SecureAuth – First 2-Factor STS

Written on July 18, 2011 at 12:07 pm, by Garret

So….

SecureAuth includes the first integrated 2-Factor STS.   Why should I care?

You care – because you are doing it today.   YOU, the IT guy and your staff, are performing the functionality of a “STS”.   You, the overburdened IT worker/director, are cobbling together dissimilar technologies in a hard-to-manage and cumbersome way across disparate products.

Argh.

Why is this? Because until now standard security products have left all the integration into the end resource (VPN, Web, SaaS) to you, as an “exercise left to the reader”.

So what does that have to do with Security Token Service?

Everything.

The whole objective of IT is:

• NOT to deploy network products
• NOT to deploy heuristic products
• It’s NOT EVEN to deploy authentication products

The objective is to combine users with applications – and make USERs  more productive.

This is exactly what a STS (Security Token Service) is.   It is a token service that creates a web/application “token” so the application/resource can accept the user and allow the user access.

OK  – isn’t that what my access control systems are doing today?

Yeah – but not easily and not even to all resources!

And, in fact most gateway devices are NOT providing any integration into the exploding Cloud/SaaS resources such as:

• Google
• SalesForce
• SuccessFactors
• Oracle On Demand CRM
• Etc.

Yup.   These gateway devices are stuck in 1998 (please see image #1)  and still think that access means users only need access on an “in-bound” basis – e.g.   resources are internal and users are external.

Image #1: The traditional environment only provided access control for external users accessing internal resources.

Unfortunately, if all you’re concerned about today is external users, then you’re missing a new way to deploy applications.    Ask the 3,000 enterprises who sign up with Google everyday.

Today’s resources  are internal AND EXTERNAL.   And the world needs a product that recognizes this.  (see image #2).

Image #2: Today’senvironment includes both internal and external resources and the control mechanism needs to acknowledge and provide access.

How is this done?

Lucky for all of us, it’s done via mechanisms called Security Token Services (affectionately referred to as STS).   These services are supposed to dialogue to the relying party in the mechanism that these resources natively consume.   Take a few minutes and think about your own infrastructure.    You have web resources, VPNs and now SaaS resources to control access to.

And…

You need to meet authentication requirements for all of these resources that include:

• Conducting an authentication that meets compliance guidelines  (NCUA, FFIEC, PCI DSS, HIPAA
• Log the authentication locally  (Who, Where, What)

This is where you need SecureAuth IEP– the first integrated 2-Factor STS for today’s environment.  (See image #3)

Image #3: SecureAuth IEP includes a full featured 2-Factor STS that meets today’s demand for both internal and external resources.

SecureAuth IEP provides both:

• The access to these resources  (Web, VPN, SaaS) and;
• Configurable 2-Factor Authentication  (X.509, SMS, Telephony, E-Mail, KBA, Help Desk)

All in a single package.

–
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution to enterprise Identity, Access and Authentication issues.

Webinar – SecureAuth 2-Factor STS -  Thursday, August 4th.   10am PDT