Cryptocard Blackshield Cloud
Strengths: Simple deployment, well designed and easily customised management and user portals, very good value, extensive migration support
Weaknesses: Nothing of any significance
Verdict: A sophisticated cloud based two-factor authentication service that’s easy to deploy and manage and a lot better value that trying to do it all yourself
BlackShield Cloud is designed to be simple to deploy and capable of slotting in neatly with a company's workflow processes. At its foundation it redirects user login requests from authentication devices and applications to its own secure servers and permits access to network resources only when the correct credentials have been provided. Cryptocard supports most authentication devices and essentially takes over the RADIUS authentication process. It requires the device to be reconfigured to relay incoming user login requests to its cloud-based servers.
The latest version has sharp focus on service providers, and one of many new features is its delegated management. to make Blackshield Cloud a commodity service. A key scenario would be where a service provider wants to supply 2FA services but be able to have another company manage them.
Multi-tier management is another new feature which is also aimed at resellers and service providers, and allows them to add value by delivering 2FA services to customers from within their own account. This feature also allows parent companies to easily integrate new acquisitions into their existing 2FA model.
Support for Active Directory is provided with an LDAP agent that can upload user lists to the Blackshield Cloud servers. Security concerns are dealt with by the agent as it avoids exposing the LDAP server to the internet by acting as a buffer between it and the Blackshield Cloud servers.
An enhanced agent is now available which adds support for OpenLDAP, SQL and Oracle databases that store lists of user details. It provides LDAP auto-provisioning so as new users are added to a group, the agent sends their information to the Cryptocard servers which apply predefined rules to send users the appropriate token.
Companies can move away from existing token-based 2FA products in a controlled manner with the Blackshield Cloud migration agent. This supports their continued use as the agent forwards requests onto the token server until you choose to revoke them or they have expired, so allowing a phased migration to the Cryptocard service.
An additional migration feature now allows RSA users to import their token details into the Cryptocard service. This takes over RSA on-site management services, and as RSA tokens expire they can be replaced with Cryptocard tokens. Deployment is managed by the chosen Cryptocard channel partner and their service can include on-site support if required. You have two options for hardware tokens and you can purchase them for a one-off cost or lease them. Typical hardware tokens supported include keychain or credit-card varieties.
The administrative portal has been redesigned to make it easier to use, and the customer sign-up processes have been simplified. The portal provides all the facilities for managing users and tokens, and you can use pools for simplifying token and serial number management.
Along with plenty of standard hardware and software tokens, Cryptocard supports SMS where one-time passwords are delivered to a user's mobile. It can integrate with existing SMS gateways and provides tools for branding SMS messages and emails with logos.