Solutions

Right individuals having access the right resources at the right times for the right reasons is one of the essentials for the success of an organization. However, a systematic approach and a strategy on how you implement such security solutions are very crucial so that it doesn’t have impact on productivity. ZionTech Solutions Inc. was established in 2008 by a team of security experts with one of the objectives to become a trusted end-to-end systems integrator primarily focusing on Identity and Access Management and other related security solutions. We implement solutions offered by all leading vendors and our expertise is in following security disciplines:

Solutions

Identity Management

As businesses become increasingly collaborative and access to enterprise resources is extended to a diverse set of users, organizations face a complex challenge of managing identities, and authorizing and authenticating users to access sensitive enterprise resources. Management of identities become a challenging task as security policies are often inconsistent and circumventing around authentication and authorization policies is often straightforward.

IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise.

Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.

User Provisioning

Organizations need an automated process to manage the user access to systems within and across partner domains. Some of the common challenges in user life cycle management are:

  • Hire to retire automated Process
  • Ensuring that users are provided access al required accounts on Day one of joining the organization
  • Ensuring that a user is disabled/de-provisioned as soon as his access to a particular resource has been terminated
  • Managing a central repository for user identities

Leveraging popular Identity Management solutions, ZionTech Solutions Inc. helps various organizations to define and manage their user life-cycle. In an organization a user may need access to multiple applications, ranging from web applications to legacy client/server applications. Creating and managing the associated user accounts is often a time-consuming and error-prone. Users (and their supervisors) often experience delays in the setting up of system access the user needs to be productive in his or her job. Auditors complain that there is no way to easily ascertain which users have which access to which systems. There could be security breaches that result from users being left with system access they shouldn’t have when they move from one to another and/or leave the organization.

Identity and Access Management provisioning solution addresses these kinds of problems by providing a centralized solution for managing user accounts across all of an enterprise’s different applications and system platforms. It applies predefined rules to automatically create, modify or disable user accounts, mailboxes, share drive access or other resources based on corresponding events occurring in the target system of record. It offers an interface and workflow tools that can also permit decentralized, user-driven requesting and granting of system access along with a snapshot of a user’s system access across the organization.

ZionTech has been implementing provisioning solutions for customers of all sizes, including global enterprises in a variety of industries. Our Provisioning practice offers a full range of services that include the following:

  • Environment assessments, feasibility studies and proof-of-concept implementations for scoping and planning of enterprise provisioning initiatives
  • Design of logical and physical architecture for provisioning infrastructure
  • Implementation and customization of standard packages for provisioning
  • Business process analysis and engineering for enterprise provisioning services
  • Outsourcing of maintenance and production support for provisioning infrastructure
  • Project and program management for enterprise provisioning

Entitlements

Designing and deploying user entitlements to control users’ access to enterprise applications and data can sometimes be a complex and costly. The regulatory and monetary needs frequently raise the stakes for failure to adequately manage access to information assets. Controlling user access to specific functions and information inside applications is usually enforced application-by-application basis. Every application has its own user classifications, its own access policy model and its own implementation of algorithms for applying the policies to users to allow or deny access. Because the variety of such applications grows in the organization, managing the access rights of individual users across multiple applications becomes complex and tough.

ZionTech has extensive experience in designing and deploying entitlements solutions those can be leveraged across multiple applications. We have helped a number of clients identify requirements, evaluate products and design, and develop and customize implementations. We have extensively utilized the products in POC/live deployments for customers and in developing custom solutions. Some of the highlights of our services include:

  • Requirement analysis for enterprise entitlements services and defining a roadmap for application integration
  • Architecture design for entitlements services
  • Entitlements technology implementation and customization
  • Consulting for policy development and definition of a user classification framework
  • Program management for developing, deploying, extending and maintaining enterprise entitlements service

Role Management

  • Organizations often face the challenge where the number of roles defined for an application is lot more than the number of users. Counting all such applications, the ratio even increases. Typically, this happens since an organization does not have a centrally defined role governance policy and the roles are being created only to provide access to users to different groups.
  • Managing a complete and correct set of roles is the most important and challenging tasks in implementing role based access control. Leveraging popular Role bases Access Control solutions, ZionTech Solutions Inc. can help your organization identify the best approach for role management and work with you to define, create and manage your enterprise roles and their subsequent access.

Governance

Governance is of paramount importance to the overall success of an IAM program. Effective IAM governance requires a well-defined and effective organization responsible for IAM program oversight, steering and accountability. ZIONTECH encourages our clients to include a functional steering committee with a defined program charter to assist in visibility and knowledge of IAM governance activities.

Representation from business units, legal, risk and compliance departments are recommended within a governance steering committee. As governance provides an authoritative voice for IAM implementations regarding policies, procedures and acceptable standards, inclusion of business stakeholders provides an effective and consistent method for interrelating IAM service delivery components within acceptable business operating boundaries.

While being a pivotal component to IAM service delivery capability, governance is often overlooked and loosely organized within IT departments responsible for technology service delivery without direct business input. This disconnect is noted across multiple case studies from multiple research firms as being the leading cause for IAM program failures.

Compliance

Compliance architecture lets you achieve regulatory and policy compliance in the most cost-effective way possible. Businesses must comply with an ever-increasing number of regulatory and legislative requirements that affect all levels of the organization. Enterprises need to apply effective controls that meet compliance requirements. Our Compliance practice can help your enterprise to roll out an identity and access management (IAM) solution architected to ensure that access to sensitive systems and data can be controlled and audited. The compliance architecture concept proceeds from an understanding that a given enterprise is typically subject to multiple sets of overlapping regulations that build an overall set of compliance requirements. The enterprise will have its own set of internal information security and audit policies that create requirements to be fulfilled by IAM.

Addressing these various requirements incrementally over time in the enterprise’s IAM services can lead to an increasingly inefficient patchwork of compliance-related solutions that creates unnecessary costs for operations and maintenance. A better approach is to develop a compliance architecture that distills the superset of IAM-relevant regulations and directives affecting an enterprise into a more concise and transparent set of requirements that can be mapped to an IAM solution set consisting of technology tools and business processes that verifiably fulfill the relevant compliance requirements. A program to implement the necessary IAM solution set can then be formulated on the basis of the compliance architecture. That program might be to roll out an entirely new IAM solution set if there is none in place, or if the existing solution is considered obsolete. If a satisfactory but only partial solution is already in place, the program would cover integration of additional solution components to enhance or complete the existing IAM solution set. The ZionTech Systems Compliance practice can provide your enterprise with the consulting support you need to implement a robust compliance architecture, including:

  • Analysis of compliance requirements affecting your company
  • Workshops with key enterprise stakeholders and subject matter experts to develop and communicate the compliance architecture
  • Design of technical IAM infrastructure that will underlie the compliance architecture
  • Business process analysis and (re-)design for IAM services
  • Road map planning and program management for rolling out new or enhanced IAM infrastructure and services

Access Management

Access management is the real-time enforcement of application security using identity-based controls and provisioned access rights. Assuring performance when delivering access services is particularly important as well as access capability across a wide range of resource types and environments. To achieve this across disparate platforms, businesses can use solutions that deploy agents on target technologies or by leveraging standards-based authorization.

For the normal range of business applications, access via Web browsers, portals, or client screens on different client platforms must be taken into account along with the various interface types that legacy applications support. Organizations must also assess requirements for access to Web services ensuring that their IAM solution meets all access capabilities.

SSO Federation

Authentication, Single Sign-On (SSO) and Federated solutions simplify the log-in process for the benefit of both the organization and users without any security compromise. Requirement for a user to access multiple applications using different identity credentials means that those credentials also need to be maintained separately for each application which is an additional cost to organization. Using the same weak password for multiple applications weakens enterprise security.

A better solution is to streamline log-in process for multiple applications, such that logging on to one enterprise application allows the user to access other applications without the need to log on separately. SSO solutions that provide this functionality are relatively mature, but its implementation is little complex. Recently, enterprises who cooperate with one another have sought to simplify log-ins by allowing users who have successfully logged on to one enterprise’s applications to transparently re-authenticate to a partner enterprise’s applications. Underlying this technique is the concept of federated identity, in which each enterprise has agreed to recognize the validity of the other’s identity credentials and authentication (log-in) procedures. While not as widespread as SSO solutions, federated identity solutions are also maturing, aided by industry standards for securely issuing and recognizing identity assertions.

Our Authentication, Single Sign On (SSO) & Federated Identity solutions give full lifecycle services for SSO and federated identity projects, including:

  • Development of a strategy and architecture for SSO and federated identity
  • Implementation and application integration
  • Review and assessment of existing solutions
  • Risk analysis and risk mitigation frameworks for mutual recognition of identity credentials and identity assertions in a federated identity regime
  • Implementation of SSO solutions across legacy and web-based applications

Enterprise Gateway

Companies worldwide are actively deploying service-oriented architecture (SOA) infrastructures using web services, both in intranet and extranet environments. While web services offer many advantages over traditional alternatives (e.g., distributed objects or custom software), deploying networks of interconnected web services still presents key challenges, especially in terms of security and management.

Web services can be implemented using different approaches and technologies which need to be secured at the different stages of the request / response cycle between clients (relying parties such as users or applications) and service providers (companies or divisions within a company exposing web services).

Several security layers are defined between clients and web services providers. The first security layer, also known as “perimeter security” or “first line of defense,” is referred to as the demilitarized zone or DMZ. The second security layer, or “green zone” to continue with the military analogy, is located behind the inner firewall of the DMZ. In some cases, the green zone may include several security sub-layers designed to further filter access to web services. Finally, the last security layer, or “last-mile security,” is provided by agents co-located with the web services or applications to be protected. Oracle Enterprise Gateway is tightly integrated with Oracle Access Manager, Oracle Entitlements Server, Oracle Web Services Manager, and Oracle SOA Suite to provide transport- and application-level security across all layers involved in web services requests

Directory Services

Enterprise user directories are the foundation of any IDM implementation, storing user account, profile, and real-time information that enable required application authentication and authorization features. Over time, many companies have built multiple such repositories in order to support their growing regulatory and organizational needs. With the evolving requirements, support and maintenance of these systems grow more complex and costly, and challenges due to information duplication and lack of compliance policies are experienced frequently.

ZionTech's team of Directory Services experts has worked with countless enterprise clients to design and implement Directory solutions that can scale with their evolving needs. Often times, this includes consolidating multiple LDAP-based repositories into a single enterprise-wide user store and designing processes that improve efficiencies during on-boarding and off-boarding of user accounts. Our Directory Services include:

  • Advising on enterprise directory implementations, including LDAP consolidation initiatives
  • Scoping and planning of enterprise user directory solutions
  • Designing of logical and physical architectures for directory infrastructure
  • Implementing LDAP-based user stores
  • Migrating data from legacy repositories
  • Outsourcing of maintenance and production support for LDAP infrastructure

Web Services Security

A web service consumer invokes a web service by submitting a request in the form of an XML document to a web service provider. The web service provider processes the request and returns the result to the web service consumer in an XML document. Web services can also be directly invoked from a web browser which mainly use the Hypertext Transport Protocol (HTTP) to carry out transactions. This means that traditional network firewalls alone won’t be enough to secure access to web services.

With this increased level of integration comes a host of security concerns, which our Web Services Security practice can assist you in addressing. ZionTech has broad experience with web services security. We work with multiple vendors, giving us a broad understanding of the associated standards and technology as well as detailed, product specific knowledge. We leverage this knowledge and experience to provide our clients with web service security consulting services such as:

  • Preparation of enterprise web service security reference architectures and blueprints
  • Design and development of web service security XML Firewalls
  • Integration of web service security functionality with application servers, Kerberos authentication services and back-end systems
  • ZionTech provides full lifecycle services for web services security projects starting from the development of a strategy and architecture through implementation and integration. Additional services include review and assessment of existing solutions.

Mobile Security

Mobile security solutions are systems that allow individuals to access enterprise resources on personal and mobile devices in a secured way. The solutions we implement ensure enterprise resources are delivered in a secured manner even when personal devices of individuals are connected to public networks.

Database Security

Though many organizations has taken steps for managing Application Security, when it comes to securing the data at the database level, this is a domain which currently remains highly exposed. Some of the challenges which are predominantly faced while talking of data security are:

  • Which Data to secure?
  • How to secure the data?
  • Will the data security meet the business requirements?

Leveraging Oracle´s Database Security products, ZionTech Solutions Inc. has designed an approach to secure your organizations data. The data security solution not only addresses data security at the granular level (rows & columns) but also ensures that the high level SoD policies are maintained and managed.