Unbeatable Combination
Milestone Systems is helping customers integrate F5 APM and SecureAuth to provide robust, two-factor authentication, identity management and single sign-on across the extended enterprise.
“Tapping resources outside the traditional network perimeter creates a unique blend of security challenges,” said Tom Marsnik, Director of Operations, Milestone Systems. “Organizations are looking for new ways to extend policy-based access beyond conventional internal resources to growing communities of users and external assets."
Federation is an important business and technology trend as more organizations rely on external IT resources and business partnerships. Midmarket organizations in particular are adopting social media and exploring flexible mobility models such as Bring Your Own Device. A recent survey also found that more than half of midmarket companies are relying upon partner relationships to help grow their revenue streams.
Companies of all sizes are rapidly moving into the cloud. According to a Gartner survey conducted in June and July 2011, more than 95 percent of organizations expect to maintain or increase their investments in Software-as-a-Service (SaaS). More than one-third have projects under way for migration from on-premises applications to SaaS.
“Milestone Systems is helping customers achieve more robust, federated security through the integration of F5’s BIG-IP Access Policy Manager and SecureAuth multi-factor authentication," Marsnik said. "These two solutions, combined with Milestone’s expertise, deliver federated identity management, single sign-on, and strong authentication to internal and external resources.”
Pieces of the Puzzle
F5's BIG-IP Access Policy Manager (APM) creates a central policy control point for managing the external resources critical to today’s business operations. It consolidates various access controls within a single, easy-to-manage interface to ensure policy-based access across the enterprise and beyond.
These access controls are integrated with centralized application delivery on the F5 BIG-IP Local Traffic Manager (LTM) system to simplify the implementation of authentication, authorization and accounting (AAA) services, including Active Directory, LDAP, RADIUS and Native RSA SecurID. The intelligent traffic management capabilities of BIG-IP LTM deliver high availability to improve productivity and business continuity.
“Other authentication solutions require application coding, web server agents or specialized proxies that ratchet up cost and complexity and create scalability challenges. With BIG-IP APM, AAA control becomes part of BIG-IP LTM, enabling customers to apply customized access policies across numerous applications and gain centralized visibility and management of the AAA environment,” Marsnik said. “BIG-IP APM is a flexible, high-performance solution that sits between applications and users to provide policy-based, context-aware access from any device or location while enhancing protection of internal and external assets.”
SecureAuth enables organizations to extend two-factor authentication and single sign on (SSO) to any application or asset — including those in the cloud. It works across all platforms, including desktops, laptops, tablets and smartphones, and provides self-service identity management support.
“Many companies use hardware tokens to authenticate users who are connecting remotely, but those can be costly to deploy and difficult to manage,” said Marsnik. “SecureAuth leverages X.509 certificate authentication in a tokenless, non-phishable, two-way authentication solution that can be effortlessly deployed over the Web. It also provides authentication via telephony, SMS and other vectors, increasing flexibility for external users and mobile devices.”
Putting It Together
By integrating these two solutions, Milestone Systems helps customers create a federated identity and access management platform that enables IT managers to establish the right levels of authentication for various resources. Organizations can set up two-factor authentication for APM, which in turn provides SSO to web apps and other enterprise resources. SecureAuth also provides two-factor SSO to SaaS applications and other cloud resources.
“BIG-IP APM supports Kerberos ticketing for seamless authentication and SSO across multiple domains. SecureAuth enables direct authentication into cloud applications, yet it uses existing directories and keeps identities and access controls securely within the enterprise,” Marsnik said.
“For external users, SecureAuth plus APM creates an extranet experience with strong, two-factor authentication in a public/private mode. Private users can register once to obtain a crypto-credential, with all subsequent authentications merely requiring a username and password. Public users authenticate via one-time, two-factor credentials.”
BIG-IP APM’s Visual Policy Editor (VPE) simplifies the design and management of granular access control policies. It also enables access authentication using access control lists, which can be quickly and easily created using the VPE.
SecureAuth’s identity management functionality makes it easy for IT to manage user profile accounts. It enables organizations to provision and de-provision users, roles and entitlements to partner applications in a secure, open-standard format.
“External resources are difficult to manage with traditional IAM platforms,” said Marsnik. “Milestone’s integration of SecureAuth and BIG-IP APM enables users to seamlessly access third-party applications through one robust identity authentication mechanism. It also enables organizations to map policies and best practices to external IT assets and users. This solution can be deployed in a variety of ways to meet specific access needs, plus it delivers fast application access and high availability.”
Milestone’s integration services ensure smooth deployment of APM and SecureAuth, along with training and ongoing support. Call 877-771-9510 today to learn how a robust, federated identity management and access control solution can help boost security and productivity.
