Identity Management

Tremolo Security at ISSA International in Dallas, Tx

October 14, 2016

by

Marc Boorshtein

We’re proud to be a sponsor this year of the Information Security System Association’s (ISSA) international conference.  We’ll be in booth 707 and I’ll be presenting with my colleagues about the US National Capital Region’s Identity and Access Management Program (IAMS) at Secure User Application Access in a Hurry on Thursday November third at 11:30 am talking about just how quickly we were able to stand up a multi-region identity provider and onboard new applications.  Here’s the abstract of the talk:

Secure User Application Access in a Hurry 11/3/2016, 11:30 am – 12:15 pm, Cumberland G/H Track: Securing the End User Audience Level: Mid Career, Senior, Security Leader

Too often there are information technology applications stood up to support first responders only to require those first responders to create and remember yet another username and password to use the application. The problem continues as more applications are activated. Furthermore, each application has to keep track of these users and provision users with the right permissions within the application. Leveraging grant funds, and on behalf of the National Capital Region, Fairfax County sponsored and manages a service called the Identity and Access Management Service (IAMS) which has successfully overcome these challenges. IAMS is a self-contained authentication service which enables personnel to use his/her locality credential to access regional applications when properly authorized. It does this by communicating, via the NCRNet, with properly authorized end user directories within each participating locality. IAMS merely works to query those directories to validate the user for the purposes of accessing the application. IAMS can also perform certain provisioning and workflow functions to easily and properly authorize access for the end user (including those who do not possess a locality identity) to applications and application entitlements.

Scott Scheurich: Program Manager, Ashburn Consulting, LLC.
Marc Boorshtein: CTO, Tremolo Security, Inc.
Michael Dent: Chief Information Security Officer, Fairfax County, VA.

The main theme we’ll be talking about at our booth is how do you quickly integrate your enterprise identities with applications and infrastructure across your enterprise?  Wether you are using just Active Directory, or additional cloud technologies like Azure Active Directory or even cloud based SSO solutions you still need to be able to manage access to your onsite applications.

When looking at any system or application you need to be able to tell who a user is, what they have access to and be able to tell your auditors why they have that access.  You might look to Active Directory as your first stop as that already has most, if not all, of your users.  There are several hurdles you’ll need to overcome:

  1. Where will you store authorizations?
  2. Are there additional attributes needed?
  3. Does the system support Active Directory in the way your organization has deployed it?
  4. Who is responsible for Active Directory and are they on board with any updates you need to make?
  5. Who is going to update the authorizations and attributes?

We’ll show you how you can overcome these issues using Unison while adding value through our self service portal ScaleJS.

issa_1

Unison augments your Active Directory deployment without adding schema or data to your forests.  This cuts down both on technical implementation times and organizational hurdles.  At our booth we can walk your through how quickly Unison can be deployed to support both legacy and forward looking systems.  Wether you are trying to support Linux servers, Software as a Service or container management solutions like OpenShift and Kubernetes Unison can help your security group more easily get to a secured enterprise.