• No results found

Powering Security and Easy Authentication in a Multi-Channel World

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Powering Security and Easy Authentication in a Multi-Channel World"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

Powering Security and Easy Authentication

in a Multi-Channel World

Archit Lohokare

Global Product Manager

IBM Security Systems

(2)

Intelligence Integration Expertise

§  Only vendor in the market with end-to-end coverage of the security foundation

§  $1.8B investment in innovative technologies

§  6K+ security engineers and consultants

§  Award-winning X-Force® research

§  Largest vulnerability database in the industry

IBM Security Systems division is one of the largest security software

focused vendors in the world

(3)

Bring your

own IT

Social

business

Cloud and

1 billion mobile

workers

1 trillion

connected

objects

(4)

Solving security issues is a complex, four-dimensional puzzle

People

Data

Applications

Infrastructure

Hackers Outsourcers Suppliers

Systems

applications

Web

Applications Web 2.0

Mobile apps

Structured

Unstructured

At rest

In motion

Attempting to protect the perimeter is not enough – siloed point products

and traditional defenses cannot adequately secure the enterprise

Consultants Terrorists

Customers

JK 20 12 -0 4-2 6 In motion Employees Systems Applications Outsourcers Unstructured Web 2.0 Customers Mobile Applications Structured

(5)

We see three prominent cloud security scenarios to help customers

Security from the Cloud

Security for the Cloud

Securing the Private Cloud stack

– focusing on building security into the cloud infrastructure and its workloads

Use cloud to deliver security as-a-Service - focusing on services such as vulnerability scanning, web and email security, etc.

Secure usage of Public Cloud applications – focusing on Audit, Access and Secure Connectivity

Public Cloud Private Cloud

1

2

3

Security as-a Service

(6)
(7)

Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed

Cloud Computing

IAM continues to be key part of next wave of security technology

innovation

Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures

Regulation and Compliance

Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence

Advanced Analytics

Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility

Mobile Computing

Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days

Enterprise Customers

GLBA

Identity & Access

Management

(8)

IBM Next Generation Identity and Access Management Strategy

Key Themes

Standardized IAM and Compliance Management

Expand IAM vertically to provide identity and access intelligence to the business;

Secure Cloud, Mobile, Social Interaction

Enhance context-based access control for cloud, mobile and SaaS access, as

Insider Threat

and IAM Governance

Continue to develop Privileged Identity Management (PIM) capabilities and

(9)

Secure user access with IBM’s Next Generation Access Management

§

IBM Security Access Manager for Web

•  User access + integrated web content protection

•  New Hardware Appliance (Access Manager Proxy)

•  Highly scalable web access management

•  Lower TCO and easy to deploy 3rd party integration

§

IBM Security Access Manager for Cloud &

Mobile*

•  Federation and built-in Risk-based Access control

•  Ease of SaaS / Cloud SSO with out-of-box Integration

•  Entitlement management with risk-based access

policy support and new policy simulator for ease of deployment

Web Access & Application Protection (software, virtual, HW appliance)

(10)

Smartphones: Extremely Rich in Channels and Modalities that can be

leveraged to improve users’ assurance

NFC

Gyro

High res display

SMS/Text

Cell towers

Web access Soft keyboard

Voice

Multi-touch sensitive display Accelerometer

Bluetooth Cameras

GPS

Wi-fi/WiMax

Temperature Sensor

Pointing devices Fingerprint

(11)

Secure device registration

and fingerprinting using

OAuth 2.0 for IBM Worklight

Applications

Reduce risk of mobile app

fraud using Risk-based

Access

Increased security and

flexibility for mobile app

authentication with built-in

OTP and Google

Authenticator support

(12)

Context-aware access to secure mobile user access can be strengthened by

Voice Biometrics

SSO ISAM for Cloud & Mobile*

(FIM BG, SPM) Applications/Data Enterprise

User accesses confidential data from inside the corporate network

1

User is only asked for Userid and Password to authenticate

2

Corporate Network

User accesses confidential data from outside the corporate network

3

User is asked for Userid /Password and OTP/Voice based on risk score

4 Outside the Corporate Network

Audit Log

•  Risk-based Access feature to determine and score risk levels using user attributes and

real-time context (e.g. location, device)

•  Enforce mobile user access based on risk-level (e.g. permit, deny, step-up authenticate)

(13)

© 2013 IBM Corporation 13

13

(14)

Phone Channel / Scenario 1: Automated User Authentication and

Authorization

§  User calls a VRU self service application, or calls a call center and goes through the

automated system

§  Value add of using CB:

– Faster user authentication of true users

– Higher fraud detection rate

– Ability to authenticate and authorize simultaneously

Self Service /

Call

Center

Authentication /

authorization

CB

(15)

Phone Channel / Scenario 2: Offline fraud detection - Detecting

repeating fraudsters

Voice Logger

Call Center database

Fraud Detection system

(rule based, neural, etc.)

Detected fraudulent accounts

SIV Enrollment

Past Fraudsters

Voiceprints

Audio

Call Center /

Self Service

SIV Scoring

Fraud alert

(16)

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s

(17)

Internet Channel:

Data, VoIP and Callback Scenarios

Internet

Self Service/

CB

Authentication

Voice

Data

Voice Channel (callback)

VoIP

(18)

OAuth-enabled Worklight banking application.

User credentials are not entered or stored on the device.

User is not required to authenticate each time the application opens.

Revocation is possible on a application and per-device basis.

Before

U/P every application launch

One-time registration code

Identity-aware application launch

(19)

authentication

Transactions < $100 are allowed with no additional authentication

User attempts transfer of amount >= $100 – requires strong authentication

User attempts high-value

References

Download now ( PDF - 19 Page - 3.82 MB )

Related documents

Intelligent WAN 2.0 principles. Pero Gvozdenica, Systems Engineer, Vedran Hafner, Systems Engineer,

Hybrid WAN Transport IPsec Secure Branch MPLS (IP-VPN) Internet Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud.. • Secure WAN transport for private

North East London Cancer Research Network. Annual Report

Our key objectives and priorities for the year have been to maintain a balanced portfolio across all tumour sites and modalities and in particular to increase recruitment

Associations between Depression, Anxiety, Hostility and Fighting Spirit among Cancer Patients in a Cancer Center in Korea

The degrees of depression, anxiety and hostility of the patients were assessed by the SCL-90-R scores, and the fighting spirit was measured by the Mental Adjustment to Cancer

M I N U T E S LEGISLATIVE MEETING DECEMBER 16, 2020

A roll call vote was taken with the following tabulation: Commissioner DeHart – aye, Commissioner Paul – aye, Commissioner Davies – aye, Vice President Truntz – aye, President

What Can Comparative Legal Studies Learn from Feminist Legal Theories in the Era of Globalization

Engaging in critical examination of finding the context in law and exposing the ways in which comparative law (and law generally) constructs social norms and

Cloud Computing Security. Belmont Chia Data Center Solutions Architect

Stand-Alone Data Centers Phase 1 Phase 4 Internal Cloud Phase 2 Public Cloud Phase 3 Private Cloud Public Cloud (Hybrid Cloud) Virtual Private Cloud Open Cloud (Federations)

Cloud Computing and the Internet. Conferenza GARR 2010

THE INTERNET THE INTERNET Hybrid Clouds Public Cloud (aka multi-tenancy) Private Cloud of customer #1 Private Cloud of customer #2 Private Cloud of customer #n Extension of a

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Common Deployment Models of Cloud Computing • Public cloud • Private cloud • Hybrid cloud • Community cloud 14.. Security Maturity and