High Grade, full featured Identity Platform
We are delighted to have early picked out the attractive approach ( open source, open standards, rich functionality ) of WSO2. We have completed a closely coupled CASQUE integration with their Identity Server. The combination provides a high grade, fully featured, federated Identity Platform meeting the highest assurance level specified by NIST and suitable for Secret by UK NCSC. There is a move to “platform architecture” especially as it lends naturally to “as a service” offerings and our discernment has been echoed: “WSO2 Identity Server has been named an overall leader, as well as a market leader, innovation leader, and product leader, in Kuppingercole’s Leadership Compass: Identity API Platforms” – click for a copy of this Report.
Identity Assurance Positioning
This document summaries the reasons for the positioning dispositions of various authentication methods and their associated Identity Management Capabilities. Written with the admitted selected bias of the author but the arguments are sound and defensible – click to download.
High Grade Identity Assurance for the Cloud
This presentation shows how CASQUE provides Enterprise owned and controlled, high grade, federated, Identity Assurance for Web Applications
Securing Applications using WSO2 Identity Server and CASQUE
WSO2 Identity Server is an extensible, open source solution to federate and manage identities across both Enterprise and Cloud environments including APIs, mobile, and Internet of Things devices, regardless of the standards on which they are based. The Identity Management Suite subsumes features found in competitive products but is open source!
Distributed Management Systems Ltd (“DMS”) has invented and fully developed a new, radical approach to Identity Assurance, CASQUE which removes major vulnerabilities which all current, multi-factor authentication methods possess.
WSO2 and DMS have cooperated to closely integrate CASQUE with WSO2 Identity Server and will present a joint webinar on 22nd May 2019 at 11am, Click to Register
Technology Partnership Announced
Pleased to announce that ObjectTech will use CASQUE SNR to protect access to their Identity Systems. ObjectTech is one of 5 young companies Forbes expects to make an impact on the world that are ones to watch in 2019 and beyond.
The Case against Adaptive Authentication
We believe the fashionable trend for “Adaptive Authentication” where Identity is determined by a software only technique based on the User’s “Use Profile” is flawed both in design principle and operation.
The Whitepaper details the weaknesses in this approach and shows how a different “Fortress Construction” design is superior.
CASQUE SNR adds High Grade Identity Assurance to CISCO ASA
Organisations may want to utilise Cloud resources provided by AWS, Google Cloud or Azure but want to own and operationally control their Identity Access. There is a trend to offer “Virtual Appliances” – software versions of previously dedicated hardware gateway units so that they can run on compute resources residing in Cloud environments.
We have integrated CASQUE SNR using the capabilities of Cisco Adaptive Security Appliance (ASA) Software. All Cisco ASA 5500-X Series Next-Generation Firewalls are powered by this software and so are the “Virtual” manifestations called ASAv. Cisco Adaptive Security Virtual Appliance (ASAv) is optimised for cloud and data center environments with VMware, KVM and Hyper-V hypervisor support providing throughput from 100 Mbps to 10 Gbps utilizing from 1 to 16 GB memory.
CASQUE SNR integrates both with clientless VPN configurations with the Challenge presented as a QR coded image as well as providing Challenges as file downloads using client installed AnyConnect.
UK Government issues minimum cyber security standards
“Multi-factor authentication shall be used where technically possible, such as where administrative consoles provide access to manage cloud based infrastructure, platforms or services. Multi-factor authentication shall be used for access to enterprise level social media accounts ”
BUT.. existing Multi-factor Authentication (MFA) Products are weak!
According to NIST, “Out-of-Band” like SMS and Email or “OTP” like SecurID or Vasco need multiple other supporting techniques and therefore consume extra overhead and management costs -see NIST Digital Identity Guidelines on Authentication Products.
Use of a mobile phone to carry the authentication response may seem adequate but Users now want to use their own mobiles as the primary Client- so other than carrying a second phone, these existing Solutions will, ridiculously, become single factor Authentication!
CASQUE SNR is the only MFA certified at source code level by NCSC as suitable for Secret and is cheaper than traditional techniques. Why use MFAs that already have known weakness when you can use CASQUE SNR?
WSO2 Identity Server Integration
WSO2 Identity Server is used to simplify identity and access management related activities in the enterprise; it is based on open standards and open source principles. WSO2 Identity Server comes with seamless, easy to use integration capabilities that help connect applications, user stores, directories and identity management systems.
WSO2 Identity Server allows enterprises to achieve single sign-on/sign-out, identity federation, strong authentication, identity administration, account management, identity provisioning, fine-grained access control, API security, monitoring, reporting, and auditing.
CASQUE SNR integrates in a closely coupled way by providing a free to use local connector plug-in.
Business Case for CASQUE SNR
This is a short presentation with sound that defines the compelling reasons to use CASQUE SNR