CryptoCard BlackShield ID
Strengths: Nicely integrates into a Windows environment. Easy to manage once deployed
Weaknesses: Not a lot, other than the complexity of the initial installation
Verdict: Very strong solution with a lot of nice features, not a bad price
BlackShield ID is a web services-based strong authentication server providing integrated provisioning and management. It installs as an application inside IIS and tightly integrates with standard Microsoft server components, including IAS 2003, SQL 2005, Active Directory and Event Viewer.
It did require quite a few server-side dependencies, such as Microsoft IIS, ASP.net 2.0, .Net 2.0 Framework and Internet Authentication Service (IAS/2003). It took a couple of hours to load everything, but it was worth it because BlackShield ID was completely integrated without infrastructure, ie Active Directory, and required no additional schema modifications. The product shipped with a default database, PostgreSQL 8.3. Support for optional databases includes MS-SQL 2005, MySQL 5+ and Oracle 10g.
The entire BlackShield configuration is done post installation from a browser. The management interface was 'busy', but surprisingly easy to use. Both local and remote management is supported. The interface was so easy to use we were comfortable jumping right in, even before reading the admin and user guide.
We really liked the workflow automation, including the user self-enrolment features. Authentication agents for applications such as OWA, Remote Web Workplace, SharePoint, Citrix and others are included. There was support for a wide range of hardware, software and zero-footprint tokens (SMS) as well as OATH-compliant ones. The CryptoCard tokens can generate numeric, alphanumeric and complex passcodes.
Reporting and audit capabilities were great. Realtime activity monitoring, management-by-exception features for notifications when security polices are exceeded and standard built-in reporting were all very strong.
The product is enterprise-ready, with high performance scalability and high availability features.
Multiple support options are available as a fee-based option and include email and phone support for both 8/5 and 24/7. Documentation is very well done.
BlackShield delivers a lot of punch, but needs considerable work to roll out. Ongoing management is required but simplified, as discussed.