Solutions

Businesses are becoming increasingly collaborative, which means that access to enterprise resources is often extended to a broader, more diverse set of users. As a result, organizations are facing the challenge of managing identities and authorizing and authenticating users to access sensitive enterprise resources. Managing identities can be a complex task, as security policies are often inconsistent and it is often an easy matter for users to circumvent authentication and authorization policies.
Identity and Access Management (IAM) addresses two mission-critical needs: ensuring appropriate access to resources across increasingly heterogeneous technology environments, and meeting increasingly rigorous compliance requirements. An IAM security practice is crucial for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise.
Enterprises that develop mature IAM capabilities can reduce their Identity Management costs and, more importantly, support new business initiatives with greater agility.

User Provisioning

Organizations need an automated process to manage user access to systems within and across partner domains.

Some of the common challenges in user life cycle management are:
➢ Hire-to-retire automated processes.
➢ Ensuring that users are provided access to all required accounts from the moment they join the organization.
➢ Ensuring that users are disabled/de-provisioned as soon as their access to a particular resource has been terminated.
➢ Managing a central repository of user identities.
Leveraging popular Identity Management solutions, ZionTech Solutions Inc. helps organizations to define and manage their user life-cycle. For example, a user may need access to multiple applications, ranging from web applications to legacy client/server applications. Creating and managing the associated user accounts is often time-consuming and error-prone. Users (and their supervisors) often experience delays in the set up of system access that the user needs in order to be productive. Auditors complain that there is no way to easily ascertain which users have which access to which systems. There could be security breaches that result from users being left with system access they shouldn’t have when they move from one department to another or leave the organization.
An Identity and Access Management (IAM) provisioning solution addresses these kinds of problems by providing a centralized solution that manages user accounts across all of an enterprise’s different applications and system platforms. It applies predefined rules to automatically create, modify, or disable user accounts, mailboxes, share drive access, or other resources based on corresponding events occurring in the target system of record. It offers an interface and workflow tools that can also permit decentralized, user-driven requesting and granting of system access, along with a snapshot of a user’s system access across the organization.
ZionTech has been implementing provisioning solutions for companies of all sizes, including global enterprises in a variety of industries.

Our provisioning practice offers a full range of services that include the following:
➢ Environment assessments, feasibility studies, and proof-of-concept (POC) demonstrations for scoping and planning around enterprise provisioning initiatives.
➢ Design of logical and physical architecture for provisioning infrastructure.
➢ Implementation and customization of standard packages for provisioning.
➢ Business process analysis and engineering for enterprise provisioning services.
➢ Outsourcing of maintenance and production support for provisioning infrastructure.
➢ Project and program management for enterprise provisioning.

Entitlements

Designing and deploying user entitlements to control users’ access to enterprise applications and data can be complex and costly. The stakes for failing to manage access to information assets are raised by regulatory requirements and internal competition for company financial resources.
Controlling user access to specific functions and information inside applications is usually enforced on an application-by-application basis. Every application has its own user classifications, its own access policy model, and its own implementation of algorithms for allowing or denying user access. Because a variety of such applications can proliferate in an organization, managing the access rights of individual users across multiple applications becomes complex, tedious, and prone to error.
ZionTech has extensive experience in designing and deploying entitlements solutions that can be leveraged across multiple applications. We have helped a number of clients identify requirements, evaluate products and design, and develop and customize implementations. We have used the various products extensively, both in POC/live deployments for customers and in developing custom solutions.

Some of the highlights of our services include:
➢ Requirement analysis for enterprise entitlements services, including defining a roadmap for application integration.
➢ Architecture design for entitlements services.
➢ Entitlements technology implementation and customization.
➢ Policy development consulting, including definition of a user classification framework.
➢ Program management for developing, deploying, extending, and maintaining enterprise entitlements services.

Role Management

Often there are many more roles defined for an application than there are users. This problem multiplies exponentially when you consider all the applications your organization supports. Typically, this situation develops when the organization does not have a centrally defined role governance policy: the roles are created only to provide access to users to different groups.
Managing a complete and correct set of roles is the foundation for implementing role-based access control. Leveraging popular role-based access control solutions, ZionTech Solutions Inc. can help your organization identify the best approach for role management. We’ll work with you to define, create, and manage your enterprise roles and related user access.

Governance

Governance is critical to the success of an Identity and Access Management (IAM) program. Effective IAM governance requires that responsibility for IAM program oversight, direction, and accountability be well-defined and effective. ZionTech encourages our clients to establish a steering committee with a defined program charter, to ensure widespread visibility and understanding of IAM activities.
Representation from key business units and legal, risk management, and compliance departments is recommended for a governance steering committee. It will be an authoritative voice for IAM-related policies, procedures, and acceptable standards; furthermore, inclusion of these stakeholders ensures that IAM service delivery components will be more effectively implemented within acceptable business operating boundaries.
While it is a pivotal component to IAM service delivery capability, governance is often overlooked, loosely organized, and placed within the IT departments responsible for technology service delivery without direct input from company stakeholders. Multiple case studies from multiple research firms have shown that this disconnect is the leading cause of IAM program failures.

Compliance

Compliance architecture enables you to achieve regulatory and policy compliance in the most cost-effective way possible. Businesses must comply with an ever-increasing number of regulatory and legal requirements that affect all levels of the organization. Enterprises need to apply effective controls to comply with these requirements. Our compliance practice can help your enterprise roll out an Identity and Access Management (IAM) solution designed to ensure that access to sensitive systems and data can be controlled and audited. Any given enterprise is typically subject to multiple sets of overlapping regulations that cumulatively build an overall set of compliance requirements. Each enterprise also has its own set of internal information security and audit policies that create additional requirements to be fulfilled by IAM.
Frequently these various requirements have been addressed incrementally over time in the enterprise’s IAM services, leading to an inefficient patchwork of compliance-related solutions and creating unnecessary operational and maintenance expense. A better approach is to develop an IAM compliance architecture that distills the regulations and directives into a concise and transparent “superset” of requirements. This can then be mapped to an IAM solution with the technology tools and business processes to fulfill all the compliance requirements.
A program to implement the necessary IAM solution set can then be formulated on the basis of the compliance architecture. For example, an entirely new IAM solution set might be rolled out if there is none in place or if the existing solution is considered obsolete. Alternatively, if a satisfactory but only partial solution is already in place, the program would integrate additional solution components to enhance or complete the existing IAM solution set.

The ZionTech systems compliance practice can provide your enterprise with the consulting support you need to implement a robust compliance architecture, including:
➢ Analysis of compliance requirements affecting your company.
➢ Workshops with key enterprise stakeholders and subject matter experts to develop and communicate the compliance architecture.
➢ Design of technical IAM infrastructure that will underlie the compliance architecture.
➢ Business process analysis and (re-)design for IAM services.
➢ Roadmap planning and program management for rolling out new or enhanced IAM infrastructure and services.

Access management is the real-time enforcement of application security using Identity-based controls and provisioned access rights. Assuring performance when delivering access services is particularly important, as is having access capability across a wide range of resource types and environments. Businesses can achieve this performance and capability across disparate platforms by using solutions that deploy agents on target technologies or by leveraging standards-based authorization.
For the normal range of business applications, access via web browsers, portals, or client screens on different client platforms must be taken into account, as well as the various interface types that legacy applications support. The company must also assess requirements for access to web services, ensuring that their IAM solution meets all access capabilities.

SSO Federation

Authentication, single sign-on (SSO), and federated solutions simplify the login process for the benefit of both the organization and users without any security compromise. The requirement that a user access multiple applications using different Identity credentials means that those credentials also need to be maintained separately for each application, imposing an additional cost on your organization. Using the same weak password for multiple applications weakens enterprise security.
A better solution is to streamline the login process for multiple applications, so that logging on to one enterprise application allows the user to access other applications without the need to log on separately. SSO solutions that provide this functionality are relatively mature, but their implementation is a little complex.
Recently, enterprises who cooperate with one another have sought to simplify logins by allowing users who have successfully logged on to one enterprise’s applications to transparently re-authenticate to a partner enterprise’s applications. Underlying this technique is the concept of federated identity, in which each enterprise has agreed to recognize the validity of the other’s identity credentials and authentication (login) procedures. While not as widespread as SSO solutions, federated identity solutions are also maturing, aided by industry standards for securely issuing and recognizing identity assertions.
Our authentication, single sign-on (SSO), and federated identity solutions give full lifecycle services for SSO and federated identity projects, including:

• Development of a strategy and architecture for SSO and federated identity.
• Implementation and application integration.
• Review and assessment of existing solutions.
• Risk analysis and risk mitigation frameworks for mutual recognition of identity credentials and identity assertions in a federated identity regime.
• Implementation of SSO solutions across legacy and web-based applications.

Enterprise Gateway

Companies worldwide are actively deploying service-oriented architecture (SOA) infrastructures using web services, both in intranet and extranet environments. While web services offer many advantages over traditional alternatives (e.g., distributed objects or custom software), deploying networks of interconnected web services still presents key challenges, especially in terms of security and management.
Web services can be implemented using different approaches and technologies that need to be secured at the different stages of the request/response cycle between clients (e.g., users or applications) and service providers (entities providing web services).
There are several security layers between clients and web services providers. The first, also known as “perimeter security” or “first line of defense,” is referred to as the demilitarized zone, or DMZ. The second security layer, or “green zone” (to continue with the military analogy), is located behind the inner firewall of the DMZ. In some cases, the green zone may include several security sub-layers designed to further filter access to web services. Finally, the last security layer, or “last-mile security,” is provided by agents co-located with the web services or applications to be protected. For example, Oracle Enterprise Gateway is tightly integrated with Oracle Access Manager, Oracle Entitlements Server, Oracle Web Services Manager, and Oracle SOA Suite to provide transport- and application-level security across all layers involved in web services requests.

All businesses interact digitally with their customers. The percentage of digital interactions is growing and will continue to grow. Companies are preparing to make customer digital interactions as painless as possible for their customers while at the same time trying to glean meaningful customer behavior patterns. All this while being mindful of security and privacy and adhering to compliance and governance mandates.

ISVs have recognized that IAM solutions which were tailored to employees within enterprises are not well suited to CIAM and are offering new software better suited for CIAM.

ZionTech has added CIAM to our services portfolio to complement our traditional enterprise IAM services. We offer services to support CIAM projects no matter the software being used. We continue to work with our long time partners like ForgeRock and Okta while rapidly growing our CIAM practice to include new CIAM vendors.

In addition to our traditional IAM services, we support CIAM solutions throughout the lifecycle of a customer to better support customer interactions, understand customer behavior, and drive revenue and innovation fueled by a better understanding of customers. Our CIAM offerings help ZionTech’s customers with :

• Customer Acquisition
• Customer Authentication
• Customer Retention
• Customer Self-Service
• Customer Experience
• Customer Behavior Analytics

while co-existing with legacy IAM solutions or in greenfield CIAM installation.

Enterprise user directories are the foundation of any IAM implementation, storing user account, profile, and real-time information that supports the application authentication and authorization features. Over time, many companies have built multiple such repositories in order to support their growing regulatory and organizational needs. As requirements evolve, the support and maintenance of these systems grow more complex and costly, and information duplication and lack of compliance policies cause frequent challenges.

ZionTech’s team of directory services experts has worked with countless enterprise clients to design and implement directory solutions that can scale with their evolving needs. Often this includes consolidating multiple LDAP-based repositories into a single enterprise-wide user store and designing processes that improve efficiencies during on-boarding and off-boarding of user accounts.

Our directory services include:
➢ Advising on enterprise directory implementations, including LDAP consolidation initiatives.
➢ Scoping and planning enterprise user directory solutions.
➢ Design of logical and physical architectures for directory infrastructure.
➢ Implementing LDAP-based user stores.
➢ Migrating data from legacy repositories.
➢ Outsourcing maintenance and production support for LDAP infrastructure.

A web service consumer invokes a web service by submitting a request in the form of an XML document to a web service provider. The web service provider processes the request and returns the result to the web service consumer in an XML document. Web services can also be directly invoked from web browsers, which mainly use the Hypertext Transport Protocol (HTTP) to carry out transactions. This means that traditional network firewalls alone are not enough to secure access to web services.
With this increased level of integration comes a host of security concerns, which our web services security practice can assist you in addressing. ZionTech has broad experience with web services security. We work with multiple vendors, giving us a broad understanding of the associated standards and technology, as well as detailed product-specific knowledge.

We leverage this knowledge and experience to provide our clients with web service security consulting services, such as:
➢ Preparation of enterprise web service security reference architectures and blueprints.
➢ Design and development of web service security XML firewalls.
➢ Integration of web service security functionality with application servers, Kerberos authentication services, and back-end systems.

ZionTech provides full lifecycle services for web services security projects, starting from the development of a strategy and architecture through implementation and integration. Additional services include review and assessment of existing solutions.

Although many organizations have taken steps toward managing application security, securing the data at the database level is a domain that still remains highly exposed.

Some of the challenges of data security include:
➢ Which data should be secured?
➢ How should the data be secured?
➢ Will the data security system meet the company’s business requirements?

Leveraging Oracle’s Database Security products, ZionTech Solutions Inc. has designed an approach to secure your organization’s data. This data security solution not only addresses data security at the granular level (that is, rows and columns) but also ensures that the high level SoD policies are maintained and managed.

Mobile security solutions are systems that allow individuals to securely access enterprise resources on personal and mobile devices. The solutions we implement ensure that enterprise resources are delivered in a secured manner, even when the personal devices of individuals are connected to public networks.