AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Authentication - Outsourcing
In the past, authentication projects were usually done in-house. In today's world often the authentication development, deployment and even maintenance is outsourced to reduce costs.
Authentication Development
- Enterprise security
- LDAP directories both physical and virtual
- Identity Management
- Biometrics
- PKI
- WS * protocols
- SAML
- Liberty Alliance
- A well developed methodology for doing authentication design, development, testing and integration
- Extensive references
- Security cleared personnel
Deployment
While offshore labor is cheaper, many companies make mistakes of not checking out the full capabilities of the off-shore team prior to deployment. It all comes down to who the off-shore outsoucer puts on your development team. With the right people, the project can proceed smoothly. However, if the off-shore outsourcer puts inexperienced people on your project, then you can expect lots of trouble.
My advice is to mix the deployment team with a experienced consultant and the off-shore developers. This way you can still reduce the overall project cost while ensuring that the project consultant will keep a close eye on the deplyoment team.
Maintenance
Today, many enterprises are outsourcing all or most of the single sign on and identity infrastructure maintenance. A strong word of caution is advised when doing this.
If the outsouced personnel are able to act as the security system administrators, you are potentially putting your enterprise at high risk. These people have the capability to breach significant portions of your security.
My advice is to have at least the senior adminstrator be an enterprise employee. The rest may or may not be outsouceable. The enterprise needs to feel comfortable that there is a fulltime employee who is keeping all the keys to the kingdom under their possession.
Further, any outsourced worker should undergo security checks in the country they are operating in as well as their home country. As expressed in the paper "Battling Botnets and Rootikits - A Layered Identity Strategy" one of the nine recommended layers of defense is to have security and background checks done for certain types of workers. The outsourced personnel who maintain your security infrastructure definitely fit in this category.
Conclusion
Lots of companies will tell you that they have all of the above. However, it always comes down to whom they assign to your authentication project. I have found that some of the companies are not as reliable as others.
I recommend Persistent Systems in India as a well founded, well managed and highly skilled authentication outsourcer. They have extensive experience designing, building and maintaining single sign on, LDAP based and other forms of authentication systems.
AuthenticationWorld Main Page
Password
Authentication
Single
Sign On Authentication Access
Control Authentication Authentication-Enterprise
Security Authentication
Strength Authentication
Transaction
Authentication
Management User
Authentication Authentication
Federation Biometric
Authentication PKI
Authentication Token
Authentication Wireless
Authentication Document
Authentication
Authentication - Outsourcing
