Introduction to Advanced Security
In EFT Enterprise, the Advanced Security module enables organizations to centralize their user access controls, improve productivity, and increase adherence to security policies.
Simplicity, Security, and Control
Employees use a growing number of usernames and passwords each day to access their company’s network portal, web mail, benefits system, cloud-based applications, and much more. This can lead to “weak” passwords or the overuse of a single password that, if stolen, can create vulnerability across multiple accounts, while also jeopardizing the security of your organization. Organizations need a solution that gives them more control to enforce strong passwords while providing a user-friendly solution that doesn’t impede or reduce productivity.
Powerful and Convenient Advanced Security Solution
Easily manage and maintain password security in one location. IT administrators face a constant conflict between being able to provide powerful security for their IT infrastructure and making systems easy-to-use for employees. Err too far on either side, and either security or productivity can be compromised.
FIPS-Compliant Ciphers and Algorithms
The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state.
What does this mean for your organization?
-
Benefit to the end user: Advanced authentication provides support for easy-to-use authentication methods, including smart card, single sign-on, and multi-factor authentication options. By centralizing these authentication methods, users can use a single source of authentication across the IT resources they use, including EFT Enterprise.
-
Benefit to administrators: The Security Assertion Markup Language (SAML) protocol/Web Single Sign On (SSO) provides administrators with the ability to easily maintain password security in one location, and the ability to quickly commission and decommission user provisions in one central location. RSA SecurID/RADIUS/CAC support allows EFT to fit in seamlessly with existing authentication measures.
Simplified Management of Authentication
Organizations and their IT administrators gain more control to enforce strong passwords while providing a user-friendly solution that doesn’t impede or reduce productivity.
Centralized Source of Authentication
With the Advanced Security module for EFT Enterprise, identity management is achieved through a centralized source of authentication. Web SSO provides users with the ability to input their credentials once to have secure access to multiple sites, apps, or resources via SAML support.
Remote Authentication Dial-In User (Radius) and RSA SecurID® Integration
Radius allows for integration with third-party solutions, such as SMSPASSCODE for text message verification as a second factor during authentication.
EFT Enterprise is compatible with RSA’s Authentication Manager (AM), version 8.1, for multi-factor authentication in conjunction with Globalscape, LDAP, and ODBC-authenticated sites. Globalscape is also an "RSA Secured" partner.
Common Access Card (CAC) Authentication Support
EFT Enterprise has a broader scope of coverage of Common Access Card (CAC) for PIV, which includes support for the PrincipleName or UPN identifier format and the more generalized RFC822Name support. In EFT, CAC is only available on LDAP-authenticated sites.
Compliance Support
EFT actively monitor compliance by alerting on non-compliance, identifying the cause of non-compliance, allowing reverting of security controls, and implementing mitigation/workaround techniques. The Auditing and Reporting module (ARM) captures all of this activity in a fully relational database.