01. Multifactor Authentication
A solution for computer system logon protection by several authentication factors: password, USB-key, smart card or user biometric data.
A hardware/software system supporting two-factor authentication allows verifying authenticity of passwords, authentication devices and biometric data. We supply an authentication support system having web interfaces for management, technical support and user self-service, connectors for interaction with authentication equipment, client software, audit and reporting module, and electronic keys like smart cards, USB tokens and virtILl keys. The system can be integrated with different user account databases. The solution helps to improve computer systems security, personalise access to systems and data, and promptly detect authentication source loss or theft incidents.
Splutions: RSA Authentication Manager, SafeNet Authentication Manager
02. Single Sign-On Authentication
A solution based on Single Sign–On technology allowing users to access independent software systems entering the password only once.
Single sign-on authentication system makes the user’s life easier eliminating the need to memorise dozens of passwords to access numerous systems. The user gets only the password to his computer instead. The system software agent installed on this computer enters the rest of passwords in place of the user streamlining his interaction with the company computer systems. This results in considerable improvement of the personnel performance and team morale, reduces the support service load related to user requests for password reset and recovery. The risk of inadvertent password disclosure is also mitigated due to elimination of the necessity to memorise many passwords.
Solutions: IBM Security Access Manager for Enterprise Single Sign-On, Dell Enterprise Single Sign-On
03. Administrator Actions Control
System administrators should be under information security service control to ensure protection from abuse of authority and unauthorised access to critical system.
The administrator access control system allows abandoning prevalent practice of system administrator “omnipotence”. To access managed systems the system administrators will have to be authorised by system owners and information security officers, and it will be possible to log and, if necessary, review all their actions. The administrator access control system is mandatory when the company computer systems are maintained by external administrators (IT-outsourcing). The use of such systems improve personnel trust in system administrators, mitigates risk of improper use of authority, limit hackers capability in case of infiltration. The system also streamlines information security audit within PCI DSS framework or company entry to international markets.
Solutions: Balabit, Quest, CyberArk
04.Centralised Access and Identity Management
The centralised IT systems access management enables automation of one of the most intricate and complex IT processes in the company, and streamlines to the maximum extent access granting, changing and revoking procedures.
The centralised access management system ensures end-to-end automation of granting, changing and revoking user access to the company computer systems. Due to integration with all other systems the CA eeds up user onboarding, prevents creation of ghost users, and mitigates unauthorised access risk. The main benefit of such system implementation in the company is lower non-productive burden on the employees and support service, faster new employee onboarding, better IT systems integration and streamlining of access granting and revoking processes. The system also mitigates the unauthorised access risk, as dismissed employee accounts are timely removed and automatically blocked upon expiry of extended access rights.