1 Introduction
Today’s businesses need support for secure and convenient ways to enable business partners, B2B customers, consumers and even employees or contractors to securely access resources across their digital properties. Organizations are finding that they must provide a variety of authentication methods and assurance levels to address different kinds of use cases, risk adaptive authentication and authorization mechanisms to support policy-based access controls, self-service identity management for consumers, identity federation for partners and B2B customers, and layered security for applications.
For partners and contractors, identity federation is a must. On the consumer side, businesses need to accept social logins and mobile devices as authentication factors. For all kinds of users, risk-adaptive authentication, the ability to “step-up”, is a necessity depending on the type of access or transaction. Compromised credential, fraud, and cyber threat intelligence can help mitigate identity related risks.
For identity management (IDM), the ability to provision and de-provision users in a timely manner is critical, not only for business enablement but also to diminish the possibility of data loss when contractual relationships end. Attribute assignment and management is a key to proper policy-based access control operations. For banking, retail, insurance, and similar industries, consumers need online facilities to register, edit their information, and give/withdraw consent.
Web applications and their connected backend infrastructure need multiple layers of protection. Web apps are susceptible to many different kinds of attacks. Network level controls and service level authentication and authorization can help reduce the risks. Integration with IDM systems can be beneficial.
IDM system owners need visibility of all the kinds of activities that are going on across their enterprises. High-level statistics are useful for NOCs and capacity planning. Details on IAM and IDM events are essential for security analytics solutions.
Many point solutions and suites of products or services possess some or all of the characteristics to help businesses meet these objectives. AdNovum is a Swiss-based enterprise providing software solutions, application management, and professional services in the area of IT security. They provide their services and software solutions to a large regional customer base, with particular strengths in finance, insurance, and government. Founded in 1988, they leverage their substantial experience with a variety of customers to design and continuously develop software solutions. AdNovum has software development operations in Hungary, Portugal, Vietnam and Singapore.
Their flagship offering is NEVIS Security Suite, which covers a broad spectrum of features in the area of IAM, CIAM, and WAM. Customers use it in both B2E and B2C scenarios. The AdNovum NEVIS Security Suite is implemented in Java and is made available either as nevisAppliance (hardened, pre-configured Linux-system to be run as a VM or on Intel hardware) or as a traditional software distribution to be installed on various platforms such as Linux or in IaaS.