global 100 technology, financial services, UK Police
16Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Impact of FIPS-201• Mandates stronger security standards and procedures
• Provides consistency for issuing identity credentials to employees and contractors
• Addresses inter-agency interoperability
• Enables access to both physical facilities and logical resources with a single credential
• Allows Cross Jurisdiction recognition of the Identity/Individualas a result of common policy for issuance, validation, and even the physical appearance and size of the credential itself
17Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Credentialing Process
Step 2: Identity Proofing
Step 5: Credential Activation
Step 4: Credential PrintingX509
Certificates
First Responders, Employees and Vendors
Step 1:Registration
and Sponsorship
Step 6: First Responder Privileges
Step 3: Background Investigations
First Responder Credentialing Process
18Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Credential Usage (1 of 3): First Responders
• Handheld PIVMan devices used for perimeter control to incidents
– Smart card and fingerprint readers on-board
– Information synchronized in near real-time to the centralized credentialing and privileging system
• Allows for tracking of First Responders on-site
• Incident Scenario:1. HSPD-12 Credential placed into
handheld PIVMan device2. Device validates credential using
certificates3. First Responder provides PIN and
Fingerprint4. Device validates Identity 5. Device displays Certifications and
Privileges according to NIMS guidelines6. Audit logs uploaded in real-time for
usage in centralized incident management system
19Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Credential Usage (2 of 3): Logical Access
• Replaces multiple existing tokens with a single accepted smart card token
• Access to enterprise computers and systems
– Logon to desktop computers– Single-sign-on can be enabled
using strong authentication (PIV Authentication Certificates)
• Digitally signed transactions– Common usage in the financial
sector– Non-repudiation of digital
signatures allows for strict auditing controls
– Can tie into time accounting systems
20Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Credential Usage (3 of 3): Physical Access
• Credentials have a contactless interface
– Supported by major Physical Access Control Systems (PACS)
– HID antenna can be added for transition from legacy systems
• Credentialing solution provisions the enterprise PACS for the organization
– Assigns, updates and revokes identity
– Authorizations still controlled by PACS administrator
• One credential interoperable across all buildings
21Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
For More Information:• Contact:Mr. Tom Greco, Director, Identity and Access ManagementVerizon Security [email protected]
Ms. Debb Blanchard, Sr. Product Manager, Identity and Access Management