SafeNet Authentication Service (SAS)

SafeNet started service of authentication SafeNet Authentication Service which is urged to satisfy requirements of service providers for cloud authentication in October, 2012. The cloud solution for authentication was developed and designed especially for service providers and allows them to offer instantly the corporate customers authentication in the form of service. Thus, service providers will be able to increase an indicator of ARPU (average income counting on one user), to considerably reduce cost and to reduce the difficulties connected with providing and implementation of strict authentication, to strengthen the strategy of security and to provide more full control of observance of requirements of international standards.

Completely automated, configured cloud platform which is the cornerstone of SafeNet Authentication Service allows to reduce considerably the operating costs connected with authentication due to failure from the operations on preparation, administration, tariffing and management of users and tokens executed in the manual mode. Service providers have an ability to manage the users using the multilevel, multi-user platform which is not attached to any certain solution provider and can work with the technology of key management which is available in the organization. It provides a possibility of fast migration to the centralized cloud environment with the minimum breaks for end users. Besides, service can be provided under own brand of service provider (white-label) and adapt completely under its needs that provides additional value and does a brand to more recognizable. At the same time, the platform differs in high scalability and the number of the supported customers without expensive upgrade of infrastructure allows service providers to increase.

Strict authentication became one of the main problems for the modern "the distributed enterprises" which need to provide access to corporate systems, applications and data for remote workers, partners, customers and other persons. The enterprises can address service providers for service of authentication SafeNet Authentication Service for simplification of implementation of strict authentication in this environment, at the same time from them existence of any infrastructure is not required. Service ensures to enterprises "safety without borders" at the expense of completely automated, highly reliable, checked cloud environment.

Besides, thanks to SafeNet Authentication Service service providers will be able to unload IT specialists of the customers, allowing them to focus on more valuable and useful tasks. Thus, similar automation allows to apply politicians in real time, to provide compliance to requirements of regulations and more high efficiency of business.

According to Chris Morales (Chris Morales) from research company 451 Research Group "Konsyyumerization of information technologies, growth of popularity of the mobile applications and applications used according to the SaaS model and also the beginning growth of virtualization of desktops puts on the identity certificate problem foreground. As the identity certificate assumes a certain centralization for IT (in terms of industry and organizational function), initial problems of security consist in ensuring integrity at identification, in characteristic of these processes in terms of risks assessment and in addition (or replacement) traditional means of authentication (using a user name and the password). At the same time, as the enterprises and the organizations estimate requirements to authentication in terms of cost and flexibility of available solutions of the largest suppliers, solutions for authentication in the form of service and new form factors or channels of authentication, including tokens to smartphones and the one-time passwords received in the form of the SMS are in the increasing demand".

The service of authentication SafeNet Authentication Service represents the joint solution developed by SafeNet after acquisition of Cryptocard company in March, 2012. Service combines the dominant industry technologies of authentication SafeNet and the innovation, flexible and scalable Cryptocard platform.

Main features of service of authentication SafeNet:

• Increase in an indicator of ARPU for service providers: simple pricing model of per-user. It and also an opportunity to adapt and brand service according to unique infrastructure and security requirements of service provider, allows to increase the level of recognition of a brand and to increase an indicator of ARPU in comparison with traditional models of strict authentication.
• Considerable decrease in the total cost of transactions: the fully automatic system of management provides an ability to manage with users, initialization (provisioning), support of a system of a uniform input (single sign-on), strict authentication, tariffing, the reporting, audit and notifications which are integrated with LDAP/Active Directory. Automated policy, the support of self-service and the reporting implemented in a system ensure convenient and comfortable functioning for users that gives significant savings of time and operating costs and also additional security and enhanced capabilities for observance of regulatory requirements in comparison with traditional solutions for authentication.
• The scaled, configured platform is capable to adapt and grow as required: Service providers can use uniform, infinitely scalable cloud platform for management, service and initialization of the most different tokens for unlimited number of users thanks to a multi-tier multi-user architecture.
• Strict authentication and migration in a cloud – without problems: Service providers receive additional flexibility and scalability thanks to the automated workflows, integration with management systems for passwords from different producers and the rich API implemented in service of authentication SafeNet. The SafeNet Authentication Service does not require special infrastructure and provides a possibility of fast migration to a multilevel multi-user cloud environment, helping to protect data where they were, in a cloud, in corporate applications, networks or on mobile devices of customers.
• Safe highly reliable solution: In service it is used the enciphering, best in the class, and the strategy of key management which are built in a cloud platform for password generation, enciphering of user data and protection of communications in different multilevel and multi-user environments. The strengthened infrastructure provides higher transparency of different authentication systems, helping to save high security and compliance to requirements of regulations for all lifecycle of information.

2017: FSTEC certificate

At the beginning of a year the TESSIS Company announced prolongation of the FSTEC certificate on the hardware and software system SafeNet Authentication Service 3.x. SAS can be used at creation of the state information systems and processing systems of personal data for 3 and 4 classes of security with relevant threat of lack of not declared opportunities 3 types. The validity of certificate No. 3070 is extended till January 27, 2020.

2015: SafeNet Authentication Service is integrated with Business VPN Galerie

On June 15, 2015 the Gemalto company and Orange Business Services company announced integration of the hardware and software system SafeNet Authentication Service into the platform of aggregation of the protected cloud services of Business VPN Galerie SafeNet Authentication Services^[1].

Integration of a system means: customers can use single solution as a part of which multifactor authentication for all corporate applications, infrastructures and cloud services like Office 365 and Salesforce.com, without the need for their separate start.

2014

SafeNet Authentication Service v.3.2

The Certified Information Systems company, official distributor of solutions SafeNet in Russia, announced in January, 2014 obtaining the certificate of the Federal Service for Technical and Export Control (FSTEC of Russia) on the hardware and software system SafeNet Authentication Service v3.2 (SAS). Thus, the Russian customers will be able to use the certified version of this solution providing the universal mechanism of two-factor authentication for an input on the workstations functioning based on Microsoft and Linux systems, web resources, establishment of VPN connections with use of hardware, program, universal (Gridsure) generators of one-time passwords and also SMS tokens.

As noted, the certificate of conformity of FSTEC of Russia No. 3070 of January 27, 2014 confirms that the hardware and software system SafeNet Authentication Service v3.2 developed by SafeNet and made by "The certified information systems" is the program technical tool of authentication of users and conforms to requirements of specifications regarding implementation of the following indicators of security: identification and authentication of administrators of a complex; identification and authentication of users of the applied systems using the one-time password; the role principle of access isolation in a complex at the administrative level; registration of events of security.

According to orders No. 17 ("About the approval of requirements about the data protection which is not the state secret, contained in the state information systems") and No. 21 ("About the approval of structure and the maintenance of organizational and technical measures for security of personal data at their processing in personal data information systems") SafeNet Authentication Service v3.2 can be applied to the data protection of limited access which is not containing the data which are the state secret in the state information systems 3 and 4 of classes of security and also to providing 3, 4 levels of security of personal data in information systems for which threats of the 3rd type are referred to relevant.

The certified version of SafeNet Authentication Service will allow the Russian customers who are actively using solutions of SafeNet for multifactor authentication to create secure information systems in strict accordance with requirements of the Russian legislation. Besides, the staff of the companies using the certified version of SAS will get secure access to corporate resources and applications not only in the stationary workplaces, but also from mobile devices.

Integration of SafeNet Authentication Service (SAS) with services of federation Microsoft Windows Server 2012 R2 Active Directory Federation Services

On May 13, 2014 the SafeNet company announced that its service of authentication SafeNet Authentication Service (SAS) is completely integrated with services of federation Microsoft Windows Server 2012 R2 Active Directory Federation Services now. Thanks to it large enterprises and the companies will be able quickly to implement processes of multifactor authentication and to manage them in applications Office 365 and other web services for ensuring more full control over access.

As more and more enterprises use cloud applicaions and services in the activity, the need for creation of federations of certificates which would allow to unify IT services and to provide secure user access to these services considerably increases. Integration of the SAS platform and services of federation Microsoft ADFS gives to the organizations simple in implementation, completely automated solution of authentication in the form of service which provides secure user access to Microsoft Office applications 365 and to other client applications of Microsoft due to use of the certificates created by IT departments in service Active Directory.

Unlike other solutions for authentication, the SAS service supports direct integration with services of federation of ADFS, requiring at the same time the minimum settings of a configuration, and then can be applied to process management of authentication during the work with any used applications as developed by Microsoft, and third-party producers, providing the uniform tool for management of authentication. It allows corporate IT administrators to protect and to considerably simplify all environment of authentication at the expense of a single internal system that as a result allows to achieve significant savings of costs.

The SafeNet Authentication Service provides completely automated strict authentication in the form of service, with flexible opportunities for use of tokens which can be configured according to requirements of each separate organization. The service does not require physical infrastructure and allows to protect as the applications placed in a cloud and the applications placed on the customer's equipment, providing protection of networks, users and devices. The organizations the unified politician of access and systems uniform login (SSO) for web applications and other corporate resources, with support of the certificates placed on the equipment of customers (on-premises identities) can use this service for implementation.

Notes