• No results found

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access"

Copied!
30
0
0

Loading.... (view fulltext now)

Download now ( 30 Page )

Full text

(1)

Vikas Jain

Director, Product Management

Blending Embedded Hardware OTP,

SSO, and Out of Band Auth for Secure

Cloud Access

Jesper Tohmo

(2)

Agenda

ƒ

Client to Cloud Security Layers

ƒ

User to Cloud SSO

ƒ

Strong Auth for Cloud

ƒ

Cloud App API Security

(3)

The Goal “Security Connected” Client to

Cloud

Devices & Infrastructure

Security Layers Cross

Hardware & Software

On-Prem to Cloud

Chip/CPU OS/VM Data App Services Cloud APIs Private, Public, Hybrid SaaS, PaaS, IaaS

Security

Connected!

(4)

DatacenterData Enterprise Applications

Perimeter Defense Trust & Control

Assurance & Compliance

Apps

Client Security: Traditional Attack Vector

• Protection from Malware • Secure Federated Session

Assurance and Compliance: Emerging Attacks

• Data Use Policy Enforcement • Compliance Reporting

• Pro-active SEIM integration & Alert

Trust and Control

• AuthN & AuthZ at edge tied to IdM • Federated Trust

• Data confidentiality, PKI, Encryption

Perimeter Defense: New Attacks

• Secure Hypervisor • Anti-Virus and Malware • Content Threat Protection • Secure API Management Edge AuthN

Employees

Device Mobile

(5)

ID Infrastructure Integration

Lack of Visibility

Multiple Logins / Weak Security

Scalable, Federated Trust

Manual Provisioning

Single Sign On 

(SSO) & Strong 

Authentication

Centralized 

Management

Console

Standards Based

AuthN & 

Provisioning 

Connectors

User to Cloud Access Challenges?

(6)

Ubiquitous Access Requirement:

Any Device, Any Network, Any Cloud App

(7)

Typical solution should include …

Provision Access Secure SSO  Regulatory Compliance

• Provision/de‐provision  accounts • AD integration • Sync Id Profiles  • Rich audit trail of user login  showing  AuthN level • De‐provision & orphan  account reports  • Federate windows/AD log  in via portal • To popular SaaS like  Salesforce & Google Apps Adaptive Strong Auth • Selectively apply 2nd factor  OTP AuthN  • Variety of software AuthN  methods & devices‐ mobile  devices, SMS, email

Combine Enterprise Class Strong Auth with SSO

Enterprise

(8)
(9)

Out of band Signed Authentication

ƒ

More secure way for 2

nd

factor

authentication

ƒ

Authentication is performed on a

separate channel different from the

transaction channel

ƒ

Convenient

ƒ

User approves using a simple

(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)

Silicon OTP‐ Enables frictionless 2‐factor user authN.  Determines trusted platform.

Token

PKI certificates to authenticate User and Server to each other,  digitally sign documents and emails and encrypt files and  messages.

Digital 

Certificate

Virtual Keypad‐ Protects PC display from malware scraping and proves  human presence at PC. Great for transaction verification and ACH  fraud prevention. 927316250

Server

Server

Password Entry

Username

Password

+

OTP:

927316250

Hardware Assisted Security at the Endpoints

(22)

Cloud 

Provider

Cloud 

Provider

Cloud Apps- APIs are New Cloud Control Point

Applications move off premise

Leverage third‐party services

1/3 of Enterprise Traffic is via APIs

Enterprise

(23)
(24)
(25)
(26)

Slide 25

4 new slide to import SSO Portl

(27)
(28)
(29)

How to Apply What You Have Learned Today

ƒ

In the first three months following this presentation you

should:

ƒ

Identify all the cloud applications your Enterprise uses

ƒ

Understand how many passwords are being managed

ƒ

Define appropriate compliance controls for events such as a

user leaving the company

ƒ

Within six months you should:

ƒ

Select an IAM system which allows policy based integrated

SSO portal according to your organization’s needs

(30)

Visit Intel Booth for Demos

Free Trial

April 12

Bonus Free Box.net 

Account

On‐Demand Webinar

Cloud Service Brokers w/CSA & NIST

www.intelcloudsso.com

www.intel.com/go/identity

www.mcafee.com/cloudsecurity

•Meet the Cloud API w/Forrester Research 

Mar 29‐ Kuppinger Cole Webinar

References

Download now ( PDF - 30 Page - 3.44 MB )

Related documents

Causation Delays and Causal Neutralization up to Three Steps Ahead: The Money-Output Relationship Revisited

In models of money supply growth ∆m, output growth ∆y, inflation ∆p, fluctuations in an interest rate ∆r and a rate spread rr, however, we find only one case in which

Trade Unions and Industrial Injury in Great Britain

However, the ability for unions to reduce injury rates does not appear to increase monotonically as they progress along a workplace instrumentality continuum from recognition alone to

Hazardous Waste Combustion - Costs and Economic Impact

CKRC, the hazardous waste burning cement kiln industry group, reported revenue estimates for wastes burned by cement kilns of about $67 per ton (cement kilns generally burn liquids

Zeus Attack Charts and Targeting Domains Online

Online Banking Fraud and Target Selection by Cybercriminals Is target popularity related to its size.. •   United States: out of around 6,500 active financial institutions,

PHYSICAL situations concerned with the rate of change

Because of the mathematical and physical properties, the Bratu initial value problems have been studied extensively by many researchers, for example [4] studied a numerical solution

Lesbian motherhood in a Chilean cultural context

The first Study 1’s purpose was to investigate the life course experiences of a group of Chilean lesbian mothers who conceived their children through a previous

Trading Votes for Votes. A Dynamic Theory

The central finding of the paper is a general existence re- sult: there always exists a sequence of payoff-improving trades that leads to a stable vote allocation in finite time,