SlideShare a Scribd company logo

securing-consumer-portals-consumer-access-management-as-business-driver-and-protector

Milos Pesic
Milos Pesic
1 of 12
Download to read offline
Securing Consumer Portals: Consumer Access Management as Business Driver and Protector
2 A Growing Need for Simple, Secure Consumer Access 1 Statista, “Statistics and facts on mobile internet usage.” 2 Bolton, Hazel, “Shopping Cart Abandonment Rate Statistics,” Formisimo, February 20, 2015. 3 Verizon, “2015 Data Breach Investigations Report,” 2015. Managing user access has been a top-of-mind concern for IT and security experts for years, but the realities of today’s application economy have recently made it a more urgent and challenging topic to address. This is especially true for customer- and partner-accessed applications, because the proliferation of mobile devices, apps and social media have conditioned users to expect a simple, seamless way to authenticate and interact with their favorite brands. While these endpoints represent new opportunities to enhance the customer experience, they’re also attractive points of exposure for hackers and other cyber criminals to attack. This has CIOs asking the question, “How do we make it easy for customers to interact with us, while still protecting their identities and sensitive data from harm?” And how they answer that question can mean the difference between success and failure—for themselves and the business. 63%of mobile users will access online content through mobile devices by 2017.1 68%of shoppers abandoned online shopping carts worth an estimated $4.9 trillion in 2015.2 95%of web application breach incidents involve using stolen customer credentials to log in.3 2
3 The Flaws of Password-Driven Security Frustrating users is the quickest way to drive them into competitors’ arms. And of course, once an organization is compromised by an attack, it faces significant damage to both its reputation and bottom line. Complex passwords are difficult to remember and make it frustrating for customers and partners to manage their identities. No matter how “strong” a password is, it can still be compromised by such attacks as phishing, man-in-the-middle (MITM), brute force and spyware. Oftentimes, they’re content with a standard user name and password approach, with complex composition rules or PIN numbers for security. However, there are two significant problems with this approach: Most CIOs understand that a rich, dynamic and easy-to-navigate digital presence—whether a mobile app, Web portal or both—is critical for building and sustaining effective relationships with their customers and partners. They’ll spend incredible resources refining the user interface and increasing performance and speed in the hopes of exceeding customers’ ever-increasing expectations. Why is it, then, that many fail to put the same energy and thought into managing and securing their customers’ identities? 1. 2. 3
4 Gartner Research, “Consumer Identity and Access Management Is a Digital Relationship Imperative,” G00293444, December 30, 2015. From Stopgap Solution to Comprehensive Access Management Strategy The fact is, complex passwords were a stopgap solution for a problem that has become business-critical: accurately identifying legitimate users from fraudulent ones. And in an increasingly competitive market, businesses like yours simply can’t risk driving customers or partners away due to a frustrating or risky user experience. What’s needed is a more comprehensive strategy—one that not only simplifies the identity management experience for customers and partners, but also ensures privacy and protection of sensitive data. Gartner refers to such a strategy as Consumer Identity Access Management (CIAM). According to Gartner: “Organizations should plan on the scope of digital business expanding to encompass the use of smart devices, such as increasingly intelligent vending machines, ATMs, cars (that can interact with a consumer’s phone) and even cardiac pacemakers. Because more of the devices that we rely on for our health and safety now include a software component, properly controlling consumer access and engagement with systems has moved from an issue of convenience to an issue of financial risk management and physical safety.” In other words, a CIAM strategy is no longer a “nice to have,” but rather a critical success factor in the application economy. 4
5 On its surface, CIAM is all about managing customer or partner identities with a similar level of care and attention as employee-facing identity and access management (IAM). That said, there are some unique capabilities that make consumer access management (CAM) stand apart—and enable you to provide a secure, unified and compelling customer experience across multiple channels. Unique Requirements for Consumer Access Management Social Registration When users can leverage their existing social media identities (e.g., Facebook, Twitter, Google+, etc.) to log into your site or portal, it streamlines the login process and gives them one less password they have to remember. Yet while social logins reduce friction, they can be insecure themselves, so it’s important to have step-up authentication processes in place when more sensitive transactions are being attempted. SSO and Federation If you can provide seamless access for customers and partners to all of your web applications, portals and security domains via a single sign-on, it makes it easier for them to consume more of what you offer, which helps strengthen your relationships and open up new—or bolster existing— revenue streams. Context-Sensitive Security Whether users authenticate with social media credentials or log in directly with a password, both are inherently insecure, as they can be easily stolen. As a result, it’s critical to be able to apply risk analysis and user behavior profiling to the authentication process, so you can more accurately identify legitimate users from fraudulent ones. And, when the context of the access appears too risky, you can issue an out-of-band challenge to their registered mobile device. 1. 2. 3. 5
The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force attack. Additionally, the CAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent ACCESS Breach Prevent SECURITY Breach 1 2 3 6
The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. The CAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent SECURITY Breach 1 2 3 Prevent LOG-IN Breach 7
The CAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent ACCESS Breach 1 2 3 Prevent LOG-IN Breach 8
What Can CAM Do for You? … authenticate customers and partners connecting from multiple devices and interfaces supporting a wide range of identity credentials? Efficiently deploy and provide secure access control to applications and capture new growth and innovation opportunities with customers and partners. … provide access to multiple applications and services from the same authentication transaction? Enable users to sign on once for a secure and unified online experience, reducing frustration and increasing engagement. … analyze risk based on behavior, device and location and initiate step-up authentication when risk is high? Deliver consistent, centralized security management that supports multiple access methods and heterogeneous applications, so you can protect your business from fraud, hackers and other threats. What if you could … With CA Single Sign-On and CA Advanced Authentication as your CAM solution, you can: 9
About the Solution from CA Technologies With CA Single Sign-On and CA Advanced Authentication as your CAM solution, you can give customers and partners secure access to essential information and applications—whether on-premises, in the cloud, from a mobile device or at a partner’s site. • Flexibility to support traditional access management (i.e.,“tightly coupled”) and federation (i.e., “loosely coupled”) • Support for SAML 2.0 profiles for accessing SaaS apps, OAuth 2.0 for social media identities and STS translation to WS-Federation for Office 365® • Documented integration with SaaS applications • Ability to restrict access by user, role, groups, dynamic groups or exclusions • Fine-grained authorization at the file, page or object level • Access decisions or redirection of users based on type or context of authentication or authorization request • Centralized administration and auditing • Enhanced Session Assurance with DeviceDNA™, a patent-pending device identification technology native to CA Single Sign-On • Strong defense from session hijacking with Session Linker, which extends protection to applications (e.g., SAP, WebSphere, etc.) that use their own session cookies Federation and Open Standards Authorization and Access Management Session Management and Security Key capabilities include: 10
As part of the larger suite of CA Security solutions, CA Single Sign-On has contributed to notable benefits for customers. CA Single Sign-On increases confidence in protecting against security breaches “by creating a consistent and secure front door.” — Donald Murphy, IT Manager, First Niagara Financial Group, Inc. “CA Single Sign-On (formerly CA Siteminder®) has significantly simplified securing our environment.” — Rob Blucker, IT Director, Everence Financial Why CA for CAM? 71%OF BUSINESSES ARE BETTER ABLE TO ENGAGE WITH THEIR CUSTOMERS. EVERENCE FINANCIAL WAS ABLE TO: Bring new apps to market more than 20% faster Increase revenue through faster delivery of new services Improve employee productivity by up to 10% The above customer data comes from TechValidate research commissioned by CA Technologies. 11
How Secure Are Your Consumer and Partner Portals? Simplifying sign-on, authentication and the overall user experience is key to keeping your customers and partners coming back for more—but not at the expense of protecting your business-critical applications and data. With CA Single Sign-On and CA Advanced Authentication, you can protect and propel your business in the fast-moving and ever-evolving application economy. For more information, visit ca.com/single-sign-on Copyright © 2016 CA. Office 365 is a registered trademark of Microsoft Corporation in the United States and/or other countries. All rights reserved. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document does not contain any warranties and is provided for informational purposes only. Any functionality descriptions may be unique to the customers depicted herein and actual product performance may vary. 200-202562 CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. 12

Recommended

What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
American Banker Executive Summary - Digital Trust
American Banker Executive Summary - Digital TrustAmerican Banker Executive Summary - Digital Trust
American Banker Executive Summary - Digital TrustBenjamin Wyrick
 
CRO PROS - Customer Idendity and Access Management via Social login
CRO PROS - Customer Idendity and Access Management via Social loginCRO PROS - Customer Idendity and Access Management via Social login
CRO PROS - Customer Idendity and Access Management via Social loginCatchi
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
test
testtest
testpixeldemo
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyGigya
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 

Recommended

What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
American Banker Executive Summary - Digital Trust
American Banker Executive Summary - Digital TrustAmerican Banker Executive Summary - Digital Trust
American Banker Executive Summary - Digital TrustBenjamin Wyrick
 
CRO PROS - Customer Idendity and Access Management via Social login
CRO PROS - Customer Idendity and Access Management via Social loginCRO PROS - Customer Idendity and Access Management via Social login
CRO PROS - Customer Idendity and Access Management via Social loginCatchi
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
test
testtest
testpixeldemo
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyGigya
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 
ThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersGigya
 
Event Guide V8
Event Guide V8Event Guide V8
Event Guide V8ThreatMetrix
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Shortkevinjoy
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaPriyanka Aash
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
White Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known CustomersWhite Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known CustomersGigya
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
White Paper: Winning with Gamification
White Paper: Winning with Gamification White Paper: Winning with Gamification
White Paper: Winning with Gamification Gigya
 
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...Caroline Johnson
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!Caroline Johnson
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age Cartesian (formerly CSMG)
 

More Related Content

What's hot

ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 
ThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersGigya
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Shortkevinjoy
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaPriyanka Aash
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
White Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known CustomersWhite Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known CustomersGigya
 
White Paper: Winning with Gamification
White Paper: Winning with Gamification White Paper: Winning with Gamification
White Paper: Winning with Gamification Gigya
 

What's hot (19)

ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
 
ThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted Egan
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
 
Event Guide V8
Event Guide V8Event Guide V8
Event Guide V8
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for Banks
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Short
 
The Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social MediaThe Newest Element of Risk Metrics: Social Media
The Newest Element of Risk Metrics: Social Media
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
 
76 s201923
76 s20192376 s201923
76 s201923
 
White Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known CustomersWhite Paper: Turning Anonymous Shoppers into Known Customers
White Paper: Turning Anonymous Shoppers into Known Customers
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking Havoc
 
White Paper: Winning with Gamification
White Paper: Winning with Gamification White Paper: Winning with Gamification
White Paper: Winning with Gamification
 

Similar to securing-consumer-portals-consumer-access-management-as-business-driver-and-protector

Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...Caroline Johnson
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!Caroline Johnson
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and ThreatsBPalmer13
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementEMC
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityAppsian
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft ErpAppsian
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsUbisecure
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!Caroline Johnson
 
Implementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionImplementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionAbhishek Agarwal
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Identity and Access Management The Key to Strong Cybersecurity.pdf
Identity and Access Management The Key to Strong Cybersecurity.pdfIdentity and Access Management The Key to Strong Cybersecurity.pdf
Identity and Access Management The Key to Strong Cybersecurity.pdfEnfology Services
 

Similar to securing-consumer-portals-consumer-access-management-as-business-driver-and-protector (20)

Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
Guide To Build vs. Buy_ An Identity Management Solution in the Media Industry...
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
main project doument
main project doumentmain project doument
main project doument
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_brief
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining Security
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
 
Implementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionImplementing Phishing Resistant Solution
Implementing Phishing Resistant Solution
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
Identity and Access Management The Key to Strong Cybersecurity.pdf
Identity and Access Management The Key to Strong Cybersecurity.pdfIdentity and Access Management The Key to Strong Cybersecurity.pdf
Identity and Access Management The Key to Strong Cybersecurity.pdf
 

securing-consumer-portals-consumer-access-management-as-business-driver-and-protector

  • 1. Securing Consumer Portals: Consumer Access Management as Business Driver and Protector
  • 2. 2 A Growing Need for Simple, Secure Consumer Access 1 Statista, “Statistics and facts on mobile internet usage.” 2 Bolton, Hazel, “Shopping Cart Abandonment Rate Statistics,” Formisimo, February 20, 2015. 3 Verizon, “2015 Data Breach Investigations Report,” 2015. Managing user access has been a top-of-mind concern for IT and security experts for years, but the realities of today’s application economy have recently made it a more urgent and challenging topic to address. This is especially true for customer- and partner-accessed applications, because the proliferation of mobile devices, apps and social media have conditioned users to expect a simple, seamless way to authenticate and interact with their favorite brands. While these endpoints represent new opportunities to enhance the customer experience, they’re also attractive points of exposure for hackers and other cyber criminals to attack. This has CIOs asking the question, “How do we make it easy for customers to interact with us, while still protecting their identities and sensitive data from harm?” And how they answer that question can mean the difference between success and failure—for themselves and the business. 63%of mobile users will access online content through mobile devices by 2017.1 68%of shoppers abandoned online shopping carts worth an estimated $4.9 trillion in 2015.2 95%of web application breach incidents involve using stolen customer credentials to log in.3 2
  • 3. 3 The Flaws of Password-Driven Security Frustrating users is the quickest way to drive them into competitors’ arms. And of course, once an organization is compromised by an attack, it faces significant damage to both its reputation and bottom line. Complex passwords are difficult to remember and make it frustrating for customers and partners to manage their identities. No matter how “strong” a password is, it can still be compromised by such attacks as phishing, man-in-the-middle (MITM), brute force and spyware. Oftentimes, they’re content with a standard user name and password approach, with complex composition rules or PIN numbers for security. However, there are two significant problems with this approach: Most CIOs understand that a rich, dynamic and easy-to-navigate digital presence—whether a mobile app, Web portal or both—is critical for building and sustaining effective relationships with their customers and partners. They’ll spend incredible resources refining the user interface and increasing performance and speed in the hopes of exceeding customers’ ever-increasing expectations. Why is it, then, that many fail to put the same energy and thought into managing and securing their customers’ identities? 1. 2. 3
  • 4. 4 Gartner Research, “Consumer Identity and Access Management Is a Digital Relationship Imperative,” G00293444, December 30, 2015. From Stopgap Solution to Comprehensive Access Management Strategy The fact is, complex passwords were a stopgap solution for a problem that has become business-critical: accurately identifying legitimate users from fraudulent ones. And in an increasingly competitive market, businesses like yours simply can’t risk driving customers or partners away due to a frustrating or risky user experience. What’s needed is a more comprehensive strategy—one that not only simplifies the identity management experience for customers and partners, but also ensures privacy and protection of sensitive data. Gartner refers to such a strategy as Consumer Identity Access Management (CIAM). According to Gartner: “Organizations should plan on the scope of digital business expanding to encompass the use of smart devices, such as increasingly intelligent vending machines, ATMs, cars (that can interact with a consumer’s phone) and even cardiac pacemakers. Because more of the devices that we rely on for our health and safety now include a software component, properly controlling consumer access and engagement with systems has moved from an issue of convenience to an issue of financial risk management and physical safety.” In other words, a CIAM strategy is no longer a “nice to have,” but rather a critical success factor in the application economy. 4
  • 5. 5 On its surface, CIAM is all about managing customer or partner identities with a similar level of care and attention as employee-facing identity and access management (IAM). That said, there are some unique capabilities that make consumer access management (CAM) stand apart—and enable you to provide a secure, unified and compelling customer experience across multiple channels. Unique Requirements for Consumer Access Management Social Registration When users can leverage their existing social media identities (e.g., Facebook, Twitter, Google+, etc.) to log into your site or portal, it streamlines the login process and gives them one less password they have to remember. Yet while social logins reduce friction, they can be insecure themselves, so it’s important to have step-up authentication processes in place when more sensitive transactions are being attempted. SSO and Federation If you can provide seamless access for customers and partners to all of your web applications, portals and security domains via a single sign-on, it makes it easier for them to consume more of what you offer, which helps strengthen your relationships and open up new—or bolster existing— revenue streams. Context-Sensitive Security Whether users authenticate with social media credentials or log in directly with a password, both are inherently insecure, as they can be easily stolen. As a result, it’s critical to be able to apply risk analysis and user behavior profiling to the authentication process, so you can more accurately identify legitimate users from fraudulent ones. And, when the context of the access appears too risky, you can issue an out-of-band challenge to their registered mobile device. 1. 2. 3. 5
  • 6. The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force attack. Additionally, the CAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent ACCESS Breach Prevent SECURITY Breach 1 2 3 6
  • 7. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. The CAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent SECURITY Breach 1 2 3 Prevent LOG-IN Breach 7
  • 8. The CAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Exploring CAM in Action 2 Hacker User Database 3 The user logs into the portal with social credentials, eliminating an opportunity for a new password to be targeted with a brute-force a ttack. Additionally, the CIAM solution initiates a step-up authentication process if/when the user attempts to access a high-risk area of the site. The CIAM solution recognizes and authenticates the device the user is logging in from, enabling access to approved apps and web services and preventing any session hijacking attempts. The CIAM solution grants access to various apps and data based on risk, asking for additional, stronger authentication from the user (e.g., a one-time password sent via SMS) when the risk level crosses a certain threshold. Log-in Access Security User ID 1 www Prevent ACCESS Breach 1 2 3 Prevent LOG-IN Breach 8
  • 9. What Can CAM Do for You? … authenticate customers and partners connecting from multiple devices and interfaces supporting a wide range of identity credentials? Efficiently deploy and provide secure access control to applications and capture new growth and innovation opportunities with customers and partners. … provide access to multiple applications and services from the same authentication transaction? Enable users to sign on once for a secure and unified online experience, reducing frustration and increasing engagement. … analyze risk based on behavior, device and location and initiate step-up authentication when risk is high? Deliver consistent, centralized security management that supports multiple access methods and heterogeneous applications, so you can protect your business from fraud, hackers and other threats. What if you could … With CA Single Sign-On and CA Advanced Authentication as your CAM solution, you can: 9
  • 10. About the Solution from CA Technologies With CA Single Sign-On and CA Advanced Authentication as your CAM solution, you can give customers and partners secure access to essential information and applications—whether on-premises, in the cloud, from a mobile device or at a partner’s site. • Flexibility to support traditional access management (i.e.,“tightly coupled”) and federation (i.e., “loosely coupled”) • Support for SAML 2.0 profiles for accessing SaaS apps, OAuth 2.0 for social media identities and STS translation to WS-Federation for Office 365® • Documented integration with SaaS applications • Ability to restrict access by user, role, groups, dynamic groups or exclusions • Fine-grained authorization at the file, page or object level • Access decisions or redirection of users based on type or context of authentication or authorization request • Centralized administration and auditing • Enhanced Session Assurance with DeviceDNA™, a patent-pending device identification technology native to CA Single Sign-On • Strong defense from session hijacking with Session Linker, which extends protection to applications (e.g., SAP, WebSphere, etc.) that use their own session cookies Federation and Open Standards Authorization and Access Management Session Management and Security Key capabilities include: 10
  • 11. As part of the larger suite of CA Security solutions, CA Single Sign-On has contributed to notable benefits for customers. CA Single Sign-On increases confidence in protecting against security breaches “by creating a consistent and secure front door.” — Donald Murphy, IT Manager, First Niagara Financial Group, Inc. “CA Single Sign-On (formerly CA Siteminder®) has significantly simplified securing our environment.” — Rob Blucker, IT Director, Everence Financial Why CA for CAM? 71%OF BUSINESSES ARE BETTER ABLE TO ENGAGE WITH THEIR CUSTOMERS. EVERENCE FINANCIAL WAS ABLE TO: Bring new apps to market more than 20% faster Increase revenue through faster delivery of new services Improve employee productivity by up to 10% The above customer data comes from TechValidate research commissioned by CA Technologies. 11
  • 12. How Secure Are Your Consumer and Partner Portals? Simplifying sign-on, authentication and the overall user experience is key to keeping your customers and partners coming back for more—but not at the expense of protecting your business-critical applications and data. With CA Single Sign-On and CA Advanced Authentication, you can protect and propel your business in the fast-moving and ever-evolving application economy. For more information, visit ca.com/single-sign-on Copyright © 2016 CA. Office 365 is a registered trademark of Microsoft Corporation in the United States and/or other countries. All rights reserved. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document does not contain any warranties and is provided for informational purposes only. Any functionality descriptions may be unique to the customers depicted herein and actual product performance may vary. 200-202562 CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. 12