www.symplified.com | 303.318.4188 x1 | [email protected] [email protected]@symplified comsales@symplified com
Trust, Identity and Access Management for the
Cloud Operating System
Today, a revolution in computing is underway. The cloud is the new operating system and promises to free the enterprise of cost and complexity; ushering in a new era of simple, on-demand computing. This cloud-based ecosystem has created a new ways for people to deploy, access, and use networked information, applications, and resources.
As enterprises adopt the cloud, new domains of security must be managed. The architectural shift to the cloud requires new technology and new thinking on how trust, identity and access management can work in this new world.
Symplified pioneered SinglePoint; the first identity, access management and federation service delivered on-demand. Now, Symplified is introducing the next generation of SinglePoint – the Symplified Trust Cloud™, a unified access management and federation platform built on the Amazon EC2 cloud platform that uniquely integrates and secures SaaS, IaaS, EC2 and Web 2.0 apps.
»
First purpose-built IAM for Amazon EC2 platform»
Complete unified trust, federated identity and access management suite»
Global multi-jurisdictional auditing and compliance»
Massively scalable elastic architecture that deploys in hours»
Seamless trust integration fabric between Amazon EC2 and enterprise infrastructures like Active Directory and LDAP“Organizations wishing to move
applications to the cloud have
been held back by the lack of
truly native cloud-based identity
management solutions. The
cloud’s promise won’t be
realized until identity
management can provide a
single source of user
administration, hosted in a cloud
datacenter, supporting single
sign on to multiple cloud
applications by users whose
accounts are managed in
multiple cloud repositories.”
Noteable Quotes:
Services Data Sheet
® Customers Remote Employees Partners Enterprise APPAPP
Bob Blakley
Vice President &
Research Director
Burton Group
www.symplified.com | 303.318.4188 x1 | |||
www
www.sympl.symplifiified.ed.comcom || 303.3303.318.18.4184188 x8 x11 111 www.symplified.com | 303.318.4188 x1
Security At A Glance
»
Access Control»
Authentication»
Auditing»
Provisioning»
SSO & Federation»
Virtual DirectoryBenefits
»
Global capability»
Complete Cloud security»
Elastic capacity»
Easier compliance»
Improved securitywww.symplified.com | 303.318.4188 x1 | [email protected] Provisioning & User Management Federated SSO Runtime Access Control Authentication Network SecuritySSL & Proxy
Pro
Pro
Pro
Provivisvisvis ion ion
ion
ioningingingng & & & & User M anagem nt ent
derated SSO trol Auditing & Reporting
ting
Symplified Trust Cloud Enables EC2 Security
As enterprises move apps to the EC2 platform they need identity, access management and federation and a trust fabric to integrate these with behind-the-firewall infrastructure. Last generation’s perimeter-based fortress model for enterprise security is no longer adequate as companies need secure access to cloud-based applications for their employees, partners, and customers outside the firewall. Amazon’s EC2 platform mandates a new approach to trust, identity and access management. Symplified Trust Cloud is the first solution to provide identity, access and trust management for Amazon EC2 platform.
Purpose-built trust, identity and access management for Amazon EC2
The Symplified Trust Cloud has been specially engineered to work seamlessly in the Amazon EC2 platform. The Trust Cloud leverages Symplified’s patent-pending SinglePoint technology that provides the most complete IAM solution with breakthrough simplicity and integration capabilities.
»
Optimized to take advantage of the advanced networking, monitoring and availability capabilities of the EC2 platform.»
Spin up an entire IAM platform to secure and integrate your Amazon EC2 environment in hours through Symplified Trust Cloud.»
Dedicated expert support and partnered with the leader in cloud systems integration, Appirio.Unified and complete IAM for Amazon EC2
The Symplified Trust Cloud is a turnkey unified IAM solution that provides access management, authentication, user provisioning and administration, single sign-on (SSO), federated SSO, and usage auditing for applications running on the Amazon EC2 platform. Piecemeal approaches to identity and access management suffer from expensive integration and customization. Symplified Trust Cloud provides a complete IAM solution that works seamlessly together or can be deployed modularly. The solution includes Web access management, user provisioning of a cloud-native virtual directory, optional strong authentication and deep auditing.
Trust integration fabric links the cloud and on-premises infrastructure
Symplified’s Simple Link technology extends on-premises infrastructures like Active Directory, LDAP, databases and Web apps across the firewall. Manage Active Directory users as you do today by having these
permissions drive access and authentication to cloud apps on Amazon EC2.
Simple Link, in conjunction with the SinglePoint virtual directory, provides a rich integration fabric to link on-premises infrastructure to the cloud:
»
Active Directory, LDAP, RDBMS»
Use Salesforce.com or Google as user stores»
Enable directory hunting to chain multiple userrepositories together for authentication, access and personalization context
»
Extend employee desktop authentication via Windows Kerberos IWA for SSO to Amazon EC2 and other SaaS appsogle as chain ther Sa frastru er storess r and atiooon and SSOtooo apps @sympplifi o Federated SSO rated Authenticat ion ca entica Authenticatio n thentic ati hentic a Netwo rk Security rk S rk S Provision ing Auditing Federate d SSO Authenticatio n Authentica tion Netw ork Secu rity Provisioning Auditing Active Dir ectory tive Dir ecto
Windows Kerbero s
LDAP LDAP
ADFS & SAML & Databa ses ab Web A pps Active Direct ory Windows Kerbe ros LDAP ADFS & SAML Databases Web Apps
www.symplified.com | 303.318.4188 x1 | [email protected]
Simple SAML Federation
Most organizations avoid the complexity of SAML federation. Symplified has solved the complexity problem for federation-enabling your organization and your apps. The SinglePoint Trust Cloud provides four ways to simplify federated SSO:
»
Pre-integrated federation hub. Extends SSO for your users into leading SaaS apps like Salesforce, Google, Concur, Success Factors, Workday and many others. Sign on once to a Symplified-powered portal and access seamless SSO to dozens of apps. No integration effort required.»
SAML Service Provider (SP). The Symplified Trust Cloud proxy can be enabled to accept SAML SSO sessions to your apps. Symplified handles the complexity of validating and decoding the SAML assertions and simply passes authenticated federated users into your Amazon EC2 web app through HTTP headers»
Federate with any SAML 1.1 and 2.0 applications. SinglePoint Trust Cloud uses HTTP-FED to provide federated SSO for applications that do not support SAML. SinglePoint Trust Cloud erases the need for federation software and its associated learning curve, cost and complexity.»
Federate Your Network and Amazon EC2. With the Symplified Trust Cloud you can federate between your on-premises network and Amazon EC2 using newly released ADFS 2.0 and SAML.Localized Compliance on a Global Scale
To make user audit and compliance reporting for Amazon EC2 apps possible, SinglePoint Trust Cloud collects consistent usage logs of all activity on the Amazon EC2 and SaaS apps. For multinational organizations that operate in different geographies, SinglePoint Trust Cloud makes it easy to meet national and international data governance requirements. For example, an organization can deploy multiple instances of SinglePoint Trust Cloud in different geographies to comply with regulatory mandates that stipulate privacy data must remain within a sovereign country’s borders or a trading bloc’s territory (e.g. the European Union). Trust Cloud also enables companies to avoid having their identity repositories hosted in countries with far reaching law enforcement statutes like the US Patriot Act.
Trust, Identity and Access Management Platform for Cloud Service Providers
Symplified has built the Trust Cloud with our service provider partners in mind. Whether you are a SaaS application ISV, a systems integrator or a managed services provider, the Symplified Trust Cloud allows you to offer the cloud to your customers without having to make a massive capital investment. Partnering with Symplified gives you access to unmatched expertise in cloud trust, identity and access management and a platform that you can use on a white-label basis to increase revenues, accelerate SaaS and IaaS deployments and increase customer ‘stickiness’.
For SaaS ISVs
Using an SSO solution or a user’s existing credentials (such as a user’s Windows login) can improve the success of SaaS roll outs by 300% - 400%! Unfortunately, many SaaS vendors build one-off security integrations for each customer, requiring maintenance and creating a drag on professional services organizations. Closely integrating with your customers makes your apps stickier, thus helping your subscription renewals.
For SIs and Private Cloud
Operators
Your customers rely on you as their expert to keep IT running. They demand the latest SaaS apps like Salesforce, Google, Workday, and Concur. These apps must be integrated and secure. With the Symplified Trust Cloud you can offer horizontally complementary or vertical-specific products to grow top-line revenue. Using SinglePoint as your IAM and SaaS aggregation platform, you can quickly add SaaS and cloud services to your portfolio. Partnering with Symplified eliminates much of the labor
For Cloud Infrastructure
Providers
IaaS providers face constant margin
pressure from commoditization. The margins on bandwidth, compute and virtualization are getting smaller. The solution is to provide value higher up the stack with security and integration services. With The Symplified Trust Cloud you can move up the stack and offer high-value, differentiated IAM
capabilities and avoid commoditization. By offering robust IAM security and integration capabilities your services are more ‘enterprise ready’ and suitable for more
SAML SAML HT TP-FED SAML HTTP-FED S SAM SAM SAMAMAMAM M MLLLLL FEDEDEDEDDDD SA S H HT HT HTT H H H Internal Apps HQ Partners Suppliers Customers ve fo each c d creatin i creden can im h
?
No Visibility
N
vs
Complete Visibility
www.symplified.com | 303.318.4188 x1 | [email protected]
The Symplified Trust Cloud – powered by a proven
proxy architecture
The Symplified Trust Cloud architecture was engineered to work with the elastic capabilities of EC2 - without agents or software. Unlike last-generation IAM architectures from CA, Oracle, RSA and Ping that rely on agents or complex federation software for each app, the Symplified Trust Cloud uses a proven proxy architecture, like those from Google/Postini, McAfee, Symantec, Z-Scaler - but specialized for identity, access management and federation. This proxy approach eliminates the brittleness and complexity that results from being too tightly coupled with the application. The Symplified Trust Cloud is co-located on the EC2 cloud providing:
»
A proxy architecture co-located on Amazon EC2»
An additional layer of security through theSinglePoint Trust Cloud to buffer direct access to applications
»
Loosely coupled architecture that eliminates dependencies between the Trust Cloud and your apps»
Bursting of VMs»
The highest performance and acceleration with edge caching, compression and SSL offloading»
Integration of enterprise and cloud identityrepositories to enforce security policies
The Trust Cloud Benefits
After many man-years of dedicated engineering to weave SinglePoint into Amazon EC2, the Trust Cloud enables businesses to provision an instance of their web apps in any secure data center across the globe and tap into the Trust Cloud’s IAM capabilities. The Symplified Trust Cloud dramatically alters the cost and complexity of deploying identity and access management. It also secures cloud apps with faster performance. The Symplified Trust Cloud was built on the following principles:
»
No proprietary lock-in – zero barrier to exit and ability to easily move on-premises»
Supports the cloud, fully and completely»
Leverages the advantages of all that Amazon EC2 offers as a $2 billion platform»
Scales infinitely, elastically and reliably»
Makes location of infrastructure, apps and users transparent»
Simplifies the effort to enable SAML federationNo proprietary lock-in
The Symplified Trust Cloud was designed to be the simplest and easiest way to roll out IAM for both Amazon EC2-hosted apps as well as SaaS apps. We recognize that today many organizations are cautiously approaching the cloud and have concerns about becoming locked into a particular vendor’s platform and losing the power of choice. We believe strongly that our platform should be as easy to migrate off of as onto. This completely aligns our goals with yours. Once you work with Symplified you’ll see that while our technology is second to none; our expert support is what keeps our customers happy and successful. To that end the Symplified Trust Cloud was designed to:
»
Not use agent software or plug-ins which means you can integrate the Trust Cloud without brittle custom code or proprietary software. Symplified never installs software on the web browser – which means easy support for ‘external’ users like customers and partners.»
Virtualize user data and access it when needed thus eliminating the expense and complexity of migrating or consolidating directories ordatabases. With the Trust Cloud you always own your data. In fact, it is never stored on the Trust Cloud. If you decide to leave the Trust Cloud, there’s no migration issue.
»
Support standards like SAML, LDAP, SOAP, HTTP, SQL, and REST enabling easy integration and avoiding the need to change or customize your apps.»
Deploy the Symplified Trust Cloud in hours with only a simple network configuration so you can easily try it out and move from trial to production smoothly.“Brilliant”
- Chief Security Architect, Global Mobile Communications Company
“Spot on for what we need for our EC2 apps.”
www.symplified.com | 303.318.4188 x1 | [email protected] www symplified com | 303 318 4188 x1 | sales@symplified com
Your Customers
Use Symplified to SAML-Enable Your
App Without Modifying Or Deploying
Complex Federation Software
Your Apps
Passwords SAML Apps Transparent To Users No Changes Required!What They’re Saying
“A typical IAM project’s first phase can easily cost half a million dollars, including implementation services and licensing costs. (Symplified’s) Typical integration time is 30-45 days - far below traditional
time frames of six to nine months.
“Symplified's IAM function set and available integration points with enterprise identity repositories and external SaaS services are much broader
than those of the other providers.” "Cloud-based, on demand applications present new challenges. New models, like Symplified’s, for managing and sharing identities are required..”
Edge Caching Compression Elastic Clustering
Supports the cloud fully and completely
Symplified was founded to solve the complex problems that moving to the cloud creates. We believe that the cloud presents one of the most disruptive and beneficial evolutions in computing. Many companies are going completely server-less and moving all their applications to the cloud. Building on our unmatched experience as the first pure-play cloud trust, identity and access management provider, we have built the most complete solution for the cloud, delivered over the cloud and integrated with the cloud. What sets Symplified apart from last-generation enterprise IAM software providers?
»
Only Symplified can integrate with Salesforce or Google and utilize their user directories. If you have chosen to use Gmail or Salesforce then you are already managing identities in those platforms. With the Trust Cloud you can easily authenticate, authorize and personalize the experience using data in the cloud.»
Symplified was the first and continues to have the broadest set of supported SaaS applications for federated SSO and access.»
Only Symplified offers pure pay as you grow subscription pricing that reflects the on-demand nature of the cloud.»
No other company has more experience operating an IAM platform and trust broker. Period.Leverages advantages of all that
Amazon EC2 offers as a $2 billion cloud
platform
Amazon has invested billions into the EC2 platform; far more than almost any enterprise has in their own data centers. Symplified has been using Amazon EC2 internally for several years and over time has
experienced the benefits of one of the most powerful compute platforms in the world. Amazon has continually refined its technology and reach of the EC2 platform. Symplified has committed to leveraging these strengths to make the Trust Cloud the most scalable, secure and reliable platform available. With the Symplified Trust Cloud you can easily:
»
Deploy in any one of the 30+ Amazon EC2 availability zones»
Leverage Amazon’s Elastic Load Balancing sticky session capability for scale out»
Leverage different sizes of EC2 AMIs to fit your budget and performance needs»
Tap the power of the Amazon Simple DB as a user repositoryScales infinitely, elastically and reliably
Performance and availability are critical in the cloud. With the Symplified Trust Cloud you can achieve levels of performance that previously would have required hundreds of thousands of dollars from high end servers. Built upon the Amazon EC2 self-healing compute platform, the Symplified Trust Cloud can offer unprecedented uptime and availability. Building a comparable redundant, monitored and expertly staffed data center on the level that you get with the Symplified Trust Cloud is simply beyond the reach of 99% of enterprises. The Symplified Trust Cloud provides:
»
99.995% uptime availability guaranteed with a Service Level Agreement»
The capability to monitor the health and performance of the SymplifiedTrust Cloud through a browser
»
High availability options (through Symplified professional services) that offer sophisticated load balanced deploymentsMakes location of infrastructure, apps and users transparent
Today, most organizations have IT spread across both internal networks and increasingly on the cloud. Migrating apps, data or infrastructure from one to the other is expensive and often unnecessary if you could simply access it securely where it resides. To this end Symplified has architected the Trust Cloud to provide a transparency layer that abstracts the location of apps, infrastructure and users. With the Symplified Trust Cloud:
»
Users can gain secure SSO whether they are inside the company network, working from home, from a mobile device or from an airport. All that’s needed is a web browser.»
User repositories – like Active Directory, LDAP or databases – can be inside the corporate network or even in the cloud as with Salesforce or Google.»
Applications can be hosted on Amazon EC2, inside your data center orwww.symplified.com | 303.318.4188 x1 | [email protected]
© 2008-2010 Symplified, Inc - All Rights Reserved. Various trademarks held by their respective owners.
$
$
$
$
$
vs
Why SinglePoint Trust Cloud?
Symplified has introduced ground-breaking technology for companies who want to connect their enterprise to the cloud. In particular, the SinglePoint Trust Cloud has been specifically architected to work with Amazon’s EC2 platform. It is the first and only IAM solution that works for Amazon EC2 customers. Symplified has two of the biggest names in cloud – Amazon & Appirio – as partners to sell, implement and scale deployments so that you deployment works right the first time and within budget. The SinglePoint Trust Cloud is indisputably the simplest and fastest way to deploy an entire federated IAM stack.
Symplified provides two product options to meet your specific needs. For those looking for a simple integration of SAML and utilizing a few user stores, the Trust Cloud Federation Express is the best option. For those enterprises that need the full complement of security features such as integration to user stores behind a firewall (Active Directory, etc.), apps portal, and access management they should consider the Trust Cloud Enterprise Edition.
About Symplified: SinglePoint of Security for the Cloud
Symplified SinglePoint provides a cloud-native unified identity and access management (IAM) platform that allows companies to extend and enforce IT security policies for access control, authentication, administration/provisioning of users, and auditing, to cloud applications. Available either as an on-premises or completely hosted solution, SinglePoint leverages a proven proxy architecture that works without agents or custom code to speed deployment, simplify management and cut costs by as much as 80%.
Users can sign-on once and through SinglePoint are provided secure access to all the cloud applications they are authorized to use. Unlike last-generation federation software that merely provides SSO to SAML-enabled apps, SinglePoint is a complete IAM platform that integrates with both SAML and non-SAML applications. SinglePoint grants and denies access to
resources based on user roles and policies created by the organization and typically already in place, which eliminates identity silos and redundant administration. It also provides deep auditing capabilities, and can manage access to both cloud and “behind the firewall” applications.
Symplified | The Cloud Security Company
Symplified provides the Trust Fabric of the Cloud by enabling companies to extend and enforce IT security policies for access control, authentication, administration/provisioning of users, and auditing, to cloud applications. Symplified’s founding management team also created Securant and the ClearTrust product, which pioneered the market for Web access management, provisioning and federation. Securant was acquired by RSA Security for $140M. Symplified is backed by leading institutional venture capital firms Granite Ventures and Allegis Capital. Symplified is headquartered in Boulder, Colo., with offices in Palo Alto, Calif. Visit us on the web at www.symplified.com.
Dramatically simplifies the effort to enable SAML federation
Let’s face it. ‘SAML enabling’ apps is difficult and many organization simply lack budget, infrastructure, skills, and time to do this. Enterprises have to create one-to-one connections and service providers have to deal with a one-off federation project each time a customer asks for it. And you have to wait for your partner or SaaS provider to support SAML.
The Symplified Trust Cloud dramatically simplifies the effort to enable SAML federation. There is no need to install new federation software. SinglePoint puts SAML into all your EC2 apps. And Symplified offers a pre-integrated federation hub for SSO across multiple apps. Symplified can federate with any SAML app and also with HTTP-FED can integrate with virtually any SaaS app. The Symplified Trust Cloud offers a better way:
