SecurePass at OpenBrighton
3 likes•1,182 views
This document discusses enterprise identity and security in the cloud. It describes SecurePass, a product from GARL that provides single sign-on and strong authentication for cloud applications. SecurePass uses one-time passwords for authentication along with identity management and single sign-on capabilities. It integrates with various applications and networks in an open and compatible way. The document also discusses the security of SecurePass and GARL's datacenters and keys, and provides a case study of SecurePass being implemented for a financial institution.
SecurePass at OpenBrighton
- 1. ENTERPRISE SECURE IDENTITY IN THE CLOUD WITH SINGLE SIGN-ON AND STRONG AUTHENTICATION MAKING THE CLOUD A SAFER SPACE Giuseppe Paternò, Director of GARL @gpaterno | www.gpaterno.com
- 2. ABOUT ME IT Architect and Security Expert with 20+ years background in Open Source and Cloud (OpenStack, OpenNebula, ...). Former Network and Security architect for Canonical, RedHat, Wind/Infostrada, Sun Microsystems and IBM and Visiting Researcher at the University of Dublin Trinity College. Past projects: standard for J2ME Over-The-Air (OTA) provisioning along with Vodafone, the study of architecture and standards for the delivery of MHP applications for the digital terrestrial television (DTT) on behalf of DTT Lab (Telecom Italia/LA7) and implementation of HLR for Vodafone landline services. Lot of writings, mainly on computer security. CTO and Director of GARL, a multinational company based in Switzerland and UK, owner of SecurePass and SecureAudit.
- 3. IT security products and virtualization services focused on identity protection on the Cloud. Born from Symantec, conducting pentest and vulnerability assessment on their behalf in EMEA Extensive OpenSource experience and large-scale Open Source projects such OpenStack, OpenNebula, .... Most of the customers in finance and telco operators HQ based in Switzerland (Lugano and Zurich) and office in London. User privacy is protected by strict Swiss privacy regulations, no UE or US exceptions allowed. MAKING THE CLOUD A SAFER SPACE
- 4. THE CLOUD IN THE ENTERPRISE It’s easy to span new instances (often) it takes less time than internal IT to have a virtual machine Great for prototyping and then they bring it into production Might have discounts from HW/SW vendor (especially HP Cloud, Azure, ....) Some applications are outsourced (eg: SalesForce, ...) Small software suppliers prefer to sell software-as-a-service
- 5. WHAT HAPPENS IN REALITY Applications and instances are out of control Not always possible to enforce IT security policies Each application have its own username/ password Prone to identity frauds and bruteforce attacks Can’t have a central point of control
- 6. 62% Increase breaches in 2013(1) TOO MANY THREATS 1 in 5 organizations have experienced an APT attack (4) 3 Trillion$ total global impact of cybercrime(3) 2,5 billion exposed records as results of a data breach in the past 5 years(5) 8 months Is the average time an advanced threat goes unnoticed on victim’s network(2) 1,3,5: Increased cyber security can save global economy trillions, McKinsey/World Economic Forum, January 2014 2: M-Trends 2013: attack the security gap, Mandiant, March 2013 4: ISACA’s 2014 APT study, ISACA, April 2014. Source: ISACA Cyber Security Nexus
- 7. Hosted Apps THE CLOUD CONTROL Cloud Orchestrator 2FA/SSO Single point of control
- 8. 345227 One Time Password 345227 345227 Identity Management Single Sign-On SECUREPASS FEATURES 3-in-1 identity management for maximum security in cloud and internet services: Strong authentication: no more passwords to remember but “one time password” generated by a token. Identity management: manage users and group lifecycles from a control panel Single Sign-On: SecurePass recognize users for every application or network integrated
- 9. CENTRAL IDENTITY MANAGEMENT SERVICE FOR ALL DISTRIBUTED APPLICATIONS AND FIREWALLS OTP is built-in and mandatory, the way around of “standard” services - OTP generated on mobile and hardware tokens - Ensure the protection against brute force password attacks Works out of the box with all VPN/SSL VPN software Works with Web applications with little or no effort Works with corporate SaaS applications like SalesForce and Google Apps Works with virtualization software such as Citrix XenApp, VMWare Horizon/vCloud & more...
- 10. SECUREPASS IS OPEN Open protocols: RADIUS, LDAP, CAS and SAML Seamless integration: works out of the box with more than 98% of the software Clients and APIs available on GitHub Python, Java, PHP, C# NSS Plugin for Linux Apache Plugin Plugin for popular CMS Wordpress, Joomla & Drupal
- 11. Python modules available in the Python Installer (PIP) GARL WORKS UPSTREAM TO ENSURE MAXIMUM COMPATIBILITY Modules are now “upstream” in the main Linux distributions: - Debian “Jessie” - Ubuntu 15.04 “Vivid Vervet” - Builds tested & available for Fedora and RHEL/CentOS - In talk with SuSE
- 12. WHY SECUREPASS IS SECURE 3 high-secure high-speed datacenters with business continuity in different networks. High-encryption and best practices as deployed in standard military environments. Core keys in a secret location, former Swiss military premise, resistant up to 10 megatons nuclear attack. Only few people has keys to access the data in the production environments and their identities is secret also to any member of GARL staff, including the board itself. Processes to revoke the above keys if one of the administrator is leaving the company or under any personal threat. Emergency procedures and legal coverage against attack targeted to GARL. PCI-DSS and ISO 17799/27001 compliant. SecurePass do not deal with your data In no case we will be handling your application data and we won’t be even able to understand what kind of application or device is behind the login process. All GARL services are covered with an insurance policy with a premier Swiss-based multinational that will be able to refund up to 250’000 CHF per incident. With special agreements, GARL is able to cover up to 5 Million CHF per incident (ask for update).
- 13. CASE STUDY WITH ING DIRECT 100 75 50 25 0 RSA VS. SECUREPASS TIME COST MTN % difference RSA SecurePass Financial advisors access to European leasing system Replacement of RSA 2 factor solution, more than 70% of savings IBM labs created plugin for IBM Websphere portal
- 14. GARL IS NOT ONLY SECUREPASS Strong authentication and identity management for cloud and internet services Password manager for teams with delegation Network security assessment up to 8 public IP Build a virtualization service on standard hardware without licence Secure storage for backup to comply to industry’s regulations Tailored security audit for web app, network, VPN and devices Secure data collection app to your centralized server BANK OF PASSWORDS Secure Data VULNERABILITY ASSESSMENT
- 16. Q&A