Choose IBM Security Access Manager to take control of...
Transcript of Choose IBM Security Access Manager to take control of...
Protect assets with advanced authentication and authorization tools
BUYER’S GUIDE
Choose IBM Security Access Manager to take control of access management
IBM Security White Paper
Put the right access management solution in your corner
Improper data access can expose an organization’s sensitive information, and that’s just the immediate danger. They can also have wide-ranging financial, social, public relations and legal implications for a compromised enterprise. With the goal of heading off those risks—as well as meeting and surpassing regulatory requirements in the areas of authentication, data privacy and security—organizations sometimes find themselves wrestling with complex and costly access management environments. This complexity often results from years of purchasing multiple, uncoordinated systems targeted at different users, applications or channels.
In addition to potentially creating serious security issues, purchasing point solutions to manage all possible access points in the modern, heterogeneous environment can lead to frustrated users within the enterprise—and cause external users to abandon a business interaction entirely. What’s more, adding applications and technology to the network without considering the effect they might have on access management can cause security and IT teams to lose the control they should have.
Taken together, these issues of complex IT environments and evolving workplace technology mean the need for integrated access management is greater than ever. IBM® Security Access Manager allows organizations to take back control of their access management system with a single integrated platform that manages access across many common scenarios.
IBM Security Access Manager is a solution for web access management, web application protection, mobile access management (including mobile multi-factor authentication), cloud access management, risk-based access and identity federation. As such, it provides strong security for web- and cloud-based resources that can simplify users’ experience, instead of complicating it—while ensuring secure access to network resources.
BUYER’S GUIDE
Learn how IBM Security Access Manager can increase both convenience and security for your users.
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Read the IBM Security Access Manager data sheet to learn about the solution’s federation capabilities.
Simplify users’ lives with identity federation and single sign-on IT and security teams are under pressure to deliver secure, convenient access to multiple web and mobile applications, for both internal and external users. Implementing identity federation—the consolidation and sharing of legitimate users’ identities, credentials and permissions among trusted organizations and partners—is one way to help simplify the security challenges of access management, ensure secure adoption of new technologies, and improve the collaboration between systems and organizations.
Using powerful out-of-the-box connectors, strong identity federation integrates into the existing IT environment—facilitating user access by eliminating the need to create and recall an additional set of logins. As a
result, users are less inclined to risk accessing data with weak or repeated passwords, and your IT team is freed to implement effective, unified password policies.
Deploying IBM Security Access Manager, whether as a powerful integrated appliance or an installable virtual image, delivers federation capabilities for web and mobile. It enables single sign-on (SSO) and access control across cloud as well as in on-premises environments.
BUYER’S GUIDE
COMPARE FEDERATION SOLUTIONS
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Choose the most valuable federation solution Identity federation can be a valuable tool for simplifying access to today’s cloud-based resources. But identity federation approaches and tools are
not created equal. To find an identity federation solution that will work for the long term, consider its scope, flexibility and degree of integration.
BUYER’S GUIDE
Look for a federation and SSO solution that: IBM Other
Enables secure user access to web, mobile and cloud applications with SSO, session management and context-based access control
Supports multiple federation standards for cross-site authentication, including SAML, OAUTH, Liberty Alliance and WS-Federationtoken-passing protocols
Supports federated SSO for users across multiple cloud-based applications through support of SAML 2.0 andOpenID Connect protocols for federated access
Accelerates the adoption of third-party software-as-a-service (SaaS) applications by enabling pre-integrated connectorsto popular cloud applications without the need to create additional logins
Leverages a worldwide security research organization that produces rapidly updated threat information
COMPARE FEDERATION SOLUTIONS
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Deepen security with risk-based and multi-factor authentication
Passwords may be the simplest and most widely employed authentication measure available. But passwords are all too often revealed by a user’s poor security practices—or by a concerted, malicious data breach. Worse, complicated password schemes and requirements often mean that users reuse passwords on multiple systems.
Deploying a centralized access management system that uses advanced authentication practices can help address these concerns by authenticating
beyond the username and password. With IBM Security Access Manager, unauthorized users are denied or challenged early on, according to the context and risk scoring associated with each access attempt. To enable these capabilities, authentication mechanisms in IBM Security Access Manager include SSO for web and mobile; context and risk-based access; and mobile multi-factor authentication, such as biometrics or receiving a one-time password via a mobile application.
Learn more in this IBM white paper about multi-factor authentication using IBM Verify.
Improve security with an identity management solution that: IBM Other
Enforces context-aware user authorization and authentication with user information, device fingerprinting,one-time passwords, geographic location awareness, fraud indicators and IP reputation scores
Supports broad, flexible integration with strong third-party authentication solutions
Provides risk-based and multi-factor authentication capabilities to protect assets depending on the risk context
BUYER’S GUIDE
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Deploy smooth access management for mobile users
Modern IT teams must deliver secure access not only to conventional applications and local data stores, but to web and mobile applications, too.That need should guide your selection of an access manager solution. IBM helps protect networks, data and users from the risks of mobile devices with secure access solutions and a range of mobile-oriented security tools.
IBM helps extend access management control to mobile platforms with IBM Verify, the multi-factor authentication feature for mobility built into IBM Security Access Manager, mobile SSO, and context-aware authorization.
Context-aware authorization takes into account risk factors that might arise from a mobile workforce and mobility programs such as bring-your-own-device (BYOD) policies. Such risk factors include geographic location, device fingerprint and browser type. IBM Security Access Manager also integrates with IBM Security Trusteer® Mobile SDK to help secure mobile application development, and IBM MaaS360® to help manage mobile device and application deployments.
BUYER’S GUIDE
To work in mobile environments, choose an access management solution that can: IBM Other
Provide mobile sign-on, session management and an advanced authentication service for supporting multiple strong authentication schemes
Offer mobile access control policies that integrate mobile device management, application development and malware detection solutions
Allow for the adoption of BYOD programs by enabling stronger authentication and protection against high-risk mobile devices
Help secure and manage access to applications and workloads—in mobile environments, in the cloud, on the web and on-premises—from a single integrated platform
Watch this video to learn more about authentication with IBM Verify mobile biometrics.
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Demand an access management solution that scales A security solution is only as good as its ability to detect and block real-world threats—jobs that require both currency and flexibility. IBM Security Access Manager is designed to adapt and endure; unlike a static point solution, it provides a framework that is built to scale with your enterprise.
IBM Security Access Manager provides protection to help safeguard applications from advanced threats delivered via common attack vectors. Kept current with threat updates based on IBM X-Force® research, IBM Security Access Manager takes aim at the Open Web Application Security Project (OWASP) Top 10 web application threats.1 It’s also built with a wide range of cloud-based resources in mind, so its federation abilities can quickly connect users to applications they rely on for business processes such as customer relationship management.
Scalability is crucial, too. So as an organization grows, IBM Security Access Manager offers flexible deployment options, with enough power to support an expanding user base. Whether delivered as a hardware appliance, or as a virtual machine on equivalent hardware, IBM Security Access Manager offers up to 30,000 concurrent connections, throughput of up to 25,000 requests per second, as many as 1,500 logins per second and extremely low latency. Just as important for meeting demanding security needs, IBM Security Access Manager works well with others, with built-in integrations for painless connections to third-party tools as well as integration with other parts of the advanced IBM security and data management portfolio.
1 “OWASP Top 10 Vulnerabilities,” IBM developerWorks®, April 2015.
BUYER’S GUIDE
Visit the IBM X-Force Research Hub for the latest thought leadership from security experts.
COMPARE SCALABILITY SOLUTIONS
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Choose a secure, effective, scalable access manager
Before you buy, look for a solution that: IBM Other
Helps block the OWASP Top 10 web vulnerabilities before they reach the targeted application
Provides flexible web and identity services using its own security token service (STS) to validate and use a wide variety of identity formats
Offers high performance and scales to tens of millions of users and hundreds of applications
Integrates with third-party applications (including SAP, Oracle and Microsoft) and middleware, and multiple directories and user repositories
Includes necessary infrastructure adapters, and leading commercial versions of middleware and software components
Employs a risk-scoring engine to enforce context-aware authorization using information about users, devices and transactions
Offers broad platform support, including Microsoft Windows, Linux and IBM z/OS®
Is available in the form you need, whether that’s a dedicated hardware appliance or a flexible virtual appliance
BUYER’S GUIDE
Refining your authentication and authorization approach requires weighing current and future needs. Which solutions will be best supported and most scalable?
COMPARE SCALABILITY SOLUTIONS
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Improve user experience while you deepen security
User experience is vital. Internal users need efficient access to applications and data in order to do their jobs, whether on the cloud or within the company firewall. And for external users—whether customers or third-party business partners—the user interface is even more vital. Customers or
third-party users may abandon a business interaction completely if an authentication process is frustrating. What is the cost of every missed opportunity?
Keep users happy with a solution that: IBM Other
Can securely implement “bring your own identity” scenarios using popular social identity providers
Simplifies the user experience with SSO access across applications, wherever they are running
Provides wide platform support, including Windows, Linux and z/OS
Offers integration with third-party applications (including SAP, Oracle and Microsoft), as well as supportfor multiple directories and user repositories, and heterogeneous middleware
Includes necessary infrastructure adapters, and leading commercial middleware and software components
Enables connections to popular SaaS applications without the need for additional logins
BUYER’S GUIDE
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Learn more about IBM Guardium Data Encryption for DB2 and IMS Databases.
Integrate policy management with enterprise security
With complex hybrid data environments and cloud-based applications, you need to consider integrated policy management as you select a unified access solution. A complete identity access management (IAM) solution must integrate with an organization’s existing infrastructure, including SaaS
applications such as Salesforce, and with existing identity management tools. It must give administrators powerful, easy-to-use tools for designing and implementing sensible policies from a centralized management location. And it must work well with logging solutions such as IBM QRadar® Log Manager.
Integrate policy management with a solution that: IBM Other
Provides integrated access management with a web reverse proxy for use across the enterprise
Simplifies setup and maintenance with a graphical user interface for local management and automated service updates
Provides a graphical policy management interface to support complex access-control policies
Integrates with existing IAM systems to import users and roles, and synchronize passwords for efficient user lifecycle management
Builds in Layer 7 load balancing and distributed session caching to provide shared session management across appliances and applications
Helps secure access to mobile and cloud and application programming interfaces, with an integrated appliance
Provides rich cross-platform support
BUYER’S GUIDE
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
Get more than just security from access management
Odds are, you have a mix of access management tools, some for internal applications and some for externally hosted ones. The proven high scalability and customization of IBM Security Access Manager allows you to invest in what you need—no more and no less—in the form of a flexible, integrated appliance. IBM Security Access Manager can make future upgrades simpler, saving you time and money. If you’re using a cloud deployment model, also consider IBM Cloud Identity Service.
Deeper security might be the immediate goal, but the business benefits of an integrated IAM solution are equally important in selecting a solution. A well-implemented IAM system such as IBM Security Access Manager can help you achieve reduced total cost of ownership, faster deployment (which means faster time to value), and a better user experience—all thanks to federated SSO and risk- and context-based multi-factor authentication
Organizations with highly specific business needs can use IBM Security Access Manager as the heart of a customized access management solution that fits their needs for tightly specified authentication and authorization.
Strong and centralized access management is more essential than ever given the growth in the number of data breaches and the level of sophistication cybercriminals have reached. IBM Security Access Manager allows you to have uniform control of access management.
BUYER’S GUIDE
Learn more about how IBM Security Access Manager can deepen your security and improve user experience.
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE
For more information / Legal
© Copyright IBM Corporation 2017
IBM Security Route 100 Somers, NY 10589
Produced in the United States of America January 2017 IBM, the IBM logo, ibm.com, developerWorks, Guardium, QRadar, Trusteer, MaaS360, X-Force, and z/OS are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
WGB03034-USEN-00
For more information
To learn more about IBM Security Access Manager, please contact your IBM representative or IBM
Business Partner, or visit: ibm.com/security
About IBM Security solutions
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products
and services. The portfolio, supported by world-renowned IBM X-Force research, provides security
intelligence to help organizations holistically protect their infrastructures, data and applications, offering
solutions for identity and access management, database security, application development, risk
management, endpoint management, network security and more. These solutions enable organizations
to effectively manage risk and implement integrated security for mobile, cloud, social media and
other enterprise business architectures. IBM operates one of the world's broadest security research,
development and delivery organizations, monitors 15 billion security events per day in more than 130
countries, and holds more than 3,000 security patents.
Additionally, IBM Global Financing provides numerous payment options to help you acquire the technology
you need to grow your business. We provide full lifecycle management of IT products and services, from
acquisition to disposition. For more information, visit: ibm.com/financing
BUYER’S GUIDE
ACCESS MANAGEMENT FEDERATION AUTHENTICATION MOBILE SCALABILITY USER EXPERIENCE POLICY BUSINESS INTEGRATION MORE