Share:
AM Offer
The opening of the enterprise to the Internet with the advent of Cloud services accessible to all, the generalization of telecommuting, the opening of application access to external populations such as partners or customers, the deployment of modern application architectures based on APIs and microservices, the digitization of banking services and the new DSP2 directives are all challenges for the security of logical access.
How can you control access (applications, data, APIs, etc.) in the face of these new challenges, while offering users a simple, fluid and comfortable experience? Synetis, through its Access Management offer, brings you all the expertise of its team of specialists to help you answer this question, in your context and with your specificities.
Improved user experience and security
User experience and security are often at odds with each other, as increasing one is often at the expense of the other. However, modernAccess Management solutions offer many features that improve both aspects simultaneously:
One authentication to access all applications is the promise of SSO. The implementation of such functionality can be based on multiple approaches: e-SSO, Web SSO, identity federation (SAML2, OpenID Connect, WS-*, etc.) that can be combined to meet different needs. Deploying an SSO solution, by reducing the number of passwords, allows to reinforce access security while improving the user experience.
While it fully participates in the implementation of an SSO, identity federation also enables authentication and access to the company's SaaS services (OAuth) to be controlled. Authentication to these services is delegated to the Access Management solution, which ensures that the security rules required to authorize access to the requested service are applied.
It allows theend-user to be autonomous in case of loss or forget of his password and thus considerably relieves the support teams in charge of assisting users facing this type of difficulty. This feature also allows to set up a password policy to reinforce access security.
It offers usersenhanced authentication methods (certificates, biometrics, etc.) for a better level of security while making the user experience more fluid.
It allows to reinforce security during authentication by using a second factor (OTP by SMS, push on a mobile application, FIDO2 key, etc.) and thus guarantees the validity of the authentication provided by the user.
It allows to define a risk-based access strategy, which allows to require from the user a more or less strong level of authentication (second factor, certificate, etc.) depending on the estimated risk for the requested access. This risk can be linked to different metrics - such as the network and geographic origin of the request, the type of terminal used for access, the criticality of the resource accessed, the time and date of the request, etc.
Access security for API and microservices back-end
Modern application architectures rely heavily on APIs and microservices. These endpoints, which expose sometimes critical data, must imperatively be secured.
- Deploying an authorization server allows these endpoints to be secured using the OpenID Connect identity federation protocol (OIDC) and/or the OAuth2 authorization protocol;
- The integration of the authorization server can be done at the level of an API portal and/or directly at the endpoints;
- The use of standard protocols guarantees the compatibility of the solution with development frameworks and/or market solutions.
Compliance with PSD2 directive
- The validation of a transaction requires several requirements: a complete presentation of the information related to the transaction, an explicit consent of the user, a strong authentication of the user;
- Moreover, the use of bank data by an online service (merchant site, account aggregator, etc.) is subject to the user's consent from his bank. The management of these consents (collection, consultation, revocation, etc.) must be provided to its customers by the banking institution;
- Finally, it goes without saying that access to exposed banking services for partner sites must be strongly controlled to guarantee the security of exposed banking data.
Through standard protocols (OpenID Connect and OAuth2), multi-factor authentication and consent management features, Access Management solutions address all these issues.
Zero Trust Strategy
Nomadism and telecommuting are becoming more and more frequent in the business world, the widespread use of Cloud services, the opening of access to certain resources to partners (B2B, B2C, outsourcers, etc.) weaken the security of systems. In such a context, access is never completely trustworthy.
A "Zero Trust" strategy ensures that, regardless of the context in which the user attempts to access a resource, the validity of that request will have been checked through an appropriate and reliable authentication process.
Governance / Audit and Compliance
Access Management at Synetis
More than 45 consultants dedicated to Access Management with an average experience of more than 5 years in the field of cyber security;
More than 8 active partnerships with major market players (Microsoft, Ilex International, InWebo, Okta, Ping Identity, CyberArk, Wallix / Trustelem, Yubico) and a real expertise with other software vendors such as ForgeRock, Microsoft, OneLogin, etc. ;
Over 20 publisher certifications acquired;
More than 65 projects in progress as of 01/08/2022 - including 40+ new projects in 2022 - of all sizes (from about 10 days to more than 250 days) and of all types (scoping, audit, integration, TMA, CDS), with a commitment to results (fixed price) or to means (contracting).
You might be interested in these articles:
