Upload
donhan
View
218
Download
1
Embed Size (px)
Citation preview
VASCO Vision &Solution Roadmap
© 2012 - VASCO Data Security
Benoit Grange
Kevin Donovan
Solution Roadmap
Agenda
� VASCO Basics
� Market Adaptation
� DESS & Client Strategy
© 2012 - VASCO Data Security
� Server Strategy
� Authentication Services
� Questions
2
Simplicity
To sell a product effectively, an organization must understand the complexity of the problem it solves.
© 2012 - VASCO Data Security 3
Evolution: VASCO Pack Strategy
Windows
Desktop Login
Upgrade strategy
© 2012 - VASCO Data Security 8
“The times…they are a changin’”
� Virtualization
� Commoditization
� Competition
� Mobile Applications
� Cloud Computing
© 2012 - VASCO Data Security
� Cloud Computing
� Fraud
� Security Breaches
� BYOD
9
Authentication Market Overview
Demand for “Strong Authentication” is growing � Increase in online fraud, regulation, and risk
of financial losses from identity theft
� 7-8% CAGR from 2008-2015
� $500M TAM growing to $650M by 2014
Today’s authentication market is changing
**Authentication Forecast WW, 2008-2015
© 2012 - VASCO Data Security
Today’s authentication market is changing� Hardware is accepted
� Data Document Signing is growing
� Software solutions are emerging
� Online applications focused on vertical niches (E-bank, VPN, Gaming)
� New markets are growing (SaaS, Social Networking, Healthcare, Insurance, media, and others)
*Frost & Sullivan 2009
Today’s market shows large success in “niches”Breakthrough opportunity exists for ubiquitous solutions and providers
10
Corporate Profile
� Global company HQ in Europe
� Listed on Nasdaq: VDSI
� A leading software company,
specializing in Internet security
� 10,000 customers in100+
© 2012 - VASCO Data Security
� 10,000 customers in100+
including 1,700 banks
� 36 consecutive profitable quarters
� Debt free
� Global success supports traditional
markets and innovation
12
…
Product Roadmap Overview 2011
© 2012 - VASCO Data Security2012 Q1 2012 Q2 2012 Q3 2012 Q4 2013 Q1
13
� Hardware authentication have their place
� Effective, easy, user-friendly, can be mass-produced, portable…
� But, there are now a multitude of “things” that users carry already that have storage capacity, processing power…
� Phones, PDAs, laptops, physical access cards, smart
Client Vision
© 2012 - VASCO Data Security
� Phones, PDAs, laptops, physical access cards, smart cards, Digipass
� Identifying the points of commonality among all (or most) customers
� This becomes a logical point to deploy more security
� This becomes a logical point to bring value
14
DIGIPASS Client Family
DIGIPASS GO range with e-signature capability
DIGIPASS e-signature devices
DIGIPASS Softwarerange
DIGIPASS PKI range for
© 2012 - VASCO Data Security
DIGIPASS PKI range for authentication using digital signatures
DIGIPASS card reader range for authentication using electronic and digital signatures
15
DP HW Roadmap: DP837
Release: Cebit 2012
� Concept develop by VASCO Advanced Development,
in light of finding alternative data transmission
methods, besides optical and USB
� Better solution than optical for disabled people who
© 2012 - VASCO Data Security
� Better solution than optical for disabled people who
can’t physically operate an optical device or suffer
from epileptic seizures
� Solution will work with smartphones and tablets,
which is a key requirement in Germany (optical
devices usually don’t work with smartphones)
16
* DP HW Roadmap: NFC Investigation
� NFC Enabled Signature device
� Product is not planned for development, but study
will be conducted by R&D. We plan a go-to-market
in 2 years
� Vasco expects this product to be the next generation
product which will come after the accoustic devices,
© 2012 - VASCO Data Security
product which will come after the accoustic devices,
and which can operate silently
� Our assumption is driven by the shift towards mobile
banking on smartphones and tablets and the fact
that all new models will support NFC (Near Field
Communications).
17
Example: Mobile Platform
� Traditional model or embedded model
� Opportunity or threat
� COTS vs In house
� 5.9 billion mobile subscribers (87%)*
© 2012 - VASCO Data Security
subscribers (87%)*
� 1.2 billion mobile web users*
� 8 trillion SMS messages sent in 2011*
20
DESS Objectives
� Embed Digipass/DP+ client in hundreds of millions of devices
� Tokens
� Mobile
� Software
DigipassClient
OEM Providers
• DP+ Client • VeriSign• Quest Software• Oberthur• Verizon
© 2012 - VASCO Data Security
� PCs
� Tablets
� License the software
� Activate the user
Mobile Platform
Chipset Manufacturers
• Verizon
• Kony• Option• Trusteer
• Intel• AMD• ARM
21
DESS Initiative
Value Proposition
Reduce cost, improve usability and increase end-user reach
Intel integrating VASCO value into client platforms
Now integratedinto a PC, Mobile, etc.
What is embedded authentication?
© 2012 - VASCO Data Security
Reduce cost, improve usability and increase end-user reach
Breakthrough opportunity toexpand into new niches and applications
Take advantage of existing marketswhich already support OTP
22
Value Flow
Platform Flow
Relationships
2nd factor authentication
Authenticaiton EcoSystem
© 2012 - VASCO Data Security
End User
authentication
23
DESS Roadmap
� DIGIPASS Embedded Security Solution(DESS)
� DIGIPASS Mobile
� DIGIPASS SDK
� DIGIPASS for Window (Intel)
DP SDK
© 2012 - VASCO Data Security
(Intel)
� DIGIPASS for Web (Intel)
� DIGIPASS Nano
24
Virtual DP
(SMS OTP)DP for Web/WindowsMobile
Solutions
DESS Roadmap: DP Nano 1.5
� Release Date : June 2012
� Features
� Same Software.
� 4G Form Factor (Iphone 4, Ipads)
� Requested by virtually all the interested customers
� Insertion Guide
� To better deploy the DPNano solution.
© 2012 - VASCO Data Security
� To better deploy the DPNano solution.
Peel Off Get SIM in the Guide Press & Remove
25
DESS Roadmap DP SDK for OEM
Release : February 2012
� Features
� Application number extension
� DPS Provisioning Integration Scheme
© 2012 - VASCO Data Security
� Goal is to support DESS strategy.
� HP, ARM, TrustZone, Option
� HTC, Trusteer, Etc …
26
Intel
� Ultrabook Adoption of IPT
� 30,000,000+ IPT
� Introduction of True Cove (eSig)
View seen by malware
© 2012 - VASCO Data Security
Cove (eSig)
� Door opener to PC OEM, ARM, etc.
27
What PCs have Intel® IPT?
Dell Latitude E6420 Dell Latitude E6520HP ProBook 6560b XU054UT
HP ProBook 6360b XU055UTHP EliteBook 8460p XU060UT#ABA
Dell Latitude E5520
HP EliteBook 8460p -XU065UA#ABA
HP ProBook 6360b XU056UT
Lenovo ThinkPad T420
HP EliteBook 8460p -XU058UT#ABA
HP ProBook 6560b XU052UT
HP EliteBook 8560p -LQ589AW#ABA
Lenovo ThinkPad T520Lenovo ThinkPad W520
HP EliteBook 8460p -XU064UA#ABA
Over 41 currently shipping PCs and laptops from top OEMs are in the market today.
More will be available for Back to School, and a third wave will hit shelves in time for the holiday season.
© 2012 - VASCO Data Security
Lenovo ThinkPad T520W520 XU064UA#ABA
HP EliteBook 8560p -XU066UA#ABA
HP EliteBook 8460p -XU059UT#ABA
Lenovo ThinkPad T420s
HP ProBook 6560b XU053UTHP EliteBook 8560p -XU063UT#ABA
Lenovo ThinkPad X220 Tablet
HP EliteBook 8560p -XU062UT#ABA
Lenovo ThinkPad X220
Dell Latitude E5420
HP ProBook 6460b XU050UT Dell Latitude E6320HP ProBook 6460b XU049UT
HP ProBook 6460b XU051UT
28
DESS Roadmap: DP For Web 3.1 IPT
� Estimated Release: Windows June, Web November 2012
� Features
� WYSIWYS integration
� Extension to e-Signature capable solution.
� DPS Integration with new OTPS Specifications
© 2012 - VASCO Data Security
View seen by a user View seen by malware
Encrypted bitmap; On-screen randomly placed keypad
29
VASCO PKI Strategy
� Bundling strategy
� Citrix:� Products supported: Citrix XenApp, XenDesktop, online/offline Citrix
client plug-in,
� Main solution targeted: Document signing, secure mass storage and Citrix PKI login
� Brochures available
© 2012 - VASCO Data Security
� Brochures available
� Microsoft : � Products supported: MS office, Microsoft EFS encryption,
� Main solution: Document signing, secure mass storage, secure laptop and windows PKI login
� Bundling Strategy
� Checkpoint : Secure your laptop and remote access
� Supported Products: End point security, full disk encryption and VPN client
� Main solution targeted: Pre-boot authentication & disk encryption
VASCO PKI Strategy
© 2012 - VASCO Data Security
� Main solution targeted: Pre-boot authentication & disk encryption
� New brochures available
DP PKI Roadmap: IAS Ecc
� Release : March 2012
� IAS Ecc applet with new chip in all VASCO PKI product.
� (Identification Authentication Signature – European Citizen Card)
� Ensure interoperability of e-Services cards throughout Europe
© 2012 - VASCO Data Security
DP 101 DP 200 DP 860
32
DP PKI Roadmap : DP KEY 202
� Release : April 2012
� Features:
� PKI + Extended memory: option 2 to 32 Gbytes
� Alternative to DP key 200 for large deployment.
� Sim card form factor could be inserted after the distribution.
� Sim card : IAS Ecc supported
� Graphics customization :photo on the casing
© 2012 - VASCO Data Security
� Used a other card in the customer solution
� Market: renewal certificate not permit. Banking, Enterprise security, CAuthority
33
DESS & Client Conclusion
� Objective:
� Support traditional business
� Expand to new markets
� Expand to new verticals
� Embedded Credentials
© 2012 - VASCO Data Security
� Targets
� DP+/DESS Consumers
� Identity Providers
� ASP Requirements
� CA
34
Server Drivers
� Virtualization
� Cloud Computing
� Security Hacks (Advanced
Persistent Threats)
� Simplicity
© 2012 - VASCO Data Security
� Simplicity
� Compliancy
� Federation & Mash ups
� Web SSO
� Manageability
35
IDENTIKEY Strategy
Goal: With one DIGIPASS Secure all your applications� Address the trend of virtualization:
� Interfacing with Virtualization applications� Terminal Server� Citrix Environment� VMWare
� Offer a virtual Solution of IDENTIKEY
© 2012 - VASCO Data Security
� Offer a virtual Solution of IDENTIKEY� Enhance our SMS offering� Improvement administration and helpdesk� Enhance Security� Enhance functionalities to facilitate migration from RSA� Extend the interfacing protocol to support more
application. (SAML)
36
IDENTIKEY Strategy : Product Name Change
Current Product Offer
� IDENTIKEY Server
� Identifier Appliance
� IDENTIKEY Federation Server
(end of) 2012 product offer
� IDENTIKEY Authentication Server
� IDENTIKEY Appliance
� IDENTIKEY Federation Server
© 2012 - VASCO Data Security
The name change will be performed
gradually during 2012, to be ready by
end of Q3.
37
IDENTIKEY: Virtual Appliance
� For small-size customers : the price of an appliance is an obstacle
� 5, 10, 25, 50 users Appliance: 1500 $ ~ 8000 $
� For large customers: >100K users
� No hardware limitation (resources, performance)
� Changing environment, newer technologies & trends
� More & more virtualization
© 2012 - VASCO Data Security
� More & more virtualization
� Avoid technical intervention
� Setup, existing Apache Tomcat, existing PostgreSQL
� Solution for request for demo
� In a market where shipping an appliance is difficult
� Remote offices
� Small resellers
38
IDENTIKEY Roadmap : Virtual Appliance
� Release : Q2 2012
� Version for demo purposes or lab use
� Fixed HD size, 8GB, unchangeable
� Runs on VMWare Player (only)
� Commercial available product:
© 2012 - VASCO Data Security
� Commercial available product:
� Dynamic hard disk size
� (will be performed in several stages / several releases)
� To support large number of users if necessary
� Support VMWare ESXi and Citrix XenServer
39
IDENTIKEY Roadmap: Federation Server
UserApplication
SAML
ApplicationWeb SSO
Active Directory
IDENTIKEY Federation
Server
RADIUS
© 2012 - VASCO Data Security
User Application
SAML
Application
Active Directory
IDENTIKEY Federation
Server
IDENTIKEY Server
Database
Federated Authentication
40
IDENTIKEY Family: Roadmap
Identifier3.4.6.0
Identifier3.4.5.0
IdentikeyServer 3.4
IdentikeyServer3.4SR1
IdentikeyServer 3.5
Identifier3.5.7.0
Virtual Identifier
Virtual Identifier
Virtual Identifier
Support SUN/ORACLE LDAP Directory Server
Complete upgrade of VDP function to support for the latest technologies
© 2012 - VASCO Data Security
20132012
Identifier
IFS 1.1 IFS 1.2
IdentifierIdentifier
IFS 2.0
41
nCipher HSM
VMWare ESX 4.x
Microsoft SBS2011
Support Citrix XenServer 6.0
Support Temporally users
Support separate network for administration usage
� Release : January 2012
� Support nCipher HSM
� Support Temporally users� (Competitive advantage of RSA)
� Support VMWare ESX 4.x� (Latest version)
IDENTIKEY Roadmap: Authentication Server V3.4
© 2012 - VASCO Data Security
� (Latest version)
� Support Microsoft SBS2011� (Latest version)
� Performance Testing large deployments � feedback in detail on performance numbers in manuals� (report available 6 weeks after software release)
42
� Release : April 2012
� Support separate network for administration usage only� Added value: option that allows completely separated admin
network, which means higher security
IDENTIKEY Roadmap: Authentication Server V3.4 SR1
© 2012 - VASCO Data Security
� Support Citrix XenServer 6.0� (Latest version)
� Solution for helpdesk access to audit on Identifier� Added value: help desk staff does not need admin rights to
perform auditing, which means higher security.
43
� Release : Q4 2012
� Support Automatic Token Disabling (Competitive advantage of RSA)
� Adaption to allow a pre-installation configuration of Identikey on Identifier� Added value: allows customers to set up their own set of parameters (like
admin account, database, encryption key, etc).
IDENTIKEY Roadmap : Authentication Server V3.5
© 2012 - VASCO Data Security
� Support Dynamic RADIUS Attributes (AD Password, token info)� Added value: allows for Client- or application based authorisation based on
these dynamic attributes.
� Support SUN/ORACLE LDAP Directory Server
� Complete upgrade of VDP function with support for the latest technologies that are used by new generations of SMS gateways.
44
� Enhancement of existing tools (IK 3.4)
� Webfilters (CWI, OWA): Q1
� Support WS2008/IIS7 in native mode instead of IIS6 backwards compatibility mode
� Support the latest versions of CWI and application serversCitrix Web Interface 5.4
� Enhancement of existing tools (IK 3.5): Q3
� Webfilters (CWI, OWA)
IDENTIKEY Roadmap: Tools
© 2012 - VASCO Data Security
� LDAP Sync Tool
� DAWL
� Plugin SBR
� New tools
� DIGIPASS Authentication for Remote Desktop Web Access: Q2
� DIGIPASS Authentication for Remote Desktop Gateway: Q3
� DIGIPASS Authentication for IBM Lotus Domino:Q4
45
IDENTIKEY Roadmap: Appliance
� 3.4.6.0: Release date: May 2012
� general improvements – integration of Identikey V3.4 SR1
� 3.5.7.0: Release date: Q4 2012
� general improvements – integration of Identikey V3.5
© 2012 - VASCO Data Security
Identikey V3.5
� Security enhancements for administration functions� Administrators: split networks
� Help desk: limit access rights to auditing only
� Driver = security at maintenance levels
� Merge with IFS
46
Released : Q3 2012
� Improvements that will make IFS become and behave more as Identikey
� Improvements that allow easier integration into famous applications (SFDC, GoogleApps, LinkedIn, Webex, Office365, etc)
IDENTIKEY Roadmap: Federation Server 1.2
© 2012 - VASCO Data Security
� Support OAuthV2
� IFS Manager function to better manage SAML2.0 configuration
� Option to retrieve attributes.
� Application Management
47
� With the development of SaaS there are significant business applications hosted outside the enterprise security network: � Billing Systems� Payroll Applications� Social Security Applications
VASCO DIGIPASS as a Service
© 2012 - VASCO Data Security
� DIGIPASS as a Service helps an ASP and Enterprise overcome the barriers associated with implementing user authentication
DIGIPASS as a Service is the Managed, Cloud-based, Authentication offering from VASCO
Server Conclusion
� Complete Server Portfolio
� Server� Pack
� Software
� Appliance, Virtual Appliance
� API
© 2012 - VASCO Data Security
� API
� Cloud Offering
� Enhanced Security
� Virtualization
� Enterprise Support
� Total Solution
50
Authentication Services Drivers
� Objective:
� Support traditional business
� Expand to new markets
� Build a recurring revenue services business
� Maintain VASCO’s global leadership position
© 2012 - VASCO Data Security
� Targets
� Enterprises
� SaaS Applications
� Identity Providers
� Consumers
51
The Impact of Fraud
� High Tech Fraud:
� Phishing
� Pharming
� Man-in-the-Middle attacks
� Trojan Horses
� Key Loggers
© 2012 - VASCO Data Security
� Key Loggers
� Low Tech Fraud:
� PC/PDA/mobile phone stolen
� Passwords written down on post-its
� Redundant passwords
� Regulation & Compliance
56