Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
MARCOS DE PEDRO Neoris authenware security as a service
1. Authenware - Security as a Service
October 2010
Confidential // Neoris 1
Confidential // Do Not Reproduce without prior written permission from Neoris
2. Authenware - Security as a Service
Index
About Neoris
Authenware – Security as a Service
Introduction
Authentication behavior
Process Model
Architecture
Implementation Process
Integrations & Certifications
References
Confidential // Neoris 2
3. Who we are
Neoris is a global business and IT consulting firm. We establish long-term relationships with our
clients, helping them improve performance throughout the different stages of their business. Our
unique global delivery model, combined with cutting-edge IT services, allows us to
innovate, build, deploy and operate business solutions that are both practical and visionary.
Employees: Over 5,000
Founded: 2000
Offices: 20
Headquarters: Miami, Florida USA
Fast Facts Presence: U.S., Latin America, Europe, Middle East, Africa
Confidential // Neoris 3
4. Where we come from
2010
2nd IT Consulting in LATAM – IDC Ranking
Premier Nearshore services for US
4th Largest SAP Partner in LATAM
Started Operations in the Middle East
Rapidly growing presence in Europe
Acquired 15+ organizations
Expanded throughout Latin America
Spinoff technology arm of $21Bn CEMEX
2000
Confidential // Neoris 4
5. Global Coverage
SAP Centers Software Development Centers Global Presence
Bogota.Colombia Budapest.Hungary Argentina (*) France Oman Turkey
Budapest.Hungary Buenos Aires.Argentina Australia Germany Peru United Kingdom
Buenos Aires.Argentina Culiacan.Mexico Brazil (*) Guatemala Poland United Arab Emirates (*)
Madrid.Spain Madrid.Spain Canada Hungary (*) Portugal USA (*)
Monterrey.Mexico Monterrey.Mexico Chile (*) Mexico (*) Qatar Venezuela
Sao Paulo.Brazil Rosario.Argentina Colombia (*) Morocco Spain (*)
El Salvador Netherlands Trinidad & Tobago
(*) Office locations
Confidential // Neoris 5
7. What we stand for
Unquestionable Ethics •
Commitment to our clients’ success •
Flexibility and agility with a purpose •
Teamwork spirit •
Respect for the individual and for diversity •
Accountability •
Confidential // Neoris 7
8. What we do
The essence of our expertise defines what we do
Innovate Build & Deploy Operate
Value Engineering Configure Host
Information Architecture Develop / Build Support
Process, People, Technology Implement Enhance
Business Process Design Stabilize to Operate Measure
Continuous Improvement
We innovate by constantly We build and deploy solutions by A successful project delivery is just the
converting new ideas into realities. striving to make employees a part of first step of a long-term partnership
Our cutting-edge services and our client’s team. This unique with our clients. We have the expertise
solutions are the best in class. We approach give us direct and to operate the solutions that we
are performance driven and invest in unfiltered access to the business, not deliver, ensuring incremental value to
our vision to enhance shareholder just technology. This is how we bring them. We understand our client’s needs
value. a different perspective to our and we provide continuous innovation
employees and their learning curves. with experienced resources at the
They not only execute; they highest service levels, beyond project
experience the solutions from completion.
development to implementation.
Confidential // Neoris 8
9. Industries we serve
Consumer
Manufacturing Natural Resources Distribution & Logistics Retail
Packaged Goods
Appliances Food Cement and Concrete Cargo (LSPs) Department Stores
Glass Beverage Oil and Gas Freight & Distribution Specialty Retail
Motor Vehicles Tobacco Utilities Ports and Airports Wholesale
Plastics Cosmetics Metal and Mining Rail Transportation Office Equipment
Rubber Pulp and Paper Pharmacies
Technology &
Financial Services Healthcare Public Sector Other
Telecommunications
Computer Hardware Consumer Banking Pharmaceuticals Local & Municipal Aerospace & Defense
Office Equipment Internet Banking Health Providers Regulatory Agriculture
Telecom Insurance Hospitals Public Education Education
Semiconductors Credit & Lending Medical Devices Public Services Publishing
Media & Entertainment Corporate Banking Biotechnology Safety and Police Airlines
Confidential // Neoris 9
10. Recognitions by the analysts
“Neoris is one of the best SAP service providers”
“Neoris ranks among the 25 top SAP service providers around the globe based on headcount”
“”Neoris is emerging as a Latin American contender.”
“Neoris has strong technical implementation skills…and is clearly a good candidate for SAP implementation work”
Best ranked Nearshore Outsourcing player from Latin America
“One of the fastest growing IT vendors globally, Neoris, based in Miami serves the Latin American
region and is converting prospective business in the US and Europe with clients praising IT
capabilities and transformation approaches.”
“Using Neoris for Nearshore delivery has some potential advantages for North American clients.”
“The significant presence Neoris has in Spanish-speaking countries makes it unique in its Ibero-American presence.”
Best IT Service Provider in Latin America, Global Services 100
“Neoris stands out as one of the few strong alternatives to U.S. and India based vendors”
“IDC ranked Neoris as the second-largest IT consulting firm in Latin America, and the largest in Mexico.”
“Neoris is Latin America's largest native-borne IT consultancy.”
“Neoris is one of the largest Nearshore companies in the IT Services space.”
“We believe Nearshore capabilities are an important piece of the puzzle for Indian offshore vendors. Nearshore
pure plays like Neoris should continue to thrive in this environment.”
Confidential // Neoris 10
11. Awards
SAP Awards
Strategic Reference Award
ASUG Impact Award
Innovative SAP Project Implementation
New Solution Introduction
Number of certified consultants in Latin America
Strategic Implementation - SAP MII
SAP Award of Excellence
IDC Latin America Semi-annual IT Services Tracker
2nd Largest IT Consulting firm in Latin America
2nd Largest Systems Integration firm in Latin America
1st IT Consulting firm in Mexico
1st Systems Integration firm in Mexico
1st Custom Application Development firm in Argentina
Global Services 100
Leader – South of the Border
Top 10 Best Performing Infrastructure Providers
Brown-Wilson Black Book of Outsourcing
Best Nearshore Outsourcing company from Latin America
“50 Best Managed Global Outsourcing Vendor”
The IAOP Global Outsourcing 100
Global 100 - Leaders Category
Top 10 companies by Industry Focus: Oil & Gas
Companies with most employees in Latin America
Confidential // Neoris 11
12. Selected Client List
Serving Local and Global World Class Customers
Confidential // Neoris 12
13. What makes us different
“We have a unique global approach to consulting:
We create a practical engagement model while establishing
a unique intimacy with our clients. We work hand in hand
with them, understand their business and excel at
anticipating solutions that improve their results.
That is why our tagline is Practical Visionaries.
That is what makes us different.”
Claudio Muruzábal - CEO
Confidential // Neoris 13
14. Services
Business Consulting Technology Outsourcing
Application Mgmt Services
SAP
BPO Services
Oracle
Enterprise Value Services Infrastructure Mgmt Services
Enterprise Architecture
Process Consulting Services Software as a Service (SAAS)
Software Engineering Services
Post Merger Integration Software Development
Information Mgmt Services
Testing Services
Learning Solution Services
Contact Center Services
Confidential // Neoris 14
15. Authenware - Security as a Service
Index
About Neoris
Authenware – Security as a Service
Introduction
Authentication behavior
Process Model
Architecture
Implementation Process
Integrations & Certifications
References
Confidential // Neoris 15
16. Authenware - Security as a Service
Introduction
Authentication of individuals in a network, for access to internal corporate and external Internet,
usually done using methods related to the ...
• TO KNOW: 92%
Password, PIN, sequence of characters, ...
• TO KEEP: 7%
Cards, Tokens, USB keys ...
• TO BE: 1%
Biometrics
• The first two methods have in common that are not based on systems inherent to the
individual, i.e., do not identify individuals, and therefore can reach be misused by others.
The third method works with the individual, with what we
are, that is, traits and personal characteristics that identify us
so unambiguous, and therefore can reliably authenticated as
compared with Information Systems
Confidential // Neoris 16
17. Authenware - Security as a Service
Authentication behavior: computer security as a service is evolving ...
Security today… A new concept of security…
Authentication is the most critical element to Authenware. The solution introduces a new
ensure the digital identity of authorized users to concept in the paradigm of identification (to
access certain services. know, to keep, to be): how to do.
Digital identity theft of a person is one of the Build and update a personal pattern each
most serious problems today, and is a disincentive time you enter by keyboard specific data,
for business and Internet services are developed such as username and password.
more intensively. The internal pattern is equal to:
Authentication of individuals in the network, for String
access to internal corporate and external Internet, Typing cadence
is often undertaken using one of the following
items related to ... Environment variables
TO KNOW: Password, PIN, sequence of Personal behavior variables.
characters, etc. The pattern is compared with that which
TO KEEP: Cards, Tokens, USB keys ... exists as a centralized reference.
TO BE: Biometrics
No additional hardware needed in the post authorization (card readers, biometric sensors, etc.).
Advantages
No need to install additional software on the station authorization (JavaScript).
The pattern is generated dynamically adapting to the natural evolutionary changes of the user.
The generation of behavioral patterns is transparent to the user.
Designed as a network service.
Confidential // Neoris 17
18. Authenware - Security as a Service
Authenware
Keystroke Dynamics as Solution Multi-Dimensional Algorithm
WHAT IS IT? What do you know? E.g., User-id +
Keystroke Dynamics is the manner Password, Passphrase
and rhythm by which an individual How do you type? Keystroke Dynamics
types characters on a keyboard. What do you do? E.g., hidden
WHY IS IT USEFUL? behavior, use tab or click mouse
The keystroke rhythms of a user Where are you? E.g., IP, time zone
are measured to develop a unique What do you have? E.g., OS version,
biometric pattern of the user browser version
typing pattern for future When do you use it? E.g., frequency,
authentication. day, hour
As a complement to already deployed authentication systems (both username / password
Applications
as on card access PIN, tokens, etc.)..
As a solution for access to protected resources (access by context).
To complement electronic signature systems (based on Common Criteria PIN, i.e. DNIe).
As an authentication service for managed security services.
Confidential // Neoris 18
20. Authenware - Security as a Service
Authenware - Architecture
Confidential // Neoris 20
21. Authenware - Security as a Service
Authenware - Architecture
Client Machine Application Server AuthenTest Server
Confidential // Neoris 21
22. Authenware - Security as a Service
Authenware - Implementation process
Six Steps to Implement
Install Authenware Server
Modify your pages or screen where the
login data are captured
Add your rules in your software for each
Authenware response type
Quality test (on testing environment)
Quality test (on production environment)
Monitor performance and tune it
Confidential // Neoris 22
23. Authenware - Security as a Service
Authenware - Integration
Citrix Terminal.
Using Authenware as identity verification platform accessed via a virtual terminal CITRIX.
Available in Q1 2010.
Oracle Identity Management.
Integrated with Adaptive Access Manager allows you to incorporate safety second and
third factor in Oracle management credentials system.
Available in Q2 2010.
Confidential // Neoris 23
24. Authenware - Security as a Service
Authenware - Certifications
Assessment and certification of IBG (International Biometric Group).
Evaluation INTECO (Spanish National Institute of Communication Technology - Ministry of
Industry, Trade and Tourism).
Common Criteria Certification (CCC EAL 2 in progress).
Evaluation by Gartner Group (underway).
Confidential // Neoris 24
25. Authenware - Security as a Service
Authenware - Advantages
In the workplace
No additional hardware needed for authorization of access (card readers, biometric
sensors, etc..), And therefore does not require maintenance.
It is not necessary to install additional software on the station authorization
(JavaScript).
Authenware Server
The pattern is generated dynamically adapting to the natural evolutionary changes
from the user.
The generation of behavioral patterns is transparent to the user.
Do not store any information (except on own pattern).
Host / Security System
Designed as a network service.
Confidential // Neoris 25
26. Authenware - Security as a Service
Authenware - Service Scenarios: Security
Improved security:
As a new security model for authentication, protects aspects than other models do not address
or in part do it.
Allows securing broader access to a particular system or, in concrete, specific high-risk
transactions and maximum criticality without changing any of the general security of the
application.
It incorporates a central register of actions irrespective
of the degree of integration of the applications on which
it operates.
Confidential // Neoris 26
27. Authenware - Security as a Service
Authenware - Service Scenarios: Usability
Improved customer service:
Reducing the complexity (custody, storing and usage) of passwords, cards, tokens sequences, etc ...
and update and distribution chain.
Easily and naturally in use: With Authenware more "natural" is the performance of each person
generates greater confidence.
Eliminating the misuse of them.
By increasing the time for changing passwords, reducing
incidences.
Incorporating greater confidence in electronic transactions.
Confidential // Neoris 27
28. Authenware - Security as a Service
Authenware - Service Scenarios: Logistics Cost Savings
In scenarios with key authentication / password, can increase the length of time of use on
password with a consequent reduction of changes and their associated cost.
In settings with authentication tokens, cards coordinates, etc., Can reduce the criticality in
logistics management of those elements and even be replaced, representing a considerable
saving.
In scenarios with biometric authentication, you can replace capture devices needed for
verification of identity and reduce the associated logistics management.
It should be noted that the cost of the solution practically does not
increase when the number of users, in contrast to what occurs with
other systems.
Confidential // Neoris 28
29. Authenware - Security as a Service
Index
About Neoris
Authenware – Security as a Service
Introduction
Authentication behavior
Process Model
Architecture
Implementation Process
Integrations & Certifications
References
Confidential // Neoris 29
30. Authenware References
Major financial group.
Authentication portals for "Home Banking" (400,000 users).
Public Administration of Mexico.
Authentication customs systems (100,000 internal users).
Major financial group.
Authentication credit card system (2,000,000 users).
Telefónica Ingeniería de Seguridad (TIS).
Critical systems security event correlation (District C).
Ministry of Health and Social Policy.
Telework support systems.
Confidential // Neoris 30
Today, Neoris is a 3,000 + employee company, with 18 offices and an impressive global presence (turn to next page…)
Neoris was born, not in the theoretical world of academia, but out of real-world challenges in the competitive construction materials market.Our genesis as the in-house technology consultants at CEMEX gave us an invaluable grounding in real business processes while developing innovative solutions that transformed a massive industrial conglomerate into a highly agile and much admired digital leader.
Today, Neoris is a global business and IT consulting firm. Our unique global delivery model, combined with cutting-edge IT services, allows us to innovate, build, deploy and operate business solutions that are both practical and visionary.
Our Values are the set of principles that guide all of our actions, and as such, have a profound impact on how each and every one of us thinks and acts, while doing business.They are a consistent "identity" that transcends product and market life cycles, management fads, technological change, and individual leaders. These are the values that will hold Neoris through time
At Neoris, our client relationships are partner to partner, not vendor to buyer. While other consulting firms try to solve unique client problems with off the shelf, pre-packaged solutions, we believe in a more face-to face, around-the-clock, whatever-it-takes philosophy. Our clients benefit from a responsive, one-tiered structure which allows direct contact with senior management. This structure also provides senior levels with a constant and clear view on client engagements. We share responsibility for the long-term success of every project; we are committed to continued, strong ROI long after our engagement has ended; we thrive on change and pride ourselves on the flexibility to turn rapid adjustments into opportunities, not setbacks.