Having put together over 100 webinars for SecureAuth – I also take the time to listen to other firms webinars. (And yes – I am e-mailing and IM’ing through theirs – like others do to mine – all’s fair.)
What’s relevant about the other product webinars I listen to – is NOT what is included – but what is omitted.
There is not question that consolidating your SaaS/Web access to a single portal – is the right answer. And it’s also the right answer to consolidate access to an ID that your users already know. (E.G. “Federated the identity from your Active Directory – or other known idenity.)
But what is OFTEN omitted – is, well, how do you do all that boring stuff around the password??? E.G.:
- User Self Password Reset
- 2-Factor Self-Password Reset that meets Regulatory Compliance
- User Password Lock-Out and Unlock
- Password Synch to Cloud like Google
- Enforcing Password Strength across
- On-Premise Web Applications
- Cloud Applications
Image #1: SecureAuth becomes the centralized 2-Factor Password Mechanism for your user data resource (AD, LDAP, SQL, etc).
The SecureAuth solution is the 2-Factor “Instant IdP” that allows you to convert your present user store into a fully functional IdP for the modern enterprise deployment of applications. (On-premise and SaaS web deployments.)
Enterprises today, need to provide:
Check out the full SecureAuth Password Functionalities here. Contact us – and we will tell you more!
–
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
Categories
Blog |
Tags
|
Author
Garret |
|
Had the pleasure of F5′s (wonderful) Peter Silva come by the SecureAuth booth @ RSA and record our BYOD (“Bring Your Own Device”) Story.
The SecureAuth BYOD story is what the IT world is clammoring for:
- Agnostic device 2-Factor authentication
- Full App access integration
As been will be detailed in our upcoming webinar with F5 (F5 APM and SecureAuth and FishNet Webinar – BYOD security for Web and Cloud Apps) – we will point out the importance of allowing any device access to your apps.
And this is what came out during the RSA show. The attendees: IT directors, security engineers, consultants – where looking for solutions on how to:
- Maintain their Access Control guidances
- But still allow access to the new devices
- iOS, Android, BlackBerry, etc
This is the SecureAuth story – and specifically the SecureAuth/F5 APM story. Contact us – and we will tell you more!
F5 APM and SecureAuth and FishNet Webinar – BYOD security for Web and Cloud Apps
Thursday, March 22nd, 10am PST
–
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
Categories
Blog |
Tags
|
Author
Garret |
|
-
Authentication
-
Authorization
-
Auditing
But the 3 A’s were designed for the 1990′s – e.g. – when all the resources were internal – and a gateway device was placed in front of these resouces for 1-stop authentication.
The standard for AAA authentication was the RADIUS protocol. RADIUS allowed the gateways to generically pass collected authenitcation information to the RADIUS-compliant auth server. (See Image #1.)
Image #1: Traditional AAA authentication, RADIUS, collects static information from the gateway and then passes the creds via UDP to the RADIUS Server.
Problems with standard AAA (RADIUS) authentication:
1. Limits enterprises to supported workflow and static data content
- No flexibility in workflow
- Restricts enterprise to out-dated authentication methods (SecurID, tokens, etc.)
2. No support for new Cloud Applications
- No way to pass identity to SaaS / PaaS providers
- SaaS providers do NOT support RADIUS (Seem image #2)
Image #2: Standard AAA authentication, e.g. RADIUS, provides no support for the exploding world of cloud apps.
The 4th “A” – Identity “Assertion”
In the modern world – there are (4) “A’s” for secure Authentication:
- Authentication
- Authorization
- Auditing
- Assertion (Identity Assertion)
This is WHAT IS MISSING with the traditional (AAA) RADIUS authentication – there is NO WAY to ASSERT the identity to outside parties. (RADIUS is just a static mechanism to pass/query credential information).
What is needed:
1. A flexible Authentication solution
- That Supports multiple authentication methods
- Whatever auth method enterprise chooses
2. That “Asserts” the identity…
A mechanism to tell a relying party the ID
- Securely
- Repeatably
- Without APIs
This is EXACTLY what the Securauth product is, a product that meets the (4) of authentication:
Image #3: SecureAuth provides (1) Authentication, (2) Authorization, (3) Audit and (4) Assertion.
It is this assertion part of the authentication – that truely differents SecureAuth. SecureAuth takes on the last part of the authenticaiton – the “Assertion of the IDentity” to the relying party (Web, VPN, Cloud.) This is not left as an API excercise or a complicated coding project – but built into the SecureAuth product. (See Image #4)
Image #4: SecureAuth is the only solution that combines the required 4 AAAA’s of authentication.
—
Garret Grajek is CTO and a co-founder of
SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
Categories
Blog |
Tags
|
Author
Garret |
|
Please come by the Secureauth booth @ the RSA Conference – Moscone Center, Booth #217
–
IT admins face the explosion of apps, specifically cloud apps (like Google, Salesforce, Concur, Workday, SuccessFactors) – and need a way to manage these products.
And by manage – i mean:
- Conduct Authentication
- Allow Single-Sign-On (web user experience)
- Utilize a single account (enterprise data store)
- Log the authentication
Image #1: SecureAuth centrally manages authentication and identities for users – including 2-Factor, SSO, federation and logging.
Centralized Management
SecureAuth is the revolutionary all-purpose tool for the enterprise that centralizing the functionality for several key IT domains:
- Access Control for Network Access
- Access Control for Web Access
- Access Control for Cloud Apps
- 2-Factor AuthenticationWeb/SaaS Portal
- Identity Management of Enterprise UsersLogging of authentication
SecureAuth is able to become this centralized management tool – because of its powerful multi-tenanted architecture that allows it to create 100 distinct policies to manage the various enterprise resources.
Access Control for Web Access:
Admins can consolidate the access controls of their web resources – in a single platform, SEcureAuth. Web resources can include J2EE, .NET, Microsoft Sharepoint, IBM WebLogic, Oracle WebSphere and other platforms – all which can be collated into a single authentication portal.
Images #2: SecureAuth centrally authenticates on-premise Web Applications.
Access Control for Network Access:
Admins can centralize authentication access control for their various network VPN and gateway devices in a single, consolidated tool – creating different for access policies for different users utilizing similar or differentiating authentication mechanisms all supported from the same SecureAuth platform.
Images #3: SecureAuth centrally authenticates on-premise VPN/Gateway devices.
Access Control for Cloud Apps:
SecureAuth can also collate an ever growing number of SaaS solutions solutions and provide access to enterprise users coming from the intranet and extranet. SecureAuth can provide centralized access control to these apps, including managing the authentication, the workflow and the logging. The key to the secureAuth solution is that it utilize on-premise IDs (Active Directory) for acces to these cloud Apps.
Image #4: SecureAuth centrally authenticates and provides SSO for Cloud Applications.
2-Factor Authentication
SecureAuth centrally allows enterprise to control 2-Factor authentication to the VPN, WEb, Cloud Apps. A unique SecuerAUth realm can be created for each resource, with a differentiating authenticaiton policiy. SecureAuth authentication can be configured to utilize SMS, Telephony, E-Mail, KBA/KBQ, Help Desk, Password and X.509v3 Certificates.
Image #5: SecureAuth is a VASP (a “Variable Authentication Service Platform”). SecureAuth supports X.509, SMS, Telephony, E-mail OTP, KBA/KBQ (Knowledge-Based-Questions), Static PIN, Yubikey and Password.
Web/SaaS Portal:
The enterprise portal can be hosted on the SecureAuth solution. All access controls, including 2-Factor are built into the portal. In addition, the web single-sign-on between the on-premise web applications and SaaS applications is all constructed and managed throught the SecureAuth administration tool. SecureAuth can also integrate this web/SaaS sso to pre-existing portals.
Image #6: SecureAuth is a revolutionary 2-Factor, portal – built-in with full authentication and SSO between internally and external apps. Fully compatible for all devices.
Identity Management for Enterprise Users:
SecureAuth is able to provide centralized identity managment tools for both internal and external users. In addition, these tools can be delegated to both users and enterprise admins – according to pre-existing user groups. These tools include:
- Identity Provisioning
- Profile Enrollment (1st time use)
- 2-Factor password Reset
- User Profile Management
- 2-Factor Password Reset
- Administration Management of User Accounts
All of these policies are accessible from user internally and external located – but enforcement of the policies can all be sent to one of more centralized datastores.
Image #7: SecureAuth has built-in identity Management: User Profile On-Boarding, 2-Factor Password Reset, User Self-Management and Help Desk User Management.
Logging of Authentication:
SecureAuth provides the enterprise a centralized facility to log all access to SecureAuth protected resources – regardless if the resources are VPN, Web or Cloud resources. SecureAuth can send the “who, what, where and when” of logging in the format the enterprise requires – both text and syslog format. SecureAuth can send the syslog files to an on-premise SIEM (Syslog Information Event Management) server – or an office premise SIEM. Secureauth also supports a GUI interface to cloud SIEM, Loggly.
Image #8: SecureAuth provides full logging of all authentication – be it VPN, Web or SaaS.
Categories
Blog |
Tags
|
Author
Garret |
|
‘Tis the Season…
Come Feb 27th to March 2nd, thousands of us – including myself, will be at the Moscone Center in scenic San Francisco for the RSA Conference, 2012. (SecureAuth will be front row in the exhibit center, Booth #217.)
The job of many of you – at this event – is to:
- Map the requirements your company has around:
- Identity Management
- Access Management
- Cloud Apps Access Control
- Web Apps Access Control
- VPN Access Control
- 2-Factor Authentication
- Mobile, BYOD Support
- To the Vendors at the event
Well…
You can either:
Image #1: SecureAuth is a multi-functional, multi-tenanted authentication solution that combines the functionalities that previously required the “cobbling” of products from multiple vendors.
The breakdown of the functionalites is very revealing. (See image #2, below). Traditional vendors simply provide horizontal solutions that require enterprises to combine the functionalities together for a full soluiton. It is these integrations which tend to tend to run up cost and create security weaknesses in the architecture. Because SecureAuth is a single solution, cost is lower – and the security posture in augmented.
Image #2: SecureAuth combines the functionality required for Web, VPN, Cloud and Mobile Security into a single platform. (Click for full-size image)
Please come by the Secureauth booth @ the RSA Moscone Center, Booth #217 - or contact us – and we’ll map a solution to your requirements.
—
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
Categories
Blog |
Tags
|
Author
Garret |
|
Alright so we all know that Google apps can save your company a lot of money, hundreds of thousands of dollars in some cases. It also means that your company can do what it does best which is typically not manage email for your entire company.
But, one downside to using any application in the cloud is the fact that without something like SecureAuth in place, your corporate policies concerning password age & complexity literally fly out the window.
So, let me tell you what an above average user is guilty of.
NEVER changing my Google Apps password. That’s right, since I’ve been with SecureAuth I’ve never once changed my Google Apps password… Not only that but when I came on board, do you think I made a complex password that’s totally unique? nope… It’s so similar to my mail password it’s ridiculous.
Why would someone who’s very technical do this? Because I’m busy, you probably are too. If you’re one of the few people that utilize a password safe you’ve probably tried more than 2 different products and spent well over 40 hours fiddling with it during your use, it might be time well spent but that’s only if you actually have the time.
Think to yourself, how many times have you changed your password to your personal email account? I’m betting just about never unless you had a scare of some sort. We’re busy people and by nature we won’t make a change to something like a password unless we’re forced to. Now, the list of companies that have had their Google corporate email exposed to the world becausesomeone was able to guess the password is very very long. Why worry about being next? Give us a call and we’ll show you how to shore up your security to SaaS applications.
BRB, changing my Google Apps password!
Categories
Blog |
Tags
|
Author
Chris |
|
In light of recent news from Trustwave concerning their extremely bad decision to issue a Root Certificate to someone who paid them enough money. Trustwave knew the company that purchased it would use to sign certificates for all websites not owned by the customer and they are now facing serious backlash.
So, how can you ensure your CEO won’t have his email exposed to everyone in the world because he fell prey to the Man in the Middle? it’s actually very simple when you use SecureAuth. We’ve understood the need for not just 2-Factor authentication but also protection against Man in the Middle attacks from the onset. We’ve done the work to ensure you can easily decide exactly which webserver you want to trust.
Figure 1. SecureAuth allows you to easily trust 1 SSL point
So there you have it, we all know it’s dangerous out there and events like this just prove it.
Keep in mind that SecureAuth is not only the first product that allows for 2-Factor location based authentication to internal and SaaS applications but we were the first and still the only product that allows for this level of granular control of what your end users will validate against.
Take a minute to contact our sales department for a demonstration of this functionality. Sales@gosecureauth.com
Categories
Blog |
Tags
|
Author
Chris |
|
Welcome to 2012 – It’s a BYOD World. (That’s “Bring Your Own Device” in “IT” speak.)
SecureAuth and Support of BYOD (Including Amazon Kindle demo)
Enterprises are both:
- Encouraging users to use their own devices (For Cost Cutting)
- Being demanded to support End User devices (For Ease-of-use, Convenience)
The Concept of enterprises:
- Supplying all client side devices
- Locking down all client side devices
Well – is fantasy.
End user are able to access the internet, not just from the millions of Apple iOS devices - but from everything from bubble-wrap Android Phones bought at Walmart (See Image #1), Amazon Kindle devices for $175 (See image #2) – even including the Nintendo Wii gaming devices (See Image #3).
Image #1: Android Smart Phones, with full app and browser ability can now be purchase in buble waps at Walmart.
Image #2: Amazon Kindle Fire, at a whopping $199 – are legitimate wifi-enabled, browser based device – ready for corporate work – when protected by SecureAuth.
Image #3: Even the wonderful Nintendo Wii, is a legitimate member of the internet – and can be protected by SecureAuth.
If It’s Impossible to control the EXPLOSION of Client Devices – what is IT to do?
Control Access to your resources. The laws/regualations around IT have not changed – just becasue their are browsers on bubble-wrap devices and gaming tools.
All the same rules/guidances are in tact – Enterprises must still follow the 3 A’s of IT Security:
- Authentication
- Authorization
- Audit
It does not matter – if the user came from a Apple Air or a Android HTC or Lenovo laptop. The enterprise must still show:
- Which user accessed the resource?
- What authentication mechanism was utilized?
- Why the user was allowed the priviledged (Authorization)?
- When the user was given access?
The world has changed – And change is Good!
But we need to have the tools to manage/collaborate with the change. Not only has their been a (wonderful) explosion of client devices – their has also been an explosion of enterprise resources.
It’s NOT enough to put up a gateway around the perimeter!!
The modern IT environment requires access at the following (3) accss points:
- Enterprise-Hosted Applications
- Gateway/VPNs
- Cloud-Based Resources
This is the modern IT world – users need to be able to get to these resources – with whatever device they choose to use.
Image #4: SecureAuth becomes the authentication mechanisms that validates the user identity, regardless of device – and then provides access to the corporate resource.
Don’t Authenticate the Device – Authenticate the User!
This is the SecureAuth mantra! You are being asked by the regulations (PCI DSS, NCUA, FFIEC, HIPAA/HITECH, CJIS) to identify the user and then allow access. This is EXACTLY what SecureAuth is capable of doing.
SecureAuth uses flexible authentication mechanisms, mixed, matched – any way you choose, to allow access:
SecureAuth supported authentication mechanisms include:
- SMS
- Telephony
- X.509
- E-mail OTP
- KBA/KBQ
- Help Desk
- Password
All based on your enterprise-held identities – meeting all compliance criterias. It’s a new world – and the new world is good. Happy Wii’ing!
And contact us – to learn how to protect your corporate resources – in BYOD wordl.
—
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
SecureAuth and Support of BYOD (Including Amazon Kindle demo)
Categories
Blog |
Tags
|
Author
Garret |
|
Giving access to remote users has become a pressing issue since more than ever companies are having their employees work from home or on the road with mobile devices. Today users have the ability to open up a IPad and show a presentation to people on the fly. That is why Enterprises have to secure these mobile devices but have found that it isn’t easy to do one never the less to deploy17,000 Google email accounts to mobile users. This has become an even more of an issue since 2011 showed us that many organizations that don’t use bilateral authentication were being breached.
Image #1: Enterprises are wrestling with (2) types of Remote Acesss: (1) to the enterprise and (2) to the cloud. SecureAuth helps with both.
SecureAuth secures your remote users through your directory and gives them secure access to your gateway, web, cloud and mobile environment. Then SecureAuth logs the event in a syslog or text. SecureAuth wanted to make the process as seamless to the user as possible but also wanted to utilize the strength of X.509v3 certificates to reduce the risk of unauthorized access, phishing and password attacks. In addition allows your remote users to meet audit compliance like PCI, HIPPA, FFIEC, NCUA, CJIS.
With a number of organizations going to Google Apps, everyday thousands of companies go with Google. SecureAuth developed auto-profile provisioning for IOS devices allowing SecureAuth to verify a user though AD put a randomized password in the correct Google Domain at the same time store it in your IOS AcitiveSync profile. This allows the user to securely sync his Google email to his IOS device.
If you have remote users that are using mobile devices that are not secure, call today. We can have you up and running by the end of next week so take advantage of or free proof of concept before it is to late.
–
Thurs, Feb 23rd 10am PST
Categories
Blog |
Tags
|
Author
Talton |
|
Had a great week last week – talking Google and SecureAuth from San Francisco to Houston to Atlanta to Ft Lauderdale.
The bottom line question is:
If Google Apps is such a complete package, why do I need SecureAuth?
Well – let me help..
I created a Google/SecureAuth Matrix to help understand when SecureAuth is needed.
And…
Since it’s a blog – put it in easy question/answer form:
Q: I need 2-Factor authentication but why do I need SecureAuth, Google offers 2-Factor, right?
A: Google’s 2-Factor allows user’s to opt-in, opt-out. It is a GREAT feature for users deployed in environments where the company doesn’t offer SecureAuth – but the user wants security. But this should NOT be confused with ENTERPRISES who have to meet security compliance measures (PCI DSS, FFIEC, NCUA, HIPAA/HITECH, etc) authentication regulations.
These (and other) authentication regulations require a NON-OPTIONAL 2-Factor authentication – e.g. a system that FORCES the user to conduct 2-Factor. SecureAuth is this solution for Google.
Q: So if I want to use Google Apps for resources/apps that have to meet compliance standards – I should use SecureAuth?
A: Yes – SecureAuth meets all the authentication regulations (PCI DSS, NCUA, FFIEC, SOX, GLB, etc). It’s one of the primary reasons enterprise deploy SecureAuth – to take advantage of the wonderful applications that Google offers – and still meet the regulatory compliance measure.
Not just for authentication but for:
- User Lifecycle Management
- Data Store Management
- Authentication Flexibility
- Logging
Q: I love Google Apps, its so amazing with all its growing functionality – but i don’t want to issue my users a new ID – can SecureAuth help?
A: Exactly. This is exactly the point of the SecureAuth solution. (See diagram.) SecureAuth utilizes existing the existing datastore – and thus the user does NOT have know/remember their, new, Google ID.
Image #1: SecureAuth utilizes the existing enterprise directory (AD and other) for both internal SSO and external 2F authentication.
Q: OK – but do these users now have a new password?
A: NO! No new password is needed!
This is the whole point of the SecureAuth architecture – the user only has to remember their EXISTING userID/password (most often, but not restricted, to Active Directory)- and NOT learn/remember the Google ID/password.
Q: OK – so if I can use my existing Active Directory – can’t I just use the AD domain logon ID – and not have my users log in again, at the browser?
A: Yes. SecureAuth is uniquely architected to utilize the EXISTING domain logon – if the user has logged into the enterprise domain – the user does NOT need to log in again. SecureAuth picks up the user and logs the user directly into Google. (With no prompt.)
Q: Does that mean I have to put something on my AD Domain Controller? My AD admin has already told me – that he finds those solutions kludgy and will possibly break my audits?
A: SecureAuth for Google is uniquely designed to PLACE nothing on the AD. No components, no modifications. It’s the only solution cloud or appliance based that the AD admins approve of of AD IWA SSO. (That’s what the “desktop SSO feature” is called – Active Directory IWA [Intergrated Windows Authentication])
Q: Ok – so you got my internal users covered – what about external – what are my authentication options?
A: Great question. That’s where SecureAuth excels. Not only can it ENFORCE a User/ID Password (for AD or other) – but it also can enforce a 2-Factor authetnication, based on the secutrity requirements of YOUR enterprise.
SecureAuth is what Gartner refers to as a V.A.S. (Versatile Authentication Service). SecureAuth authentication comes standard – with these authentication mechanism – BUILT IN:
- SMS OTP
- Telephony OTP
- E-Mail OTP
- Knowledge Based Authentication (KBA/KBQ)
- Static PIN
- X.509
- CAC Cards
- YubiKey
- Password
Q: Yes – but i need 2-Factor, but more importantly, I can’t have a high friction experience for my users – like a SMS call every time.
A: SecureAuth is a revolutionary multi-technology that does NOT require users to understand how to conduct a 2-Factor authentication. (SecureAuth User Authentication Experience).
The paradigm of authentication is:
- It must be secure
- It must be seamless to the user
SecureAuth does this through browser based walk-thru authentication, and advanced PATENTED crypto-authentication.
The 2-Factor is:
- Non-Phishable
- Resist DNS attacks
- And…
- Seamless to the users
Q: You haven’t said anything about SSO to other apps?
A: You haven’t asked.
Q: I have other SaaS (Concur, Salesforce) Apps – can SecureAuth help?
A: Yes – SecureAuth for Google provides TRUE web SSO between multiple SaaS apps – the user does NOT need to log on again. And can conduct, first – an internal authentication – or an external authentication.
Image #2: SecureAuth provides SSO into Google and other SaaS applications, in addition…
Q: I have on-premise Web Apps (ASP.NET, IBM WebSphere, Oracle WebLogic – I would like SSO into – can SecureAuth help?
A: Yes – SecureAuth provides TRUE web SSO between Google and on-premise web applications. In a secure manner that doesn’t require extra proxy components.
Image #3: SecureAuth also provides SSO into the legacy on-premise applications for Google deployments.
Q: OK – SaaS SSO and Web SSO – do I have to build my own portal?
A: No – that’s the coolest thing about SecureAuth 6.2 – it has a portal built in for both Web and SaaS SSO.
It is the only SSO appliance that has built in:
- Web/SaaS Portal
- SAML Support (1.1, 2.0)
- OpenID Support
- OAUTH Support
- Microsoft FBA Suport
- Sharepoint Support
- IBM LTPA Support
- WebService Authenticaiton Support
- And:
- 2-Factor Authentication
- Password Reset
- User Self-Management
- Help Desk Support
Image #4: SecureAuth has a built-in SaaS/Web SSO portal for Google and other apps.
Q: What about mobile – does SecureAuth do anything for my mobile users?
A: Yes – SecureAuth solves the (2) hardest problems for mobile users:
Secureauth is able to provision the mobile user with:
- Google ID
- Google Domain
- Google Password
Without the user or the enterprise knowing the Google ID or password. It’s a really amazing solution that Google is recommending to their customers.
Image #5: SecureAuth provision the iOS device with the user’s Google ID and Password and at the same time provisions the ID/Password at Google – for a painless helpdesk free iOS provisioning process to Google.
–
It’s really a very powerful story – SecureAuth Google – and we highly recommend you contact us to learn more.
—
Garret Grajek is CTO and a co-founder of SecureAuth. SecureAuth is a single appliance solution that delivers configurable 2-Factor and SSO authentication for Web, VPN and SaaS based solutions.
Categories
Blog |
Tags
|
Author
Garret |
|
