VASCO Vision & Solution Roadmap · Hardware authentication have their place Effective, easy, user-friendly, can be mass-produced, portable… But, there are now a multitude of “things”

VASCO Vision &Solution Roadmap

© 2012 - VASCO Data Security

Benoit Grange

Kevin Donovan

Solution Roadmap

Agenda

� VASCO Basics

� Market Adaptation

� DESS & Client Strategy


� Server Strategy

� Authentication Services

� Questions

2

Simplicity

To sell a product effectively, an organization must understand the complexity of the problem it solves.

© 2012 - VASCO Data Security 3


VASCO simplicity

Security


CostEase-of-Use

5

VASCO 101: Multi-Channel


Ta-Daaaa


Evolution: VASCO Pack Strategy

Windows

Desktop Login

Upgrade strategy


“The times…they are a changin’”

� Virtualization

� Commoditization

� Competition

� Mobile Applications

� Cloud Computing


� Cloud Computing

� Fraud

� Security Breaches

� BYOD

9

Authentication Market Overview

Demand for “Strong Authentication” is growing � Increase in online fraud, regulation, and risk

of financial losses from identity theft

� 7-8% CAGR from 2008-2015

� $500M TAM growing to $650M by 2014

Today’s authentication market is changing

**Authentication Forecast WW, 2008-2015


Today’s authentication market is changing� Hardware is accepted

� Data Document Signing is growing

� Software solutions are emerging

� Online applications focused on vertical niches (E-bank, VPN, Gaming)

� New markets are growing (SaaS, Social Networking, Healthcare, Insurance, media, and others)

*Frost & Sullivan 2009

Today’s market shows large success in “niches”Breakthrough opportunity exists for ubiquitous solutions and providers

10

Changing Markets….New Challenges


Corporate Profile

� Global company HQ in Europe

� Listed on Nasdaq: VDSI

� A leading software company,

specializing in Internet security

� 10,000 customers in100+


� 10,000 customers in100+

including 1,700 banks

� 36 consecutive profitable quarters

� Debt free

� Global success supports traditional

markets and innovation

12

…

Product Roadmap Overview 2011

© 2012 - VASCO Data Security2012 Q1 2012 Q2 2012 Q3 2012 Q4 2013 Q1

13

� Hardware authentication have their place

� Effective, easy, user-friendly, can be mass-produced, portable…

� But, there are now a multitude of “things” that users carry already that have storage capacity, processing power…

� Phones, PDAs, laptops, physical access cards, smart

Client Vision


� Phones, PDAs, laptops, physical access cards, smart cards, Digipass

� Identifying the points of commonality among all (or most) customers

� This becomes a logical point to deploy more security

� This becomes a logical point to bring value

14

DIGIPASS Client Family

DIGIPASS GO range with e-signature capability

DIGIPASS e-signature devices

DIGIPASS Softwarerange

DIGIPASS PKI range for


DIGIPASS PKI range for authentication using digital signatures

DIGIPASS card reader range for authentication using electronic and digital signatures

15

DP HW Roadmap: DP837

Release: Cebit 2012

� Concept develop by VASCO Advanced Development,

in light of finding alternative data transmission

methods, besides optical and USB

� Better solution than optical for disabled people who


� Better solution than optical for disabled people who

can’t physically operate an optical device or suffer

from epileptic seizures

� Solution will work with smartphones and tablets,

which is a key requirement in Germany (optical

devices usually don’t work with smartphones)

16

* DP HW Roadmap: NFC Investigation

� NFC Enabled Signature device

� Product is not planned for development, but study

will be conducted by R&D. We plan a go-to-market

in 2 years

� Vasco expects this product to be the next generation

product which will come after the accoustic devices,


product which will come after the accoustic devices,

and which can operate silently

� Our assumption is driven by the shift towards mobile

banking on smartphones and tablets and the fact

that all new models will support NFC (Near Field

Communications).

17

.

.

.

“Internet of Things”


.

18

Example


Example: Mobile Platform

� Traditional model or embedded model

� Opportunity or threat

� COTS vs In house

� 5.9 billion mobile subscribers (87%)*


subscribers (87%)*

� 1.2 billion mobile web users*

� 8 trillion SMS messages sent in 2011*

20

DESS Objectives

� Embed Digipass/DP+ client in hundreds of millions of devices

� Tokens

� Mobile

� Software

DigipassClient

OEM Providers

• DP+ Client • VeriSign• Quest Software• Oberthur• Verizon


� PCs

� Tablets

� License the software

� Activate the user

Mobile Platform

Chipset Manufacturers

• Verizon

• Kony• Option• Trusteer

• Intel• AMD• ARM

21

DESS Initiative

Value Proposition

Reduce cost, improve usability and increase end-user reach

Intel integrating VASCO value into client platforms

Now integratedinto a PC, Mobile, etc.

What is embedded authentication?


Reduce cost, improve usability and increase end-user reach

Breakthrough opportunity toexpand into new niches and applications

Take advantage of existing marketswhich already support OTP

22

Value Flow

Platform Flow

Relationships

2nd factor authentication

Authenticaiton EcoSystem


End User

authentication

23

DESS Roadmap

� DIGIPASS Embedded Security Solution(DESS)

� DIGIPASS Mobile

� DIGIPASS SDK

� DIGIPASS for Window (Intel)

DP SDK


(Intel)

� DIGIPASS for Web (Intel)

� DIGIPASS Nano

24

Virtual DP

(SMS OTP)DP for Web/WindowsMobile

Solutions

DESS Roadmap: DP Nano 1.5

� Release Date : June 2012

� Features

� Same Software.

� 4G Form Factor (Iphone 4, Ipads)

� Requested by virtually all the interested customers

� Insertion Guide

� To better deploy the DPNano solution.


� To better deploy the DPNano solution.

Peel Off Get SIM in the Guide Press & Remove

25

DESS Roadmap DP SDK for OEM

Release : February 2012

� Features

� Application number extension

� DPS Provisioning Integration Scheme


� Goal is to support DESS strategy.

� HP, ARM, TrustZone, Option

� HTC, Trusteer, Etc …

26

Intel

� Ultrabook Adoption of IPT

� 30,000,000+ IPT

� Introduction of True Cove (eSig)

View seen by malware


Cove (eSig)

� Door opener to PC OEM, ARM, etc.

27

What PCs have Intel® IPT?

Dell Latitude E6420 Dell Latitude E6520HP ProBook 6560b XU054UT

HP ProBook 6360b XU055UTHP EliteBook 8460p XU060UT#ABA

Dell Latitude E5520

HP EliteBook 8460p -XU065UA#ABA

HP ProBook 6360b XU056UT

Lenovo ThinkPad T420

HP EliteBook 8460p -XU058UT#ABA


HP EliteBook 8560p -LQ589AW#ABA

Lenovo ThinkPad T520Lenovo ThinkPad W520


Over 41 currently shipping PCs and laptops from top OEMs are in the market today.

More will be available for Back to School, and a third wave will hit shelves in time for the holiday season.


Lenovo ThinkPad T520W520 XU064UA#ABA



Lenovo ThinkPad T420s

HP ProBook 6560b XU053UTHP EliteBook 8560p -XU063UT#ABA

Lenovo ThinkPad X220 Tablet


Lenovo ThinkPad X220

Dell Latitude E5420

HP ProBook 6460b XU050UT Dell Latitude E6320HP ProBook 6460b XU049UT


28

DESS Roadmap: DP For Web 3.1 IPT

� Estimated Release: Windows June, Web November 2012

� Features

� WYSIWYS integration

� Extension to e-Signature capable solution.

� DPS Integration with new OTPS Specifications


View seen by a user View seen by malware

Encrypted bitmap; On-screen randomly placed keypad

29

VASCO PKI Strategy

� Bundling strategy

� Citrix:� Products supported: Citrix XenApp, XenDesktop, online/offline Citrix

client plug-in,

� Main solution targeted: Document signing, secure mass storage and Citrix PKI login

� Brochures available


� Brochures available

� Microsoft : � Products supported: MS office, Microsoft EFS encryption,

� Main solution: Document signing, secure mass storage, secure laptop and windows PKI login

� Bundling Strategy

� Checkpoint : Secure your laptop and remote access

� Supported Products: End point security, full disk encryption and VPN client

� Main solution targeted: Pre-boot authentication & disk encryption

VASCO PKI Strategy


� Main solution targeted: Pre-boot authentication & disk encryption

� New brochures available

DP PKI Roadmap: IAS Ecc

� Release : March 2012

� IAS Ecc applet with new chip in all VASCO PKI product.

� (Identification Authentication Signature – European Citizen Card)

� Ensure interoperability of e-Services cards throughout Europe


DP 101 DP 200 DP 860

32

DP PKI Roadmap : DP KEY 202

� Release : April 2012

� Features:

� PKI + Extended memory: option 2 to 32 Gbytes

� Alternative to DP key 200 for large deployment.

� Sim card form factor could be inserted after the distribution.

� Sim card : IAS Ecc supported

� Graphics customization :photo on the casing


� Used a other card in the customer solution

� Market: renewal certificate not permit. Banking, Enterprise security, CAuthority

33

DESS & Client Conclusion

� Objective:

� Support traditional business

� Expand to new markets

� Expand to new verticals

� Embedded Credentials


� Targets

� DP+/DESS Consumers

� Identity Providers

� ASP Requirements

� CA

34

Server Drivers

� Virtualization

� Cloud Computing

� Security Hacks (Advanced

Persistent Threats)

� Simplicity


� Simplicity

� Compliancy

� Federation & Mash ups

� Web SSO

� Manageability

35

IDENTIKEY Strategy

Goal: With one DIGIPASS Secure all your applications� Address the trend of virtualization:

� Interfacing with Virtualization applications� Terminal Server� Citrix Environment� VMWare

� Offer a virtual Solution of IDENTIKEY


� Offer a virtual Solution of IDENTIKEY� Enhance our SMS offering� Improvement administration and helpdesk� Enhance Security� Enhance functionalities to facilitate migration from RSA� Extend the interfacing protocol to support more

application. (SAML)

36

IDENTIKEY Strategy : Product Name Change

Current Product Offer

� IDENTIKEY Server

� Identifier Appliance

� IDENTIKEY Federation Server

(end of) 2012 product offer

� IDENTIKEY Authentication Server

� IDENTIKEY Appliance

� IDENTIKEY Federation Server


The name change will be performed

gradually during 2012, to be ready by

end of Q3.

37

IDENTIKEY: Virtual Appliance

� For small-size customers : the price of an appliance is an obstacle

� 5, 10, 25, 50 users Appliance: 1500 $ ~ 8000 $

� For large customers: >100K users

� No hardware limitation (resources, performance)

� Changing environment, newer technologies & trends

� More & more virtualization


� More & more virtualization

� Avoid technical intervention

� Setup, existing Apache Tomcat, existing PostgreSQL

� Solution for request for demo

� In a market where shipping an appliance is difficult

� Remote offices

� Small resellers

38

IDENTIKEY Roadmap : Virtual Appliance

� Release : Q2 2012

� Version for demo purposes or lab use

� Fixed HD size, 8GB, unchangeable

� Runs on VMWare Player (only)

� Commercial available product:


� Commercial available product:

� Dynamic hard disk size

� (will be performed in several stages / several releases)

� To support large number of users if necessary

� Support VMWare ESXi and Citrix XenServer

39

IDENTIKEY Roadmap: Federation Server

UserApplication

SAML

ApplicationWeb SSO

Active Directory

IDENTIKEY Federation

Server

RADIUS


User Application

SAML

Application

Active Directory

IDENTIKEY Federation

Server

IDENTIKEY Server

Database

Federated Authentication

40

IDENTIKEY Family: Roadmap

Identifier3.4.6.0

Identifier3.4.5.0

IdentikeyServer 3.4

IdentikeyServer3.4SR1

IdentikeyServer 3.5

Identifier3.5.7.0

Virtual Identifier

Virtual Identifier

Virtual Identifier

Support SUN/ORACLE LDAP Directory Server

Complete upgrade of VDP function to support for the latest technologies


20132012

Identifier

IFS 1.1 IFS 1.2

IdentifierIdentifier

IFS 2.0

41

nCipher HSM

VMWare ESX 4.x

Microsoft SBS2011

Support Citrix XenServer 6.0

Support Temporally users

Support separate network for administration usage

� Release : January 2012

� Support nCipher HSM

� Support Temporally users� (Competitive advantage of RSA)

� Support VMWare ESX 4.x� (Latest version)

IDENTIKEY Roadmap: Authentication Server V3.4


� (Latest version)

� Support Microsoft SBS2011� (Latest version)

� Performance Testing large deployments � feedback in detail on performance numbers in manuals� (report available 6 weeks after software release)

42

� Release : April 2012

� Support separate network for administration usage only� Added value: option that allows completely separated admin

network, which means higher security

IDENTIKEY Roadmap: Authentication Server V3.4 SR1


� Support Citrix XenServer 6.0� (Latest version)

� Solution for helpdesk access to audit on Identifier� Added value: help desk staff does not need admin rights to

perform auditing, which means higher security.

43

� Release : Q4 2012

� Support Automatic Token Disabling (Competitive advantage of RSA)

� Adaption to allow a pre-installation configuration of Identikey on Identifier� Added value: allows customers to set up their own set of parameters (like

admin account, database, encryption key, etc).

IDENTIKEY Roadmap : Authentication Server V3.5


� Support Dynamic RADIUS Attributes (AD Password, token info)� Added value: allows for Client- or application based authorisation based on

these dynamic attributes.

� Support SUN/ORACLE LDAP Directory Server

� Complete upgrade of VDP function with support for the latest technologies that are used by new generations of SMS gateways.

44

� Enhancement of existing tools (IK 3.4)

� Webfilters (CWI, OWA): Q1

� Support WS2008/IIS7 in native mode instead of IIS6 backwards compatibility mode

� Support the latest versions of CWI and application serversCitrix Web Interface 5.4

� Enhancement of existing tools (IK 3.5): Q3

� Webfilters (CWI, OWA)

IDENTIKEY Roadmap: Tools


� LDAP Sync Tool

� DAWL

� Plugin SBR

� New tools

� DIGIPASS Authentication for Remote Desktop Web Access: Q2

� DIGIPASS Authentication for Remote Desktop Gateway: Q3

� DIGIPASS Authentication for IBM Lotus Domino:Q4

45

IDENTIKEY Roadmap: Appliance

� 3.4.6.0: Release date: May 2012

� general improvements – integration of Identikey V3.4 SR1

� 3.5.7.0: Release date: Q4 2012

� general improvements – integration of Identikey V3.5


Identikey V3.5

� Security enhancements for administration functions� Administrators: split networks

� Help desk: limit access rights to auditing only

� Driver = security at maintenance levels

� Merge with IFS

46

Released : Q3 2012

� Improvements that will make IFS become and behave more as Identikey

� Improvements that allow easier integration into famous applications (SFDC, GoogleApps, LinkedIn, Webex, Office365, etc)

IDENTIKEY Roadmap: Federation Server 1.2


� Support OAuthV2

� IFS Manager function to better manage SAML2.0 configuration

� Option to retrieve attributes.

� Application Management

47

� With the development of SaaS there are significant business applications hosted outside the enterprise security network: � Billing Systems� Payroll Applications� Social Security Applications

VASCO DIGIPASS as a Service


� DIGIPASS as a Service helps an ASP and Enterprise overcome the barriers associated with implementing user authentication

DIGIPASS as a Service is the Managed, Cloud-based, Authentication offering from VASCO

How does it work?

SAML

© 2012 - VASCO Data Security /REST

Server Conclusion

� Complete Server Portfolio

� Server� Pack

� Software

� Appliance, Virtual Appliance

� API


� API

� Cloud Offering

� Enhanced Security

� Virtualization

� Enterprise Support

� Total Solution

50

Authentication Services Drivers

� Objective:

� Support traditional business

� Expand to new markets

� Build a recurring revenue services business

� Maintain VASCO’s global leadership position


� Targets

� Enterprises

� SaaS Applications

� Identity Providers

� Consumers

51

.

.

Digital Identity


.

..

52

Digital Identity Expanded

.

.

.


.

53

Convergence

.

.

.


.

54

Multi-Device and Digital Identity


The Impact of Fraud

� High Tech Fraud:

� Phishing

� Pharming

� Man-in-the-Middle attacks

� Trojan Horses

� Key Loggers


� Key Loggers

� Low Tech Fraud:

� PC/PDA/mobile phone stolen

� Passwords written down on post-its

� Redundant passwords

� Regulation & Compliance

56

Digital Identity

.

.

.


.

57

VASCO Ecosystem


How to integrate into the ecosystem?


Online Application

dp+ Integration


Questions


Documents

VASCO Vision & Solution Roadmap · Hardware authentication have their place Effective, easy, user-friendly, can be mass-produced, portable… But, there are now a multitude of “things”