Which part are we talking about?
Cloud Security
Don’t loose it Don’t get it
stolen
Secure infrastructure
Secure operations
Close back doors
Enterprise Identity
Management
User Access management for the cloud
This part
Cloud access from mobile
devices
Enterprise BYOD
strategy
Authenticate Device
What’s needed?A Layered Approach with Versatile Authentication
An ASSA ABLOY Group brandPROPRIETARY INFORMATION. © 2011 HID Global Corporation. All
rights reserved.An ASSA ABLOY Group brandPROPRIETARY INFORMATION. © 2011 HID Global Corporation. All rights reserved.
Authenticate user
Authenticate to the Cloud
Determine Risk
Authenticate from anywhere, anytime
Risk Based Authentication
Layer 3 Pattern-based intelligence• OOB Verification• KBA
Layer 2 End-point Authentication• Device identification and
Profiling• Proxy Detection• Geo-location and velocity
check
Layer 1 User Authentication (Multifactor)• Something you know
(passwords)• Something you have (token or
tokenless)• Something you are
(biometrics, Behaviormetrics)
User Access Management for the cloudOptions
Open Access Accessible on the public internet. Username / password,
per cloud application.
Open Access
Behind the VPN Remote users must first authenticate to the VPN, then
enter username & password.
User Access Management for the cloudOptions
Open Access
Behind the VPN
Federated Identity Mngment User authenticates to central portal, through which he/she
gains access to multiple cloud / internal applications
User Access Management for the cloudOptions
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth Strong authentication to the individual cloud software
application
User Access Management for the cloudOptions
User Access Management for the cloud Selection criteria
External threats
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
Protection against attacks lauched over the internet, such as APTs, ad hoc hacking attempts and ex-employees
External threats
Internal Threats
Open Access
Behind the VPN
Federated Identity provider
Native strong auth
Protection against fraud from internal employees
User Access Management for the cloud Selection criteria
External threats
Internal Threats
BYOD
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
Suitability to access from personal mobile devices
User Access Management for the cloud Selection criteria
External threats
Internal Threats
BYOD User Convenience
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
Ease of access for legitimate users
User Access Management for the cloud Selection criteria
External threats
Internal Threats
BYOD User Convenience
Audit & Compliance
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
Retention of a centralized record of user access across different applications. Application of access policy
User Access Management for the cloud Selection criteria
External threats
Internal Threats
BYOD User Convenience
Audit & Compliance
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
-
External threats
Internal Threats
BYOD User Convenience
Audit & Compliance
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
-
-
External threats
Internal Threats
BYOD User Convenience
Audit & Compliance
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
-
-
External threats
Internal Threats
BYOD User Convenience
Audit & Compliance
Open Access
Behind the VPN
Federated Identity mngmt
Native strong auth
-
-
Federated Identity Management Solution
IdP Product (e.g. 4TRESS)• Manage user credentials• Authenticate users• Apply policy • Assert Identity to service provider• Authentication for VPN & internal
applications