True COTS means that Soch products meet all of the client's business requirements out of the box.

Soch offers a unique way to address implementing a COTS solution—we work with clients to gather client-specific requirements and embed them in the product so that it is a true out-of-the-box solution.

Soch offers highly secure identity and access management components that allow the client to choose what is best for them versus procuring a black box solution of tightly coupled components that are bundled into packages that include components the client may not need.

Identity Management

The Soch Identity Management product provides full and comprehensive identity validation to ensure only authorized individuals gain access to your private corporate resources. We leverage the latest thinking in multi-factor authentication and backend proofing techniques either via 3rd party or your corporate proofing resource. We utilize advanced federation mechanisms to provide a centralized view of identity security policies and to integrate your backend legacy security products and provide a unified view across multiple corporate domains.

For those clients desiring to migrate away from legacy security products, Soch offers a migration path to more fully leverage Identity Management capabilities.

Individual features of the Soch Identity Management product offering include but are not limited to the following:

Some features listed above are also available as individual standalone services pending an assessment review of the client’s “As-Is” infrastructure

As with all Soch products, Identity Management components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Access Management

The Soch Access Management product provides full and comprehensive authorization capabilities to ensure that once individual identity has been established that the individual can only access those corporate systems and services specified by internal security policies. Our role based approach greatly simplifies integration of these services and provides ongoing ease of maintenance for our clients.

Individual features of the Soch Access Management product offering include but are not limited to the following:

Some features listed above are also available as individual standalone components pending an assessment review of the client’s “As-Is” infrastructure.

As with all Soch products, Access Management components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Single Sign-On

Many security experts in the industry agree that the biggest single security vulnerability is having security credentials breached and used for unauthorized access to your corporate infrastructure. Soch shares this view and sees SSO as a capability that can dramatically lower security risks and vulnerability of corporate infrastructures to hackers.

Complex passwords are often written down and become opportunities for security breaches once discovered. One user ID and one password are all that is required to use the Soch SSO functionality. User productivity is increased in a meaningful way and user frustration is dramatically reduced. Password reset requests also are significantly reduced with SSO in place.

There are also meaningful benefits to be realized on the security administration side as well. Soch leverages role based authorization to control access to your internal corporate applications. This approach dramatically reduces legacy security system administrative maintenance as once individual security policies are organized into specific roles within your organization on-boarding and off-boarding of resources becomes easy and simple.

As with all Soch offerings, Single Sign-On components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Reporting and Analytics

Soch offers clients rich and comprehensive reporting and analytics features. This functionality establishes the foundation for security governance disciplines. We can take your persisted log information from multiple domains and consolidate it for a dynamic and user friendly reporting and analytics platform.

Soch offers a full suite of user activity based reports that help corporate management and security personnel maintain a single and comprehensive view of the effectiveness of all security policies in the client production environment.

Additionally, Soch provides the capability for authorized users to create custom reports and to store those report criteria for subsequent re-use.

As with all Soch products, Reporting and Analytics components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Logging and Auditing Features

Thorough logging of all user actions during authorized sessions provides the foundation for governance, reporting and analytics to ensure clients have full confidence that their security policies are being enforced. Soch offers a comprehensive logging capability that collects detailed information about all user actions performed or attempted to be performed during authorized sessions.

Additionally, attempts to gain access to your corporate infrastructure are also logged such that analysis can be done and alerts immediately sent to corporate management and security personnel.

All information captured regarding user actions performed or attempted is persisted to databases that provide the foundation for all auditing, reporting, and governance activities.

As with all Soch products, Logging and Auditing components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

One Time Password Feature

Often clients find a need to issue a one-time password to strengthen identity verification in support of an Identity and Access Management (IAM) solution. Soch offers a set of components that provide support for one-time passwords. This feature is intended to augment and bolster multi-factory authentication approaches to increase security and reduce the odds of security breaches. This capability is designed to be flexible and provide clients with multiple options to communicate the one-time password to a user which is sent via email or a message to a cell phone.

As with all Soch products, One-Time Password components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Session Management Feature

Soch Session Management functionality provides comprehensive session management control for all of your internal corporate business applications. This is often a critical security vulnerability in corporate infrastructures that is overlooked. When users fail to logout of applications, session artifacts are left on the server infrastructure and provide hackers with a vulnerability to access your corporate applications and data. If users close the browser in which they are working or reboot or shutdown the device they are using, these actions will also result in orphaned sessions that can become security vulnerabilities. Even with designated time outs for periods of user inactivity if these session objects are not properly invalidated they pose security risks.

A superior approach is to leverage Soch’s session management functionality to provide strong control over all your users’ sessions such that they never become security vulnerabilities. Soch leverages advanced session management techniques that are highly reliable and secure to establish control over these session objects and to ensure they are invalidated so they are of no use to potential hackers that seek to breach your corporate security measures to gain access to your corporate resources.

As with all Soch products, Session Management components are implemented with a loosely coupled, platform independent, highly scalable architecture that provides high value, ease of use, and low cost of ownership to our clients.

Governance

IAM Governance is Critical

Transitioning to an IAM product and associated features can move organizations a long way down the security continuum. New technologies and emerging architectural frameworks have made it possible to protect corporate infrastructures in unprecedented ways. Analytics can be leveraged to provide deep insight into the corporate security space.

What many organizations struggle with is how to best use all this new information and to provide management oversight and governance that gives designated management the ability to make better decisions about security policies and to make appropriate adjustments very quickly if security weaknesses are pinpointed. There are also instances where organizations can learn from security breaches in other organizations and quickly implement appropriate changes in security policy to mitigate newly realized risks.

The IAM governance body is the management arm responsible for creating and maintaining all organizational IAM security policies. It is critical to understand that an IAM implementation is not a project with defined begin and end dates but rather a permanent part of the organization, which requires oversight and management. The governance body addresses basic and complex security matters such as composition of user ids and passwords, reset criteria, on-boarding and off-boarding of individuals, recertification, authentication/authorization policies, service-level agreements, and overall corporate security policies. It is often useful to include technical supporting members who can participate in discussions around the level of technical effort required to implement a new security capability or technology that is under consideration.

How Soch Can Help

Soch provides professional facilitation to assist corporate management in establishing governance bodies with proper definition of roles and responsibilities such that the benefits of modern IAM are fully realized. Our facilitators can help organizations down the governance continuum by assisting with role definition, security delegation policies, and how best to manage approvals for security access requests. Ideally, this work should begin in conjunction with the technical IAM implementation.

Soch’s experience and research indicates that it is good to start small and to grow the governance capability over time. Responsibilities have to be aligned and the members have to get accustomed to a new way of looking at managing security at an organizational level and to transition away from a silo approach to managing security policy.

Soch offers rich analytics and reporting capabilities as well as experience educating and facilitating management on the importance of IAM governance.