Protect assets with advanced authentication and authorization tools

BUYER’S GUIDE

Choose IBM Security Access Manager to take control of access management

IBM Security White Paper

Put the right access management solution in your corner

Improper data access can expose an organization’s sensitive information, and that’s just the immediate danger. They can also have wide-ranging financial, social, public relations and legal implications for a compromised enterprise. With the goal of heading off those risks—as well as meeting and surpassing regulatory requirements in the areas of authentication, data privacy and security—organizations sometimes find themselves wrestling with complex and costly access management environments. This complexity often results from years of purchasing multiple, uncoordinated systems targeted at different users, applications or channels.

In addition to potentially creating serious security issues, purchasing point solutions to manage all possible access points in the modern, heterogeneous environment can lead to frustrated users within the enterprise—and cause external users to abandon a business interaction entirely. What’s more, adding applications and technology to the network without considering the effect they might have on access management can cause security and IT teams to lose the control they should have.

Taken together, these issues of complex IT environments and evolving workplace technology mean the need for integrated access management is greater than ever. IBM® Security Access Manager allows organizations to take back control of their access management system with a single integrated platform that manages access across many common scenarios.

IBM Security Access Manager is a solution for web access management, web application protection, mobile access management (including mobile multi-factor authentication), cloud access management, risk-based access and identity federation. As such, it provides strong security for web- and cloud-based resources that can simplify users’ experience, instead of complicating it—while ensuring secure access to network resources.

BUYER’S GUIDE

Learn how IBM Security Access Manager can increase both convenience and security for your users.

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Read the IBM Security Access Manager data sheet to learn about the solution’s federation capabilities.

Simplify users’ lives with identity federation and single sign-on IT and security teams are under pressure to deliver secure, convenient access to multiple web and mobile applications, for both internal and external users. Implementing identity federation—the consolidation and sharing of legitimate users’ identities, credentials and permissions among trusted organizations and partners—is one way to help simplify the security challenges of access management, ensure secure adoption of new technologies, and improve the collaboration between systems and organizations.

Using powerful out-of-the-box connectors, strong identity federation integrates into the existing IT environment—facilitating user access by eliminating the need to create and recall an additional set of logins. As a

result, users are less inclined to risk accessing data with weak or repeated passwords, and your IT team is freed to implement effective, unified password policies.

Deploying IBM Security Access Manager, whether as a powerful integrated appliance or an installable virtual image, delivers federation capabilities for web and mobile. It enables single sign-on (SSO) and access control across cloud as well as in on-premises environments.

BUYER’S GUIDE

COMPARE FEDERATION SOLUTIONS

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Choose the most valuable federation solution Identity federation can be a valuable tool for simplifying access to today’s cloud-based resources. But identity federation approaches and tools are

not created equal. To find an identity federation solution that will work for the long term, consider its scope, flexibility and degree of integration.

BUYER’S GUIDE

Look for a federation and SSO solution that: IBM Other

Enables secure user access to web, mobile and cloud applications with SSO, session management and context-based access control

Supports multiple federation standards for cross-site authentication, including SAML, OAUTH, Liberty Alliance and WS-Federationtoken-passing protocols

Supports federated SSO for users across multiple cloud-based applications through support of SAML 2.0 andOpenID Connect protocols for federated access

Accelerates the adoption of third-party software-as-a-service (SaaS) applications by enabling pre-integrated connectorsto popular cloud applications without the need to create additional logins

Leverages a worldwide security research organization that produces rapidly updated threat information

COMPARE FEDERATION SOLUTIONS

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Deepen security with risk-based and multi-factor authentication

Passwords may be the simplest and most widely employed authentication measure available. But passwords are all too often revealed by a user’s poor security practices—or by a concerted, malicious data breach. Worse, complicated password schemes and requirements often mean that users reuse passwords on multiple systems.

Deploying a centralized access management system that uses advanced authentication practices can help address these concerns by authenticating

beyond the username and password. With IBM Security Access Manager, unauthorized users are denied or challenged early on, according to the context and risk scoring associated with each access attempt. To enable these capabilities, authentication mechanisms in IBM Security Access Manager include SSO for web and mobile; context and risk-based access; and mobile multi-factor authentication, such as biometrics or receiving a one-time password via a mobile application.

Learn more in this IBM white paper about multi-factor authentication using IBM Verify.

Improve security with an identity management solution that: IBM Other

Enforces context-aware user authorization and authentication with user information, device fingerprinting,one-time passwords, geographic location awareness, fraud indicators and IP reputation scores

Supports broad, flexible integration with strong third-party authentication solutions

Provides risk-based and multi-factor authentication capabilities to protect assets depending on the risk context

BUYER’S GUIDE

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Deploy smooth access management for mobile users

Modern IT teams must deliver secure access not only to conventional applications and local data stores, but to web and mobile applications, too.That need should guide your selection of an access manager solution. IBM helps protect networks, data and users from the risks of mobile devices with secure access solutions and a range of mobile-oriented security tools.

IBM helps extend access management control to mobile platforms with IBM Verify, the multi-factor authentication feature for mobility built into IBM Security Access Manager, mobile SSO, and context-aware authorization.

Context-aware authorization takes into account risk factors that might arise from a mobile workforce and mobility programs such as bring-your-own-device (BYOD) policies. Such risk factors include geographic location, device fingerprint and browser type. IBM Security Access Manager also integrates with IBM Security Trusteer® Mobile SDK to help secure mobile application development, and IBM MaaS360® to help manage mobile device and application deployments.

BUYER’S GUIDE

To work in mobile environments, choose an access management solution that can: IBM Other

Provide mobile sign-on, session management and an advanced authentication service for supporting multiple strong authentication schemes

Offer mobile access control policies that integrate mobile device management, application development and malware detection solutions

Allow for the adoption of BYOD programs by enabling stronger authentication and protection against high-risk mobile devices

Help secure and manage access to applications and workloads—in mobile environments, in the cloud, on the web and on-premises—from a single integrated platform

Watch this video to learn more about authentication with IBM Verify mobile biometrics.

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Demand an access management solution that scales A security solution is only as good as its ability to detect and block real-world threats—jobs that require both currency and flexibility. IBM Security Access Manager is designed to adapt and endure; unlike a static point solution, it provides a framework that is built to scale with your enterprise.

IBM Security Access Manager provides protection to help safeguard applications from advanced threats delivered via common attack vectors. Kept current with threat updates based on IBM X-Force® research, IBM Security Access Manager takes aim at the Open Web Application Security Project (OWASP) Top 10 web application threats.1 It’s also built with a wide range of cloud-based resources in mind, so its federation abilities can quickly connect users to applications they rely on for business processes such as customer relationship management.

Scalability is crucial, too. So as an organization grows, IBM Security Access Manager offers flexible deployment options, with enough power to support an expanding user base. Whether delivered as a hardware appliance, or as a virtual machine on equivalent hardware, IBM Security Access Manager offers up to 30,000 concurrent connections, throughput of up to 25,000 requests per second, as many as 1,500 logins per second and extremely low latency. Just as important for meeting demanding security needs, IBM Security Access Manager works well with others, with built-in integrations for painless connections to third-party tools as well as integration with other parts of the advanced IBM security and data management portfolio.

1 “OWASP Top 10 Vulnerabilities,” IBM developerWorks®, April 2015.

BUYER’S GUIDE

Visit the IBM X-Force Research Hub for the latest thought leadership from security experts.

COMPARE SCALABILITY SOLUTIONS

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Choose a secure, effective, scalable access manager

Before you buy, look for a solution that: IBM Other

Helps block the OWASP Top 10 web vulnerabilities before they reach the targeted application

Provides flexible web and identity services using its own security token service (STS) to validate and use a wide variety of identity formats

Offers high performance and scales to tens of millions of users and hundreds of applications

Integrates with third-party applications (including SAP, Oracle and Microsoft) and middleware, and multiple directories and user repositories

Includes necessary infrastructure adapters, and leading commercial versions of middleware and software components

Employs a risk-scoring engine to enforce context-aware authorization using information about users, devices and transactions

Offers broad platform support, including Microsoft Windows, Linux and IBM z/OS®

Is available in the form you need, whether that’s a dedicated hardware appliance or a flexible virtual appliance

BUYER’S GUIDE

Refining your authentication and authorization approach requires weighing current and future needs. Which solutions will be best supported and most scalable?

COMPARE SCALABILITY SOLUTIONS

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Improve user experience while you deepen security

User experience is vital. Internal users need efficient access to applications and data in order to do their jobs, whether on the cloud or within the company firewall. And for external users—whether customers or third-party business partners—the user interface is even more vital. Customers or

third-party users may abandon a business interaction completely if an authentication process is frustrating. What is the cost of every missed opportunity?

Keep users happy with a solution that: IBM Other

Can securely implement “bring your own identity” scenarios using popular social identity providers

Simplifies the user experience with SSO access across applications, wherever they are running

Provides wide platform support, including Windows, Linux and z/OS

Offers integration with third-party applications (including SAP, Oracle and Microsoft), as well as supportfor multiple directories and user repositories, and heterogeneous middleware

Includes necessary infrastructure adapters, and leading commercial middleware and software components

Enables connections to popular SaaS applications without the need for additional logins

BUYER’S GUIDE

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Learn more about IBM Guardium Data Encryption for DB2 and IMS Databases.

Integrate policy management with enterprise security

With complex hybrid data environments and cloud-based applications, you need to consider integrated policy management as you select a unified access solution. A complete identity access management (IAM) solution must integrate with an organization’s existing infrastructure, including SaaS

applications such as Salesforce, and with existing identity management tools. It must give administrators powerful, easy-to-use tools for designing and implementing sensible policies from a centralized management location. And it must work well with logging solutions such as IBM QRadar® Log Manager.

Integrate policy management with a solution that: IBM Other

Provides integrated access management with a web reverse proxy for use across the enterprise

Simplifies setup and maintenance with a graphical user interface for local management and automated service updates

Provides a graphical policy management interface to support complex access-control policies

Integrates with existing IAM systems to import users and roles, and synchronize passwords for efficient user lifecycle management

Builds in Layer 7 load balancing and distributed session caching to provide shared session management across appliances and applications

Helps secure access to mobile and cloud and application programming interfaces, with an integrated appliance

Provides rich cross-platform support

BUYER’S GUIDE

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

Get more than just security from access management

Odds are, you have a mix of access management tools, some for internal applications and some for externally hosted ones. The proven high scalability and customization of IBM Security Access Manager allows you to invest in what you need—no more and no less—in the form of a flexible, integrated appliance. IBM Security Access Manager can make future upgrades simpler, saving you time and money. If you’re using a cloud deployment model, also consider IBM Cloud Identity Service.

Deeper security might be the immediate goal, but the business benefits of an integrated IAM solution are equally important in selecting a solution. A well-implemented IAM system such as IBM Security Access Manager can help you achieve reduced total cost of ownership, faster deployment (which means faster time to value), and a better user experience—all thanks to federated SSO and risk- and context-based multi-factor authentication

Organizations with highly specific business needs can use IBM Security Access Manager as the heart of a customized access management solution that fits their needs for tightly specified authentication and authorization.

Strong and centralized access management is more essential than ever given the growth in the number of data breaches and the level of sophistication cybercriminals have reached. IBM Security Access Manager allows you to have uniform control of access management.

BUYER’S GUIDE

Learn more about how IBM Security Access Manager can deepen your security and improve user experience.

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE

For more information / Legal

© Copyright IBM Corporation 2017

IBM Security Route 100 Somers, NY 10589

Produced in the United States of America January 2017 IBM, the IBM logo, ibm.com, developerWorks, Guardium, QRadar, Trusteer, MaaS360, X-Force, and z/OS are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

WGB03034-USEN-00

For more information

To learn more about IBM Security Access Manager, please contact your IBM representative or IBM

Business Partner, or visit: ibm.com/security

About IBM Security solutions

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products

and services. The portfolio, supported by world-renowned IBM X-Force research, provides security

intelligence to help organizations holistically protect their infrastructures, data and applications, offering

solutions for identity and access management, database security, application development, risk

management, endpoint management, network security and more. These solutions enable organizations

to effectively manage risk and implement integrated security for mobile, cloud, social media and

other enterprise business architectures. IBM operates one of the world's broadest security research,

development and delivery organizations, monitors 15 billion security events per day in more than 130

countries, and holds more than 3,000 security patents.

Additionally, IBM Global Financing provides numerous payment options to help you acquire the technology

you need to grow your business. We provide full lifecycle management of IT products and services, from

acquisition to disposition. For more information, visit: ibm.com/financing

BUYER’S GUIDE

ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE