SlideShare una empresa de Scribd logo

Technology Audit: Entrust IdentityGuard v10.1

Entrust Datacard
Entrust Datacard

Ovum analyst Andy Kellet reviews Entrust IdentityGuard v 10.1 in this technology Audit.

TecnologíaEmpresariales
1 de 10
Descargar para leer sin conexión
TECHNOLOGY AUDIT Entrust IdentityGuard Version 10.1 Entrust Inc Reference Code: OI00070-106 Publication Date: February 2012 Author: Andy Kellett SUMMARY Catalyst Entrust IdentityGuard is a function-rich, identity-based software authentication platform. It supports a broad range of secure authentication products. Its facilities cover the breadth of the authentication market, ranging from smartcards, mobile device usage, risk-based approaches, and one-time tokens, through to lighter controls that fit the needs of specific business activities. The tools, which can be software and hardware-based, include IP geo-location checks, out-of-band, certificate authentication, and e-grids. Entrust recognizes that different organizations and users have different authentication requirements. Its products are designed to handle these variations and support the use of mixed authentication techniques across user groups. The new IdentityGuard release, version 10.1, focuses on extending the business use of mobile devices and the opportunity to combine logical (LACs) and physical (PACs) access controls using a single authentication approach. Key findings  Entrust provides one of the broadest ranges of authentication tools available in the identity and access management (IAM) market.  Physical as well as logical access facilities are supported.  Mobile device authentication can be used to deal with the physical and logical access requirements of mobile workers, online clients, and everyday business users. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 1 This report is a licensed product and is not to be photocopied
 Mobile device authentication reduces the need for hardware-based tokens and adds extra resilience when tokens are lost or software alternatives are required.  OoB authentication, which confirms the legitimacy of transactions, is a valuable tool for detecting and preventing fraud.  Risk-based authentication links the required levels of authentication to individual activities.  Although PKI and certificate-based services are supported, a complete managed service option for IdentityGuard will not be available until later in 2012. Ovum recommends  Threats to information systems continue to grow. At the same time, systems and networks become more open as businesses collaborate with external partners, provide access to users from a variety of locations, and make use of an increasing range of smart mobile devices to gain entry. All these issues highlight the importance of identity management and its core role to allow or block user access.  The key element that drives secure access to corporate systems is identity. Identity is the foundation of secure access, but to be effective its authentication approaches must fit the risk requirements of business systems.  Users require different levels of authentication. Many need read-only access to low- level business information, a few work with highly sensitive data, and most fall somewhere in between. Business organizations need identity-management facilities that are secure enough to support a range of users and flexible enough to deal with users as their access requirements evolve and change. Value proposition Entrust has built its reputation by providing an identity-based software security platform that offers a broad range of software and hardware authentication facilities including support for federated identities and self-service administration. Release 10.1 of IdentityGuard extends this approach by making it easier for employees to use their mobile devices as a core source of authentication and information access. The approach adds convenience because users can gain access to business systems using a device that they carry with them. It offers convergence and enterprise-grade credentials because mobile technology with its near-field communication (NFC) and Bluetooth technology can be used to combine PACs (physical access control) and LACs (logical access control) authentication using a single credential. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 2 This report is a licensed product and is not to be photocopied
The target audience for Entrust is industry-wide, and because its authentication options range from very light to highly secure, there will be a range of identity-based facilities that meet the needs and budgets of most organizations. The effective management of identity is one of the most important elements of an enterprise security strategy. However, the IAM sector has a reputation for delivering complex and expensive solutions. Enterprise-level take-up continues to be restricted because of these issues. Where IAM products are used, they are usually deployed to deal with a particular business risk or address a trading requirement such as providing secure online access for employees or customers. The ways in which users now access corporate systems are changing. New mobile devices present both a security challenge relating to how access is controlled and an opportunity to replace expensive hardware-based tokens. For example, financial services organizations have deployed card readers for online customers to improve security when logging on and as a secondary method of confirming certain transactions. Today, different approaches using mobile devices, application-based software, and grid technology provide cost-effective alternatives. It is advantageous to make better and more extensive use of constantly available devices such as mobile phones, tablets, and iPads. These devices are in everyday use and can be used to support the authentication and user access requirements of businesses and their users. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 3 This report is a licensed product and is not to be photocopied
SOLUTION ANALYSIS Functionality The Entrust IdentityGuard platform was built with versatility in mind. At a very early stage Entrust recognized there would never be a one-size-fits-all approach to authentication. The company offers a very broad range of authenticators that cover high-end through to more basic requirements. Coverage includes a range of hardware and software-based one-time tokens and smartcards, risk-based authentication, IP geo-location, certificate-based authentication, use of grid cards and software grids, and user-response approaches. Some older authentication methods are now beginning to look outdated. The use of mobile devices provides a software and application-based authentication alternative. The availability of mobile OoB transaction verification is good way of defeating man-in-the-browser threats, with available geo-location checks also adding an extra layer of protection. Most business and systems users either own or are provided with a company mobile device. Employees want to use the latest devices for personal use and to access business systems. Businesses benefit from the combined use of these devices if security concerns about device use and access control are dealt with. Entrust IdentityGuard addresses mobile device issues by providing device-management and access-control facilities. Figure 1: IdentityGuard - authentication platform Source: Entrust OVUM Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 4 This report is a licensed product and is not to be photocopied
 IdentityGuard supports the use of smart mobile credentials for logical and physical access, including the use of near-field communication (NFC) and Bluetooth facilities.  Entrust uses NIST-approved personal identity verification (PIV) certificates to deal with mobile security and control issues.  IdentityGuard provides integration with leading MDM (mobile device management) vendors to support strong device identity (certificate-based device identity).  IdentityGuard provides support for digital signature and encryption/decryption facilities for secure email services. Certificate on-boarding for authentication and signing email, and S/MIME-based decryption facilities are available.  Strong certificate-based authentication is available for users accessing corporate networks using mobile devices.  Soft tokens are available in form factors that support the generation of one-time pass codes.  Software development kit (SDK) facilities that allow organizations to build Entrust mobile capabilities into their own mobile applications are also available. To date few IAM vendors have successfully addressed the need for a common approach to physical and logical access. Smartcard technology allows the combined approach to become a practical reality. Entrust IdentityGuard allows organizations to integrate the two environments. It uses secure NFC technology as an alternative to older and less secure HID physical access cards and can leverage Bluetooth to act as a smartcard reader to provide logical access to computer devices. Improved return on investment (ROI), reduced running costs, and the provision of a single integrated approach and credential are the primary drivers. Risk-based authentication allows different authenticators to be deployed to various user groups based on the amount of risk associated with each user, transaction, or particular area of the business. The usability element of the approach also allows more appropriate checks to be made if access requirements vary from the norm. Entrust IdentityGuard Server is the main component of the IdentityGuard system (see Figure 1). Entrust IdentityGuard uses a three-tie architecture approach. It is a J2EE-based solution, and the presentation layer and business logic layer can co-exist on a single hardware platform. In operational use IdentityGuard leverages an existing data repository, such as eDirectory, for data storage, and communicates with this using either Java Database Connectivity (JDBC) or Lightweight Directory Access Protocol (LDAP). Entrust IdentityGuard Server includes the following core applications and interfaces: Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 5 This report is a licensed product and is not to be photocopied
 Authentication and administration provides web services using the Java platform and C# application programming interfaces (APIs).  Administration interface, properties editor, and master user shell.  A sample web application that demonstrates service delivery capabilities. The applications and interfaces are used to authenticate and manage users and their authentication data. Figure 2: IdentityGuard - integration with an authentication application Source: Entrust OVUM Go-to-market strategy Entrust IdentityGuard provides an inclusive approach to working with the types and levels of authentication that clients choose to deploy. Its open API architecture supports a wide range of software and hardware tokens, and integration with leading MDM (mobile device management), IAM, and PKI (public key infrastructure) vendors, including Entrust PKI. This allows the solution to be used across a broad range of mature and emerging markets, and supports the ability to work with a wide range of digital certificates. Traditionally the company has targeted the financial services and government sectors where it has achieved successful results. In addition, Entrust's position as a Certificate Authority (CA) allows it to support strong certificate-based authentication that is relevant to organizations of all sizes. As a provider of mainstream authentication services, the vendors that Entrust regularly competes against include CA, Gemalto, HID, RSA, Symantec, and VascoData. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 6 This report is a licensed product and is not to be photocopied
Entrust brings its IdentityGuard product to market using a mix of direct sales and distribution partners. Its extensive list of distribution partners includes Allstream, Fishnet, HP, IBM, MPA, NeoSecure, NeTrust, PTE, and SIA. The company maintains technology-partner relationships with leading industry providers. These include formal relationships where vendors that have made their products "Entrust Ready" by including encryption and digital signature facilities. There are currently over 200 partners engaged in the Entrust partner program and 115 of their products have been awarded the "Entrust Ready" designation. Entrust works with a significant number of high-profile partners including Adobe, Cisco, IBM, Microsoft, Oracle, PeopleSoft, and SAP. Typical project values for entry-level projects start at around $20,000, the average is set at $60,000, with the largest projects exceeding $1m with a typical 80%-20% split between software licenses and services across all project sizes. Entrust has an evolving roadmap strategy for IdentityGuard. The current focus is on developing new approaches to support mobile authentication. The next release (v10.1) will build additional smart credentialing and certificate enrollment facilities for mobile. These were first introduced in the current product release. It will also introduce a managed offering for IdentityGuard during the first half of next year. Deployment The time taken for the implementation of a pilot IdentityGuard project is typically one to three days and involves between one and two subject matter experts with server, network, and repository management and administration skills. For an average sized implementation (30 user departments and above) the same skill sets apply with the potential addition of user management (helpdesk) capabilities and an implementation timeframe of two to four days. At the enterprise level (500-user departments and above) the timeline is three to five days with the same skill requirements. Entrust can supply a range of professional implementation support services. These include architecture, design and planning services, installation and deployment assistance, and endpoint integration and validation support. It extends to include customized application development and documentation services and support for customized training programs. There are three levels of technical support: Silver, Gold, and Platinum.  Silver support provides coverage Monday to Friday, 8.00am to 8.00pm EST and 7.00am to 7.00pm Greenwich Mean Time (GMT), and has an annual charge of 18% of the contract price.  Gold support extends coverage to 24 hours a day Monday to Friday and has an annual charge of 20% of the contract price. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 7 This report is a licensed product and is not to be photocopied
 Platinum support provides 24-hours-a-day, 7-days-a-week coverage and has an annual charge of 22% of the contract price. Entrust IdentityGuard is used by some of the world’s largest enterprise and government organizations. It has millions of product licenses deployed across hundreds of customers. Customer deployment examples  Bank of New Zealand is one of New Zealand’s largest banks and has been operating since 1861. The bank selected Entrust IdentityGuard because of its ease of use, low cost overheads, and because its grid card systems could be locally branded to meet the bank’s requirements. The deployment allows the bank to offer strong authentication to all new consumer banking customers. During the first phase of the project, approximately 25,000 users were provided with grid cards within a two-week period. In less than nine months, the bank issued over 130,000 cards, which represented close to half of its online customers. In a follow-up phase to its campaign against online fraud, the bank implemented additional IdentityGuard authentication facilities, including device, knowledge-based, and mutual authentication.  Société Générale, a major European bank and financial services company, needed to address an increasingly pervasive range of online identity theft attacks that were hurting its high-end clients. The protection requirement was to provide clients with an extra level of confidence and safety during online transactions and enterprise communications. Entrust IdentityGuard was chosen to replace an existing token- based solution using its grid card approach. The initial deployment was for 1,500 IdentityGuard grid cards, with the future potential of extending the service to thousands of other Société Générale customers. The grid cards, which were reported as being both secure and easy to use, are used to authenticate access to the company's investment web portal. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 8 This report is a licensed product and is not to be photocopied
DATA SHEET Key facts about the solution Table 1: Data sheet Product name Entrust IdentityGuard Product classification Identity and Access Management Version number 10.1 Release date February 2012 Industries covered Government, Aerospace, Geographies covered Global Defense, Energy, Financial, Manufacturing, Auto, Technology and Hi Tech Relevant company sizes Small, medium, and large Platforms supported Microsoft Windows, Linux, companies. Solaris, AIX, HP/UX, z/OS, Mac OS, and others Languages supported English is the default Licensing options Perpetual on a server basis language. Other languages, including French, can be supported as part of a professional services engagement. Deployment options On premise Route(s) to market Direct sales and through channel partners, VARs, and SIs. URL www.entrust.com Company headquarters One Lincoln Center 5400 LBJ Freeway Ste 1340 Dallas TX 75240 USA European headquarters Unit 4 Napier Court First North America As company headquarters Floor Napier Road Reading headquarters Berkshire RG1 8BW UK Asia-Pacific headquarters Level 57, MLC Centre 19 Martin Place Sydney NSW 2000 Australia Source: Entrust OVUM Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 9 This report is a licensed product and is not to be photocopied
APPENDIX Further reading  2012 Trends to watch: security (OI00127-046)  SailPoint IdentityIQ (v5.5), Technology Audit  Swivel PINsafe (v3.8), Technology Audit Methodology Ovum Technology Audits are independent product reviews carried out using Ovum’s evaluation model for the relevant technology area, supported by conversations with vendors, users, and service providers of the solution concerned, and in-depth secondary research. Author Andrew Kellett, Senior Analyst, Infrastructure Solutions, Security Andrew.kellett@ovum.com Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum’s consulting team may be able to help you. For more information about Ovum’s consulting capabilities, please contact us directly at consulting@ovum.com. Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (an Informa business). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions, and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 10 This report is a licensed product and is not to be photocopied

Recomendados

INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesEntrust Datacard
 
INFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsINFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsEntrust Datacard
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Datacard
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Entrust Datacard
 

Recomendados

INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesEntrust Datacard
 
INFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsINFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsEntrust Datacard
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Datacard
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? Entrust Datacard
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionEntrust Datacard
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Más contenido relacionado

Más de Entrust Datacard

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? Entrust Datacard
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionEntrust Datacard
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 

Más de Entrust Datacard (7)

Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate Management
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Technology Audit: Entrust IdentityGuard v10.1

  • 1. TECHNOLOGY AUDIT Entrust IdentityGuard Version 10.1 Entrust Inc Reference Code: OI00070-106 Publication Date: February 2012 Author: Andy Kellett SUMMARY Catalyst Entrust IdentityGuard is a function-rich, identity-based software authentication platform. It supports a broad range of secure authentication products. Its facilities cover the breadth of the authentication market, ranging from smartcards, mobile device usage, risk-based approaches, and one-time tokens, through to lighter controls that fit the needs of specific business activities. The tools, which can be software and hardware-based, include IP geo-location checks, out-of-band, certificate authentication, and e-grids. Entrust recognizes that different organizations and users have different authentication requirements. Its products are designed to handle these variations and support the use of mixed authentication techniques across user groups. The new IdentityGuard release, version 10.1, focuses on extending the business use of mobile devices and the opportunity to combine logical (LACs) and physical (PACs) access controls using a single authentication approach. Key findings  Entrust provides one of the broadest ranges of authentication tools available in the identity and access management (IAM) market.  Physical as well as logical access facilities are supported.  Mobile device authentication can be used to deal with the physical and logical access requirements of mobile workers, online clients, and everyday business users. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 1 This report is a licensed product and is not to be photocopied
  • 2. Mobile device authentication reduces the need for hardware-based tokens and adds extra resilience when tokens are lost or software alternatives are required.  OoB authentication, which confirms the legitimacy of transactions, is a valuable tool for detecting and preventing fraud.  Risk-based authentication links the required levels of authentication to individual activities.  Although PKI and certificate-based services are supported, a complete managed service option for IdentityGuard will not be available until later in 2012. Ovum recommends  Threats to information systems continue to grow. At the same time, systems and networks become more open as businesses collaborate with external partners, provide access to users from a variety of locations, and make use of an increasing range of smart mobile devices to gain entry. All these issues highlight the importance of identity management and its core role to allow or block user access.  The key element that drives secure access to corporate systems is identity. Identity is the foundation of secure access, but to be effective its authentication approaches must fit the risk requirements of business systems.  Users require different levels of authentication. Many need read-only access to low- level business information, a few work with highly sensitive data, and most fall somewhere in between. Business organizations need identity-management facilities that are secure enough to support a range of users and flexible enough to deal with users as their access requirements evolve and change. Value proposition Entrust has built its reputation by providing an identity-based software security platform that offers a broad range of software and hardware authentication facilities including support for federated identities and self-service administration. Release 10.1 of IdentityGuard extends this approach by making it easier for employees to use their mobile devices as a core source of authentication and information access. The approach adds convenience because users can gain access to business systems using a device that they carry with them. It offers convergence and enterprise-grade credentials because mobile technology with its near-field communication (NFC) and Bluetooth technology can be used to combine PACs (physical access control) and LACs (logical access control) authentication using a single credential. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 2 This report is a licensed product and is not to be photocopied
  • 3. The target audience for Entrust is industry-wide, and because its authentication options range from very light to highly secure, there will be a range of identity-based facilities that meet the needs and budgets of most organizations. The effective management of identity is one of the most important elements of an enterprise security strategy. However, the IAM sector has a reputation for delivering complex and expensive solutions. Enterprise-level take-up continues to be restricted because of these issues. Where IAM products are used, they are usually deployed to deal with a particular business risk or address a trading requirement such as providing secure online access for employees or customers. The ways in which users now access corporate systems are changing. New mobile devices present both a security challenge relating to how access is controlled and an opportunity to replace expensive hardware-based tokens. For example, financial services organizations have deployed card readers for online customers to improve security when logging on and as a secondary method of confirming certain transactions. Today, different approaches using mobile devices, application-based software, and grid technology provide cost-effective alternatives. It is advantageous to make better and more extensive use of constantly available devices such as mobile phones, tablets, and iPads. These devices are in everyday use and can be used to support the authentication and user access requirements of businesses and their users. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 3 This report is a licensed product and is not to be photocopied
  • 4. SOLUTION ANALYSIS Functionality The Entrust IdentityGuard platform was built with versatility in mind. At a very early stage Entrust recognized there would never be a one-size-fits-all approach to authentication. The company offers a very broad range of authenticators that cover high-end through to more basic requirements. Coverage includes a range of hardware and software-based one-time tokens and smartcards, risk-based authentication, IP geo-location, certificate-based authentication, use of grid cards and software grids, and user-response approaches. Some older authentication methods are now beginning to look outdated. The use of mobile devices provides a software and application-based authentication alternative. The availability of mobile OoB transaction verification is good way of defeating man-in-the-browser threats, with available geo-location checks also adding an extra layer of protection. Most business and systems users either own or are provided with a company mobile device. Employees want to use the latest devices for personal use and to access business systems. Businesses benefit from the combined use of these devices if security concerns about device use and access control are dealt with. Entrust IdentityGuard addresses mobile device issues by providing device-management and access-control facilities. Figure 1: IdentityGuard - authentication platform Source: Entrust OVUM Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 4 This report is a licensed product and is not to be photocopied
  • 5. IdentityGuard supports the use of smart mobile credentials for logical and physical access, including the use of near-field communication (NFC) and Bluetooth facilities.  Entrust uses NIST-approved personal identity verification (PIV) certificates to deal with mobile security and control issues.  IdentityGuard provides integration with leading MDM (mobile device management) vendors to support strong device identity (certificate-based device identity).  IdentityGuard provides support for digital signature and encryption/decryption facilities for secure email services. Certificate on-boarding for authentication and signing email, and S/MIME-based decryption facilities are available.  Strong certificate-based authentication is available for users accessing corporate networks using mobile devices.  Soft tokens are available in form factors that support the generation of one-time pass codes.  Software development kit (SDK) facilities that allow organizations to build Entrust mobile capabilities into their own mobile applications are also available. To date few IAM vendors have successfully addressed the need for a common approach to physical and logical access. Smartcard technology allows the combined approach to become a practical reality. Entrust IdentityGuard allows organizations to integrate the two environments. It uses secure NFC technology as an alternative to older and less secure HID physical access cards and can leverage Bluetooth to act as a smartcard reader to provide logical access to computer devices. Improved return on investment (ROI), reduced running costs, and the provision of a single integrated approach and credential are the primary drivers. Risk-based authentication allows different authenticators to be deployed to various user groups based on the amount of risk associated with each user, transaction, or particular area of the business. The usability element of the approach also allows more appropriate checks to be made if access requirements vary from the norm. Entrust IdentityGuard Server is the main component of the IdentityGuard system (see Figure 1). Entrust IdentityGuard uses a three-tie architecture approach. It is a J2EE-based solution, and the presentation layer and business logic layer can co-exist on a single hardware platform. In operational use IdentityGuard leverages an existing data repository, such as eDirectory, for data storage, and communicates with this using either Java Database Connectivity (JDBC) or Lightweight Directory Access Protocol (LDAP). Entrust IdentityGuard Server includes the following core applications and interfaces: Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 5 This report is a licensed product and is not to be photocopied
  • 6. Authentication and administration provides web services using the Java platform and C# application programming interfaces (APIs).  Administration interface, properties editor, and master user shell.  A sample web application that demonstrates service delivery capabilities. The applications and interfaces are used to authenticate and manage users and their authentication data. Figure 2: IdentityGuard - integration with an authentication application Source: Entrust OVUM Go-to-market strategy Entrust IdentityGuard provides an inclusive approach to working with the types and levels of authentication that clients choose to deploy. Its open API architecture supports a wide range of software and hardware tokens, and integration with leading MDM (mobile device management), IAM, and PKI (public key infrastructure) vendors, including Entrust PKI. This allows the solution to be used across a broad range of mature and emerging markets, and supports the ability to work with a wide range of digital certificates. Traditionally the company has targeted the financial services and government sectors where it has achieved successful results. In addition, Entrust's position as a Certificate Authority (CA) allows it to support strong certificate-based authentication that is relevant to organizations of all sizes. As a provider of mainstream authentication services, the vendors that Entrust regularly competes against include CA, Gemalto, HID, RSA, Symantec, and VascoData. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 6 This report is a licensed product and is not to be photocopied
  • 7. Entrust brings its IdentityGuard product to market using a mix of direct sales and distribution partners. Its extensive list of distribution partners includes Allstream, Fishnet, HP, IBM, MPA, NeoSecure, NeTrust, PTE, and SIA. The company maintains technology-partner relationships with leading industry providers. These include formal relationships where vendors that have made their products "Entrust Ready" by including encryption and digital signature facilities. There are currently over 200 partners engaged in the Entrust partner program and 115 of their products have been awarded the "Entrust Ready" designation. Entrust works with a significant number of high-profile partners including Adobe, Cisco, IBM, Microsoft, Oracle, PeopleSoft, and SAP. Typical project values for entry-level projects start at around $20,000, the average is set at $60,000, with the largest projects exceeding $1m with a typical 80%-20% split between software licenses and services across all project sizes. Entrust has an evolving roadmap strategy for IdentityGuard. The current focus is on developing new approaches to support mobile authentication. The next release (v10.1) will build additional smart credentialing and certificate enrollment facilities for mobile. These were first introduced in the current product release. It will also introduce a managed offering for IdentityGuard during the first half of next year. Deployment The time taken for the implementation of a pilot IdentityGuard project is typically one to three days and involves between one and two subject matter experts with server, network, and repository management and administration skills. For an average sized implementation (30 user departments and above) the same skill sets apply with the potential addition of user management (helpdesk) capabilities and an implementation timeframe of two to four days. At the enterprise level (500-user departments and above) the timeline is three to five days with the same skill requirements. Entrust can supply a range of professional implementation support services. These include architecture, design and planning services, installation and deployment assistance, and endpoint integration and validation support. It extends to include customized application development and documentation services and support for customized training programs. There are three levels of technical support: Silver, Gold, and Platinum.  Silver support provides coverage Monday to Friday, 8.00am to 8.00pm EST and 7.00am to 7.00pm Greenwich Mean Time (GMT), and has an annual charge of 18% of the contract price.  Gold support extends coverage to 24 hours a day Monday to Friday and has an annual charge of 20% of the contract price. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 7 This report is a licensed product and is not to be photocopied
  • 8. Platinum support provides 24-hours-a-day, 7-days-a-week coverage and has an annual charge of 22% of the contract price. Entrust IdentityGuard is used by some of the world’s largest enterprise and government organizations. It has millions of product licenses deployed across hundreds of customers. Customer deployment examples  Bank of New Zealand is one of New Zealand’s largest banks and has been operating since 1861. The bank selected Entrust IdentityGuard because of its ease of use, low cost overheads, and because its grid card systems could be locally branded to meet the bank’s requirements. The deployment allows the bank to offer strong authentication to all new consumer banking customers. During the first phase of the project, approximately 25,000 users were provided with grid cards within a two-week period. In less than nine months, the bank issued over 130,000 cards, which represented close to half of its online customers. In a follow-up phase to its campaign against online fraud, the bank implemented additional IdentityGuard authentication facilities, including device, knowledge-based, and mutual authentication.  Société Générale, a major European bank and financial services company, needed to address an increasingly pervasive range of online identity theft attacks that were hurting its high-end clients. The protection requirement was to provide clients with an extra level of confidence and safety during online transactions and enterprise communications. Entrust IdentityGuard was chosen to replace an existing token- based solution using its grid card approach. The initial deployment was for 1,500 IdentityGuard grid cards, with the future potential of extending the service to thousands of other Société Générale customers. The grid cards, which were reported as being both secure and easy to use, are used to authenticate access to the company's investment web portal. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 8 This report is a licensed product and is not to be photocopied
  • 9. DATA SHEET Key facts about the solution Table 1: Data sheet Product name Entrust IdentityGuard Product classification Identity and Access Management Version number 10.1 Release date February 2012 Industries covered Government, Aerospace, Geographies covered Global Defense, Energy, Financial, Manufacturing, Auto, Technology and Hi Tech Relevant company sizes Small, medium, and large Platforms supported Microsoft Windows, Linux, companies. Solaris, AIX, HP/UX, z/OS, Mac OS, and others Languages supported English is the default Licensing options Perpetual on a server basis language. Other languages, including French, can be supported as part of a professional services engagement. Deployment options On premise Route(s) to market Direct sales and through channel partners, VARs, and SIs. URL www.entrust.com Company headquarters One Lincoln Center 5400 LBJ Freeway Ste 1340 Dallas TX 75240 USA European headquarters Unit 4 Napier Court First North America As company headquarters Floor Napier Road Reading headquarters Berkshire RG1 8BW UK Asia-Pacific headquarters Level 57, MLC Centre 19 Martin Place Sydney NSW 2000 Australia Source: Entrust OVUM Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 9 This report is a licensed product and is not to be photocopied
  • 10. APPENDIX Further reading  2012 Trends to watch: security (OI00127-046)  SailPoint IdentityIQ (v5.5), Technology Audit  Swivel PINsafe (v3.8), Technology Audit Methodology Ovum Technology Audits are independent product reviews carried out using Ovum’s evaluation model for the relevant technology area, supported by conversations with vendors, users, and service providers of the solution concerned, and in-depth secondary research. Author Andrew Kellett, Senior Analyst, Infrastructure Solutions, Security Andrew.kellett@ovum.com Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum’s consulting team may be able to help you. For more information about Ovum’s consulting capabilities, please contact us directly at consulting@ovum.com. Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (an Informa business). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions, and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Entrust IdentityGuard (OI00070-106) © Ovum (Published 02/2012) Page 10 This report is a licensed product and is not to be photocopied