Our Security Solutions

Strong past performance has demonstrated OnWire’s capability to deliver high performance, enterprise security solutions to the US Government and commercial Fortune 500 companies. By combining industry standards and leading edge Commercial off-the-Shelf (COTS) software, OnWire provides the best-of-breed security solutions that are field proven and highly interoperable. The following are case studies that highlight several of OnWire’s core competencies:


2-Factor Authentication

Challenge:

The customer needed to allow their administrators to remotely access the system in order to support users. Due to the strict security policies of the federal agency, this required 2-factor authentication.

Solution:

OnWire provided customized engineering using the External Authentication Interface of TAM WebSEAL together with the RSA SecurID APIs to provide a 2-factor authentication mechanism for the enterprise.

Client Value:

  • Achieved strong authentication with improved security
  • Enabled remote administration of IAM system
  • Reduced costs for managing IAM system


Application and Infrastructure Monitoring

Challenge:

The customer required improved capability of monitoring internal applications and network infrastructure.

Solution:

Monitoring capabilities for Identity and Access Management (IAM) components included the IBM Security Suite of Software, as well as:

  • HTTP/s Monitoring of WebSEAL and IBM Http Server
  • LDAP monitoring of IBM Security Directory Server
  • WebSphere JVM
  • Low-level network

Client Value:

OnWire provided the capability to monitor high volume IAM stack with minimal performance overhead. The customer was able to better track performance and usability metrics of their IAM stack, providing them with a deeper understanding of the entire infrastructure.


Attribute-Based Access Controls

Challenge:

The customer wanted an enhanced capability for fine-grained access controls to manage dynamic user roles and groups in their organization.

Solution:

OnWire developed a custom-built, SOAP-based Web Service that interoperated with the IBM Security software suite. The direct LDAP manipulation was developed to manage the process of dynamic Attribute-Based Access Controls (ABAC). A web-based console was also developed, which allowed for the graphical creation of complex attribute based roles.

Products Used:

Client Value:

OnWire provided the customer with a scalable solution to meet their requirements for a custom ABAC solution. With a fine-grained access control mechanism, the client gained more control of their IAM solution – which ultimately improved their governance and security posture.


Federated Single Sign-On

Challenge:

The customer provided numerous web-based services for federal, state, local, and tribal law enforcement officers to aid in solving crimes and catching terrorists. These services were isolated in separated silos and required the users to activate multiple user accounts. The customer wanted to reduce the costs associated with user account management and ultimately increase security.

Solution:

OnWire created a web-based services hub that supported enterprise accounts, as well as all federated accounts, in the form of an enterprise portal. Law enforcement officers now federate into the portal and are capable of automatically accessing all of the services for which they are authorized to use.

Products Used:

Custom Solutions:

  • Trust broker model that connects identity providers with federal service providers
  • SAML 2.0 just in time provisioning
  • Attribute-based access control engine
  • Approval workflows

Client Value:

  • Law enforcement officers now have a one-stop shop for accessing the customer’s services by accessing the enterprise portal
  • The trust broker model has increased security (and decreased costs) by reducing the number of passwords and support services that need to be managed


Going Agile

Challenge:

The customer had a small team of engineers for a large enterprise system. When changes needed to be made, they were overwhelming the team and their deployments were only happening once every 3 months.

Solution:

The development team delivered fewer changes in “mini-builds”, otherwise known as sprints. Every 2 weeks, there would be a delivery to change management – and subsequently to the test team.

Client Value:

By implementing this solution, the customer could pull the trigger on a delivery at any time. Development would deliver a build every 2 weeks regardless of new changes. This way, if customer wanted to wait 3 months and deploy 6 sprints worth of changes at once, they had the capability to do so.

OnWire’s Delivery:

OnWire provided the lead developer resource for this implementation. The process was implemented in 2012 and is still in effect today.


Performance Tuning

Challenge:

A large commercial client (with an extremely large-scale deployment) required assistance with improving performance and scalability of their Identity and Access Management (IAM) solution.

Solution:

OnWire supported one of the largest user populations managed by the IBM Security software suite, including IBM Security Identity Manager, IBM Security Access Manager for Web, and IBM Security Directory Integrator.

OnWire provided in-depth performance analysis of all systems in the client’s IAM environment, as well as offering recommendations for improving performances. Recommendations on both hardware and software tuning were provided and were implemented. The client was able to realize a much higher utilization of existing hardware – reducing ongoing costs and improved ROI.

Products Used:

Client Value:

OnWire enabled the customer to better utilize their existing hardware and software infrastructure in a more cost-effective manner. OnWire provided documentation for a methodology to follow in determining performance issues and where the bottlenecks are normally found in an IBM-based IAM solution.


PIV Smart Card Authentication

Challenge:

The customer was required to participate in a Federal Identity Credential and Access Management (FICAM) program. This required the customer to provide X.509 certificate authentication, which is the foundation of the PIV smart cards.

Products Used:

Solution:

  • OCSP and CRL authentication with DataPower XI50
  • Just in time provisioning with X.509 certificates

Client Value:

  • Extend the customers services to users of the Federal
  • Allow PIV smart card authentication to the customer enterprise
  • Improve security through strong authentication
  • Reduce costs by eliminating password management
  • Provide compliance to HSPD-12


Policy-Based, Fine-Grained Data Access Controls

Challenge:

The customer’s existing solution was highly fragmented and included a mix of ad-hoc solutions across the organization. The customer requested the implementation of a centralized policy-based approach for access control.

Solution:

OnWire established new standards for the client by working directly with the development and operation engineering teams to implement an IBM DataPower solution.

Products Used:

  • IBM DataPower XI52 Appliance
  • IBM DataPower XC10 Appliance

Client Value:

OnWire provided the customer with a basis for a new XACML Policy-based infrastructure, which was built upon in future client infrastructure releases. This infrastructure moved the client closer to their goal of having a non-fragmented and unified view of its Identity Management and Access Controls (IAM).


Refactoring a Poor Delivery

Challenge:

The customer had contracted with another software company to deliver a product, but after a year of development, it failed to work properly. Making changes to the existing code was extremely difficult, and it needed to be fixed in the interim while simultaneously being redesigned.

Solution:

A comprehensive plan was developed to make the software usable as soon as possible. Also, a long-term plan was put in place to be worked on when time allowed. The comprehensive solution included a database schema redesign, data migration plan, and a complete framework redo (that would be linked into the current GUI).

Client Value:

The new solution was modular, which meant it could be tackled in more digestible pieces – as well as allow components to be added or taken out as necessary.

OnWire’s Delivery:

OnWire provided the lead developer resource for this implementation. As of today, the plan is still in effect – and the customer feels more comfortable and secure about their future with the product.


Risk-Based Authentication

Challenge:

The customer sought to protect their portal from being spoofed through phishing techniques. In addition, the customer wanted to ensure that all compromised user accounts would be rendered incapacitated.

Solution:

OnWire applied specialized skills and unique knowledge across multiple vendor solutions to create an industry-first integration of IBM Security Access Manager with RSA Adaptive Authentication. The solution resulted in:

  • Custom authentication module, using IBM Security Access Manager WebSEAL’s external authentication interface (EAI)
  • Developed the RSA Adaptive Authentication APIs for risk-based authentication and anti-phishing

Client Value:

  • Protects the customer’s web-based services from unauthenticated access
  • Prevents phishing attacks by ensuring to users that they are on the customer website

OnWire’s Delivery:

OnWire created the risk-based authentication the client was seeking. OnWire’s final delivery:

  • Achieved strong authentication for web-based services
  • Reduced costs and lowered energy requirements by providing enterprise-level authentication


Continuing Education Real-Time Provisioning

Challenge:

The customer’s continuing education community needed real-time provisioning from Banner source to downstream identity systems.

Solution:

The first step was the creation of an IBM-software solution that connects to the customer’s Banner systems. The next function of the solution was the process of submitting these updates to IBM Security Identity Manager for identity management and provisioning.

The final step of the total solution was the customization of the IBM Security Identity Manager LDAP Adapter. This Remote Method Invocation (RMI) customization, which utilized IBM DB2 Enterprise Server, maps selected organizational and educational attributes for modifications and searches.

Products Used:

Datasheet:

OnCloud Datasheet

.