SlideShare a Scribd company logo

WP Best Practices For Multi-Factor Authentication

M
My-Ly Nguyen

HOW TO STRENGTHEN SECURITY, MINIMIZE COSTS AND SIMPLIFY THE USER EXPERIENCE. Secure Identity Proofing.

Technology
1 of 8
Download to read offline
White Paper BESTPRACTICES FOR MULTI-FACTOR AUTHENTICATION HOWTO STRENGTHEN SECURITY, MINIMIZE COSTS AND SIMPLIFYTHE USER EXPERIENCE
Introduction Securemobileaccesstoenterprisesystemsandinformationcreatesacompetitiveadvantage. Productivityriseswhenemployeescanworkfromanywhere,onanydevice.Employeesand partnersaremoreresponsivewhentheycanaccessyoursystemsfromoutsidethebuilding insteadofwaitinguntiltheycangettoyouroffices.Jobsatisfactiontendstoimprovewhen employersintroducebring-your-own-device(BYOD)polices. Today’sdisappearingnetworkboundariesmagnifytheimportanceofuserauthentication, especiallyinregulatedindustriessuchasfinancialservices,healthcare,pharmaceuticals,andlife sciences.Weakauthenticationpracticescanleadtolossofintellectualproperty,branddamage, publicrelationsdebacles,revenuelossfromsystemoutages,andfinesforcomplianceviolations. The Problem with P@55word5 Theusername/passwordcombinationalonefailstoprotectenterpriseassets.Ina2016study ofmorethan64,000securityincidents,weakorstolenpasswordstoppedthelistofcauses.1 Frequentnewsheadlinesaboutdatabreachesunderscorethefactthatpasswordsareeasy toguess,easytocrack,andeasytoextractfromemployeesviaphishingschemes. Thesoberingtruthisthatyou’revulnerableevenifyouimplementthestrongestdatabase protectionsandenforcerequirementsforcomplexpasswords.Why?Despiterecommendations tothecontrary,manyemployeesusethesamepasswordformultiplesites.Therefore,abreach toanotherorganization’spassworddatabasecanexposepasswordsthatyouremployees usetoaccessyoursystems.Cybercriminalsexploitedthisfacttostealcustomercreditcard informationfromamajorU.S.retaileraftersnaggingaccesscredentialsfromoneofthe retailer’scontractors.2 Similarly,hackerswereabletotemporarilytakeovertwosocialmedia accountsofFacebookfounderMarkZuckerbergafterbreachingathirdsocialmediasite’s passworddatabase.3 Eighty-two percent of all web attacks target user credentials. Many succeed: 63% of confirmed data breaches involve weak, default, or stolen passwords. Financial gain or espionage motivated 89% of breaches. VerizonDataBreachInvestigations Report(DBIR),2016 1 Verizon,2016DataBreachInvestigationsReport 2 http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened- because-of-a-basic-network-segmentation-error.html 3 http://www.nytimes.com/2016/06/07/technology/if-mark-zuckerberg-can-be-a-hacking-victim- so-can-you.html 1 synchronoss.com
Multi-factor Authentication Bolsters Security Multi-factor authenticationisexponentiallymoresecurethanpasswordsalone.Before accessingenterprisesystems,employeesandpartnersmustenteratleasttwocredentials: somethingtheyknow(passwordoranswertoaquestion), somethingtheyhave(one-time codefrom mobile app ortextmessage),orabiometric(typicallyafingerprint,voiceprint,or retinascan). Untilnow,strongersecuritycameattheexpenseofbudgetsandtheuserexperience.Multi- factorauthenticationmeantpayingupforhardwaretokensorsmartcards.Todayyoucanadopt multi-factorauthenticationaffordablyandwithoutcompromisingtheuserexperience.Follow thefiverecommendationsbelow. 1. FOCUS ON THE USER EXPERIENCE Giveusersachoiceofhowtoreceivetheirone-timepasscode—forexample,mobileapp, email,SMStextmessage,orautomatedcalltoaphonenumberonrecord.Aconvenientuser experienceencouragesadoption,whichacceleratesproductivitygainsfrommobilityandBYOD. Tousebiometricsasasecondorthirdfactor,considermobileapps.Biometricsappsarealready availableforscanningfingerprints,voices,faces,earprints,gestures,andretinas.Hands-free authenticationbasedonproximityrequiresevenlesseffortfromusers.Theworkstationverifies theuser’scredentialbyconnectingautomaticallytotheuser’smobiledevice.Topreventa criminalcarryingastolendevicefromgainingaccess,besuretosupplementproximity-based authenticationwithapassword. 2. TAKE ADVANTAGE OF CLOUD ECONOMICS AND SCALABILITY Thecloudmodelshiftscapitalexpenseforserversandsoftwaretoapredictableoperational expense.Youpayasyougo.Savingsinclude: • Noon-premisesinfrastructure(servers,storage,andnetworkresources). • Nomaintenancefeesandhardwareandsoftwareupgrades.Youalwayshaveaccesstothe latestfeatures. • Noadditionalcapitalexpendituresasyouaddusers. • Avoidanceofproductivitylosswhenon-premisessystemsgodown.Cloudservice providerscantakeadvantageofeconomiesofscaletoimplementhigh-availability architectures. OutsourcingtoacloudproviderwithexpertiseinauthenticationalsofreesuptimeforyourIT teamtofocusonthecorebusiness. Gartner projects that the number of identity and access management purchases involving authentication as a service will double from 20% in 2016 to 40% in 2020. MagicQuadrantforIdentityand AccessManagementasaService, June6,2016 2 synchronoss.com
NISTLevel 1 NISTLevel 2 NISTLevel 3 Usernameandpassword Secondfactor,suchasone-timecode Usernameandpassword Secondfactor Fullsocialsecuritynumberanddateof birth,checkedagainstpublicdatabases Responsetoacalloremailtothe phonenumberoremailaddress onrecord Usernameandpassword Secondfactor Fullsocialsecuritynumber,dateof birth,andfinancialdata,checked againstpublicdatabases Responsetoacalloremailtothe phonenumberoremailaddress onrecord OneormoreKnowledgeBased Assessmentquestions,suchas monthlymortgagepaymentor makeandmodelofcarin2012 3. BEFORE ISSUING CREDENTIALS, VERIFY THAT USERS ARE WHO THEY SAYTHEY ARE Beforehiringemployeesyouverifytheiridentitybyreviewingofficialdocumentssuchasdriver’s license,socialsecuritycard,orpassport.It’smorechallengingtoverifyoffsitepartners’and contractors’identitybeforeissuingcredentials.HowcanyouverifythatJohnSmithisreally theJohnSmithwhoworksforyouraccountingfirm—notsomeoneelsemasqueradingasJohn Smith,orevenabot?Verifyingtheidentitiesofthirdpartiesisimportantinallenterprises, andmandatedforcertaintypesofusers.Examplesincludehealthcareproviderswhouse e-prescribingsoftwareandfinancialservicescustomerswhoconducthigh-valuetransactions. TheU.S.NationalInstituteofScienceandTechnology(NIST)definesthreelevelsofidentity proofing(levelsofassurance)thatdonotrequireanin-personvisit(Table1).Lookforacloud providerthatoffersNISTLevel3identityproofingandisapprovedbyFederalIdentity, Credential,andAccessManagement(FICAM). Table 1 — Sample User Experience ForThree Levels of Identity Proofing 3 synchronoss.com
4. CHOOSE A CLOUD SERVICE THAT MEETS YOUR INDUSTRY’S SECURITY GUIDELINES Table2listscommonsecurityrequirementsforregulatedindustries.Tomeetthese requirements,cloudprovidersinvestindatacenters,technology,andprocessesthatcomply withgovernmentstandardssuchasNISTandFederalInformationProcessingStandards(FIPS) intheU.S.,andEUGeneralDataProtectionRegulationintheEU. Table 2 — Data Security Requirements by Industry INDUSTRY SAMPLE REQUIREMENTS Financial Services U.S.PaymentCardIndustry(PCI) U.S.Gramm-Leach-BlileyAct(GLBA) U.S.SecuritiesandExchangeCommission(SEC) U.S.FinancialIndustryRegulatoryAuthority(FINRA) U.S.FederalFinancialInstitutionsExaminationCouncil(FFIEC) U.K.tScheme EuropeanBankingAuthority(EBA) EuropeanSecuritiesandMarketsAuthority(ESMA) EuropeanInsuranceandOccupationalPensionsAuthority(EIOPA) BaselCommitteeonBankingSupervision(BCBS) Healthcare U.S.HealthInformationPortabilityandAccountabilityAct(HIPAA) U.S.HealthInformationTechnologyforEconomicandClinicalHealth(HITECH) FederalIdentity,CredentialandAccessManagement(FICAM) Life sciences U.S.FoodandDrugAdministration(FDA) EuropeanMedicinesAgency(EMA) GoodAutomatedManufacturingPractice5(GAMP5) All enterprises Corporatesecuritypolicies Sarbanes-OxleyAct(SOX) 4 synchronoss.com
5. DON’T FORGET PEOPLE AND PROCESS Eventhemostsophisticatedauthenticationtechnologycannotpreventbreachesresultingfrom usersleavingtheirpasswordsinplainvieworreusingtheirworkpasswordforotherservices. Requireemployeestoattendmandatorycybersecurityawarenesstrainingthatcovers: • Regulatorycompliance. • Creatingstrongpasswordsandkeepingthemsecure. • Recognizingphishingattacks.Somecompanieskeepemployees’skillssharpby periodicallysendingoutafakephishingemail.Employeeswhoclickthelinkaretaken toawebpageexplainingthatthelinkcouldhavebeenmalicious. • Understandingthevalueofmulti-factorauthenticationandusingyour organization’ssolution. ImplementsecureITpracticesinconjunctionwithemployeetraining.Besuretosegmentthe networktolimitriskifacybercriminaldoesgainaccessusingstolencredentials.Inaddition, monitorthenetworkfordatatransfersoutsidetheorganizationtoidentifyandmitigate vulnerabilities. Synchronoss Universal Identity, Authentication in the Cloud SynchronossUniversalIdentity(ID)isacloud-basedservicethatreducestheriskoftargeted attacks,credentialtheft,andidentifyfraudbyprovidingapowerfullayerofauthentication security.Whetheryouextendaccesstoemployees,partners,vendors,orcustomers, Synchronossreliablyverifiesuseridentitiesandensuresthatonlytherightpeoplegain accesstoyournetwork.Theresult:yourcompanyandyouruserscanconductbusinesssafely, confidently,andsecurely. SIMPLE GROWTH, LOW PER-USER COSTS Asacloudservice,SynchronossUniversalIDrequiresnoon-premiseshardwareorsoftware. There’snoupfrontcapitaloutlay,andyoualwayshaveaccesstothelatestfeaturesandsecurity enhancements.Helpdeskcostsarenominalbecauseuserscanresettheirownpasswords.The pay-as-you-gomodelmakesiteasyandaffordabletoaddnewemployeesandotherusersas yourbusinessexpands. In the 2016Verizon study, 92% of all phishing attacks aimed for passwords. The most effective phishing websites succeed 45% of the time in enticing visitors to enter information.4 VerizonDBIR,2016 4 http://services.google.com/fh/files/blogs/google_hijacking_study_2014.pdf 5 synchronoss.com
FAST ONBOARDING OF NEW USERS NewuserscanbeginusingSynchronossUniversalIDwithinminutestosecurelysignin. Theyvisit a self-serviceportaltosignup,downloadingasimpleapplication.Thecloudservice verifies their credentialstotheneededNISTlevel.Ifyouhavealreadyverifiedtheidentity ofsome or all of your users,youcanaddthemtothecloudservicewithoutrepeatingthe identityproofingprocess. WIDE CHOICE OF AUTHENTICATION OPTIONS Synchronossoffersmoremulti-factorauthenticationoptionsthananyothervendor.Asyour secondfactor,choosefromasoftwaretoken,aone-touchmobileapp,QRcodescanning,email, SMSmessage,IVRcall,andotheroptions. SIMPLIFIED COMPLIANCE Industry-specific securityregulationsevolvecontinually.Synchronossexpertsmanagethe complexities, eliminatingtheneedtopurchaseregulation-specificsoftwareandhiretalent todeploy and maintainit.We’vedesignedourdatacenters,technology,andprocessesto meetthe most stringentgovernmentstandardsandindustryregulations.TheU.S.Federal Government and the U.K.GovernmentselectedSynchronossUniversalIDforstrong authentication based onourscalableplatformandportfolioofsecuritystandards. TheSynchronossUniversalIDserviceis: • FICAMLevel3certified,thefirstcloudservicetoreceivethiscertification • FederalInformationSecurityManagementAct(FISMA)approved • FederalBridgeCertificationAuthority(FBCA)certified • NIST800-63-2and800-53compliant • FIPS199and140-2compliant • HIPAAcompliant • U.S.AccessBoardSection508compliant • EUGeneralDataProtectionRegulationcompliant ©Synchronoss,Inc.AllRightsReserved 1-0616 6 synchronoss.com
About Synchronoss REALIZE THE PROMISE OF ENTERPRISE MOBILITY Uncompromised productivityandsecurity.OurSecureMobilityPlatformmeetstoday’sneeds andcan help make tomorrow’spossibilitiesareality.Itisdesignedtoenhanceandcomplement existing mobility investments,soyougetabetterROI—andcanfinallyrealizethetruepower ofmobility. Synchronoss Enterprisedeliversrealmobilityforenterpriseswiththemoststringentsecurity requirements.The SecureMobilityPlatformenableshighlyregulatedbusinesstobuildtoward modernmobilityinawaythatcomplementsexistinginvestments. SynchronossEnterprise,inajointventurewithGoldmanSachsandVerizon, isextending deeper into the enterprisetobridgethegapandsolvetheinherentcomplexityassociatedwith mobilityandidentity. Since2000, we’ve providedcloudsolutionsandsoftware-basedactivationtocommunication service providers acrosstheglobe.CompaniessuchasAT&T,VerizonWireless,Comcast,Time Warner Cable, Apple, andMicrosofthaveusedourscalabletechnologysolutionstoallowtheir customers to connect, synchronize,andactivateconnecteddevicesandservicesthatpower theconnectedworld. Weknowmobility.Weknowsecurity.Wecanhelpyourorganizationdosecurebusiness,everywhere. Learn More To find out how you can reduce risk, strengthen security, and confidently extend network access to employees, partners and customers, visit www.synchronoss.com/identity. synchronoss.com ©Synchronoss,Inc.AllRightsReserved 1-0716 7

Recommended

Jon Cohn Exton PA - Healthcare - Enterprise Architecture
Jon Cohn Exton PA - Healthcare - Enterprise Architecture Jon Cohn Exton PA - Healthcare - Enterprise Architecture
Jon Cohn Exton PA - Healthcare - Enterprise Architecture Jon Cohn
 
Jon Cohn Exton PA - Next Gen Enterprise Information Technology
Jon Cohn Exton PA - Next Gen Enterprise Information TechnologyJon Cohn Exton PA - Next Gen Enterprise Information Technology
Jon Cohn Exton PA - Next Gen Enterprise Information TechnologyJon Cohn
 
Jon Cohn Exton PA - ERP Predictions
Jon Cohn Exton PA - ERP PredictionsJon Cohn Exton PA - ERP Predictions
Jon Cohn Exton PA - ERP PredictionsJon Cohn
 
Jon Cohn Exton PA - Rationalizing Application Portfolios
Jon Cohn Exton PA - Rationalizing Application PortfoliosJon Cohn Exton PA - Rationalizing Application Portfolios
Jon Cohn Exton PA - Rationalizing Application PortfoliosJon Cohn
 
The 2009 Global Outsourcing
The 2009 Global OutsourcingThe 2009 Global Outsourcing
The 2009 Global OutsourcingNair and Co.
 
How Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHow Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItFinance Network marcus evans
 
How Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHow Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHealthcare Network marcus evans
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 

Recommended

Jon Cohn Exton PA - Healthcare - Enterprise Architecture
Jon Cohn Exton PA - Healthcare - Enterprise Architecture Jon Cohn Exton PA - Healthcare - Enterprise Architecture
Jon Cohn Exton PA - Healthcare - Enterprise Architecture Jon Cohn
 
Jon Cohn Exton PA - Next Gen Enterprise Information Technology
Jon Cohn Exton PA - Next Gen Enterprise Information TechnologyJon Cohn Exton PA - Next Gen Enterprise Information Technology
Jon Cohn Exton PA - Next Gen Enterprise Information TechnologyJon Cohn
 
Jon Cohn Exton PA - ERP Predictions
Jon Cohn Exton PA - ERP PredictionsJon Cohn Exton PA - ERP Predictions
Jon Cohn Exton PA - ERP PredictionsJon Cohn
 
Jon Cohn Exton PA - Rationalizing Application Portfolios
Jon Cohn Exton PA - Rationalizing Application PortfoliosJon Cohn Exton PA - Rationalizing Application Portfolios
Jon Cohn Exton PA - Rationalizing Application PortfoliosJon Cohn
 
The 2009 Global Outsourcing
The 2009 Global OutsourcingThe 2009 Global Outsourcing
The 2009 Global OutsourcingNair and Co.
 
How Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHow Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItFinance Network marcus evans
 
How Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHow Data Security is Strangling Companies and What to Do About It
How Data Security is Strangling Companies and What to Do About ItHealthcare Network marcus evans
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...Star Link Communication Pvt Ltd
 
7 leading business trends 2024.pdf
7 leading business trends 2024.pdf7 leading business trends 2024.pdf
7 leading business trends 2024.pdfFoundr Magazine India
 
The 10 most trusted insurance tech solution providers September 2017
The 10 most trusted insurance tech solution providers September 2017The 10 most trusted insurance tech solution providers September 2017
The 10 most trusted insurance tech solution providers September 2017Insights success media and technology pvt ltd
 
Inv i defendbusiness_overview
Inv i defendbusiness_overviewInv i defendbusiness_overview
Inv i defendbusiness_overviewthewealthcoaches
 
Moodwire Company Brochure
Moodwire Company BrochureMoodwire Company Brochure
Moodwire Company BrochureErick Watson
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
DSS Newsletter v12
DSS Newsletter v12DSS Newsletter v12
DSS Newsletter v12Jennifer Todd
 
4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdf4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdfRD Global
 
StartupBridge India 2017
StartupBridge India 2017StartupBridge India 2017
StartupBridge India 2017Avinash Raghava
 
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020Merry D'souza
 
Technology is changing the face of safety
Technology is changing the face of safetyTechnology is changing the face of safety
Technology is changing the face of safetyAndrea Miller
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small BusinessesInstasafe1
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Belatrix Software
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItPeak 10
 
CroweHorwath
CroweHorwathCroweHorwath
CroweHorwathAndrew Bird
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT microlandland
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016DMI
 
Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?thatshareesman
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

More Related Content

Similar to WP Best Practices For Multi-Factor Authentication

Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...Star Link Communication Pvt Ltd
 
Inv i defendbusiness_overview
Inv i defendbusiness_overviewInv i defendbusiness_overview
Inv i defendbusiness_overviewthewealthcoaches
 
Moodwire Company Brochure
Moodwire Company BrochureMoodwire Company Brochure
Moodwire Company BrochureErick Watson
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdf4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdfRD Global
 
StartupBridge India 2017
StartupBridge India 2017StartupBridge India 2017
StartupBridge India 2017Avinash Raghava
 
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020Merry D'souza
 
Technology is changing the face of safety
Technology is changing the face of safetyTechnology is changing the face of safety
Technology is changing the face of safetyAndrea Miller
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small BusinessesInstasafe1
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Belatrix Software
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItPeak 10
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT microlandland
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016DMI
 
Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?thatshareesman
 

Similar to WP Best Practices For Multi-Factor Authentication (20)

Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...Automobile comapanies and institutions can boost safety and security with Bio...
Automobile comapanies and institutions can boost safety and security with Bio...
 
7 leading business trends 2024.pdf
7 leading business trends 2024.pdf7 leading business trends 2024.pdf
7 leading business trends 2024.pdf
 
The 10 most trusted insurance tech solution providers September 2017
The 10 most trusted insurance tech solution providers September 2017The 10 most trusted insurance tech solution providers September 2017
The 10 most trusted insurance tech solution providers September 2017
 
Inv i defendbusiness_overview
Inv i defendbusiness_overviewInv i defendbusiness_overview
Inv i defendbusiness_overview
 
Moodwire Company Brochure
Moodwire Company BrochureMoodwire Company Brochure
Moodwire Company Brochure
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
DSS Newsletter v12
DSS Newsletter v12DSS Newsletter v12
DSS Newsletter v12
 
4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdf4 Insurtech Digital Experience Trends to Expect in 2024.pdf
4 Insurtech Digital Experience Trends to Expect in 2024.pdf
 
StartupBridge India 2017
StartupBridge India 2017StartupBridge India 2017
StartupBridge India 2017
 
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
The 10 Most Influential Leaders in MedTech Companies 2020 September 2020
 
Technology is changing the face of safety
Technology is changing the face of safetyTechnology is changing the face of safety
Technology is changing the face of safety
 
_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses_7 Cybersecurity Tips for Small Businesses
_7 Cybersecurity Tips for Small Businesses
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
 
CroweHorwath
CroweHorwathCroweHorwath
CroweHorwath
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021
 
IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT IDC TECHNOLOGY SPOTLIGHT
IDC TECHNOLOGY SPOTLIGHT
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016
 
Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?Why data science training in Singapore is important for small businesses?
Why data science training in Singapore is important for small businesses?
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

WP Best Practices For Multi-Factor Authentication

  • 1. White Paper BESTPRACTICES FOR MULTI-FACTOR AUTHENTICATION HOWTO STRENGTHEN SECURITY, MINIMIZE COSTS AND SIMPLIFYTHE USER EXPERIENCE
  • 2. Introduction Securemobileaccesstoenterprisesystemsandinformationcreatesacompetitiveadvantage. Productivityriseswhenemployeescanworkfromanywhere,onanydevice.Employeesand partnersaremoreresponsivewhentheycanaccessyoursystemsfromoutsidethebuilding insteadofwaitinguntiltheycangettoyouroffices.Jobsatisfactiontendstoimprovewhen employersintroducebring-your-own-device(BYOD)polices. Today’sdisappearingnetworkboundariesmagnifytheimportanceofuserauthentication, especiallyinregulatedindustriessuchasfinancialservices,healthcare,pharmaceuticals,andlife sciences.Weakauthenticationpracticescanleadtolossofintellectualproperty,branddamage, publicrelationsdebacles,revenuelossfromsystemoutages,andfinesforcomplianceviolations. The Problem with P@55word5 Theusername/passwordcombinationalonefailstoprotectenterpriseassets.Ina2016study ofmorethan64,000securityincidents,weakorstolenpasswordstoppedthelistofcauses.1 Frequentnewsheadlinesaboutdatabreachesunderscorethefactthatpasswordsareeasy toguess,easytocrack,andeasytoextractfromemployeesviaphishingschemes. Thesoberingtruthisthatyou’revulnerableevenifyouimplementthestrongestdatabase protectionsandenforcerequirementsforcomplexpasswords.Why?Despiterecommendations tothecontrary,manyemployeesusethesamepasswordformultiplesites.Therefore,abreach toanotherorganization’spassworddatabasecanexposepasswordsthatyouremployees usetoaccessyoursystems.Cybercriminalsexploitedthisfacttostealcustomercreditcard informationfromamajorU.S.retaileraftersnaggingaccesscredentialsfromoneofthe retailer’scontractors.2 Similarly,hackerswereabletotemporarilytakeovertwosocialmedia accountsofFacebookfounderMarkZuckerbergafterbreachingathirdsocialmediasite’s passworddatabase.3 Eighty-two percent of all web attacks target user credentials. Many succeed: 63% of confirmed data breaches involve weak, default, or stolen passwords. Financial gain or espionage motivated 89% of breaches. VerizonDataBreachInvestigations Report(DBIR),2016 1 Verizon,2016DataBreachInvestigationsReport 2 http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened- because-of-a-basic-network-segmentation-error.html 3 http://www.nytimes.com/2016/06/07/technology/if-mark-zuckerberg-can-be-a-hacking-victim- so-can-you.html 1 synchronoss.com
  • 3. Multi-factor Authentication Bolsters Security Multi-factor authenticationisexponentiallymoresecurethanpasswordsalone.Before accessingenterprisesystems,employeesandpartnersmustenteratleasttwocredentials: somethingtheyknow(passwordoranswertoaquestion), somethingtheyhave(one-time codefrom mobile app ortextmessage),orabiometric(typicallyafingerprint,voiceprint,or retinascan). Untilnow,strongersecuritycameattheexpenseofbudgetsandtheuserexperience.Multi- factorauthenticationmeantpayingupforhardwaretokensorsmartcards.Todayyoucanadopt multi-factorauthenticationaffordablyandwithoutcompromisingtheuserexperience.Follow thefiverecommendationsbelow. 1. FOCUS ON THE USER EXPERIENCE Giveusersachoiceofhowtoreceivetheirone-timepasscode—forexample,mobileapp, email,SMStextmessage,orautomatedcalltoaphonenumberonrecord.Aconvenientuser experienceencouragesadoption,whichacceleratesproductivitygainsfrommobilityandBYOD. Tousebiometricsasasecondorthirdfactor,considermobileapps.Biometricsappsarealready availableforscanningfingerprints,voices,faces,earprints,gestures,andretinas.Hands-free authenticationbasedonproximityrequiresevenlesseffortfromusers.Theworkstationverifies theuser’scredentialbyconnectingautomaticallytotheuser’smobiledevice.Topreventa criminalcarryingastolendevicefromgainingaccess,besuretosupplementproximity-based authenticationwithapassword. 2. TAKE ADVANTAGE OF CLOUD ECONOMICS AND SCALABILITY Thecloudmodelshiftscapitalexpenseforserversandsoftwaretoapredictableoperational expense.Youpayasyougo.Savingsinclude: • Noon-premisesinfrastructure(servers,storage,andnetworkresources). • Nomaintenancefeesandhardwareandsoftwareupgrades.Youalwayshaveaccesstothe latestfeatures. • Noadditionalcapitalexpendituresasyouaddusers. • Avoidanceofproductivitylosswhenon-premisessystemsgodown.Cloudservice providerscantakeadvantageofeconomiesofscaletoimplementhigh-availability architectures. OutsourcingtoacloudproviderwithexpertiseinauthenticationalsofreesuptimeforyourIT teamtofocusonthecorebusiness. Gartner projects that the number of identity and access management purchases involving authentication as a service will double from 20% in 2016 to 40% in 2020. MagicQuadrantforIdentityand AccessManagementasaService, June6,2016 2 synchronoss.com
  • 4. NISTLevel 1 NISTLevel 2 NISTLevel 3 Usernameandpassword Secondfactor,suchasone-timecode Usernameandpassword Secondfactor Fullsocialsecuritynumberanddateof birth,checkedagainstpublicdatabases Responsetoacalloremailtothe phonenumberoremailaddress onrecord Usernameandpassword Secondfactor Fullsocialsecuritynumber,dateof birth,andfinancialdata,checked againstpublicdatabases Responsetoacalloremailtothe phonenumberoremailaddress onrecord OneormoreKnowledgeBased Assessmentquestions,suchas monthlymortgagepaymentor makeandmodelofcarin2012 3. BEFORE ISSUING CREDENTIALS, VERIFY THAT USERS ARE WHO THEY SAYTHEY ARE Beforehiringemployeesyouverifytheiridentitybyreviewingofficialdocumentssuchasdriver’s license,socialsecuritycard,orpassport.It’smorechallengingtoverifyoffsitepartners’and contractors’identitybeforeissuingcredentials.HowcanyouverifythatJohnSmithisreally theJohnSmithwhoworksforyouraccountingfirm—notsomeoneelsemasqueradingasJohn Smith,orevenabot?Verifyingtheidentitiesofthirdpartiesisimportantinallenterprises, andmandatedforcertaintypesofusers.Examplesincludehealthcareproviderswhouse e-prescribingsoftwareandfinancialservicescustomerswhoconducthigh-valuetransactions. TheU.S.NationalInstituteofScienceandTechnology(NIST)definesthreelevelsofidentity proofing(levelsofassurance)thatdonotrequireanin-personvisit(Table1).Lookforacloud providerthatoffersNISTLevel3identityproofingandisapprovedbyFederalIdentity, Credential,andAccessManagement(FICAM). Table 1 — Sample User Experience ForThree Levels of Identity Proofing 3 synchronoss.com
  • 5. 4. CHOOSE A CLOUD SERVICE THAT MEETS YOUR INDUSTRY’S SECURITY GUIDELINES Table2listscommonsecurityrequirementsforregulatedindustries.Tomeetthese requirements,cloudprovidersinvestindatacenters,technology,andprocessesthatcomply withgovernmentstandardssuchasNISTandFederalInformationProcessingStandards(FIPS) intheU.S.,andEUGeneralDataProtectionRegulationintheEU. Table 2 — Data Security Requirements by Industry INDUSTRY SAMPLE REQUIREMENTS Financial Services U.S.PaymentCardIndustry(PCI) U.S.Gramm-Leach-BlileyAct(GLBA) U.S.SecuritiesandExchangeCommission(SEC) U.S.FinancialIndustryRegulatoryAuthority(FINRA) U.S.FederalFinancialInstitutionsExaminationCouncil(FFIEC) U.K.tScheme EuropeanBankingAuthority(EBA) EuropeanSecuritiesandMarketsAuthority(ESMA) EuropeanInsuranceandOccupationalPensionsAuthority(EIOPA) BaselCommitteeonBankingSupervision(BCBS) Healthcare U.S.HealthInformationPortabilityandAccountabilityAct(HIPAA) U.S.HealthInformationTechnologyforEconomicandClinicalHealth(HITECH) FederalIdentity,CredentialandAccessManagement(FICAM) Life sciences U.S.FoodandDrugAdministration(FDA) EuropeanMedicinesAgency(EMA) GoodAutomatedManufacturingPractice5(GAMP5) All enterprises Corporatesecuritypolicies Sarbanes-OxleyAct(SOX) 4 synchronoss.com
  • 6. 5. DON’T FORGET PEOPLE AND PROCESS Eventhemostsophisticatedauthenticationtechnologycannotpreventbreachesresultingfrom usersleavingtheirpasswordsinplainvieworreusingtheirworkpasswordforotherservices. Requireemployeestoattendmandatorycybersecurityawarenesstrainingthatcovers: • Regulatorycompliance. • Creatingstrongpasswordsandkeepingthemsecure. • Recognizingphishingattacks.Somecompanieskeepemployees’skillssharpby periodicallysendingoutafakephishingemail.Employeeswhoclickthelinkaretaken toawebpageexplainingthatthelinkcouldhavebeenmalicious. • Understandingthevalueofmulti-factorauthenticationandusingyour organization’ssolution. ImplementsecureITpracticesinconjunctionwithemployeetraining.Besuretosegmentthe networktolimitriskifacybercriminaldoesgainaccessusingstolencredentials.Inaddition, monitorthenetworkfordatatransfersoutsidetheorganizationtoidentifyandmitigate vulnerabilities. Synchronoss Universal Identity, Authentication in the Cloud SynchronossUniversalIdentity(ID)isacloud-basedservicethatreducestheriskoftargeted attacks,credentialtheft,andidentifyfraudbyprovidingapowerfullayerofauthentication security.Whetheryouextendaccesstoemployees,partners,vendors,orcustomers, Synchronossreliablyverifiesuseridentitiesandensuresthatonlytherightpeoplegain accesstoyournetwork.Theresult:yourcompanyandyouruserscanconductbusinesssafely, confidently,andsecurely. SIMPLE GROWTH, LOW PER-USER COSTS Asacloudservice,SynchronossUniversalIDrequiresnoon-premiseshardwareorsoftware. There’snoupfrontcapitaloutlay,andyoualwayshaveaccesstothelatestfeaturesandsecurity enhancements.Helpdeskcostsarenominalbecauseuserscanresettheirownpasswords.The pay-as-you-gomodelmakesiteasyandaffordabletoaddnewemployeesandotherusersas yourbusinessexpands. In the 2016Verizon study, 92% of all phishing attacks aimed for passwords. The most effective phishing websites succeed 45% of the time in enticing visitors to enter information.4 VerizonDBIR,2016 4 http://services.google.com/fh/files/blogs/google_hijacking_study_2014.pdf 5 synchronoss.com
  • 7. FAST ONBOARDING OF NEW USERS NewuserscanbeginusingSynchronossUniversalIDwithinminutestosecurelysignin. Theyvisit a self-serviceportaltosignup,downloadingasimpleapplication.Thecloudservice verifies their credentialstotheneededNISTlevel.Ifyouhavealreadyverifiedtheidentity ofsome or all of your users,youcanaddthemtothecloudservicewithoutrepeatingthe identityproofingprocess. WIDE CHOICE OF AUTHENTICATION OPTIONS Synchronossoffersmoremulti-factorauthenticationoptionsthananyothervendor.Asyour secondfactor,choosefromasoftwaretoken,aone-touchmobileapp,QRcodescanning,email, SMSmessage,IVRcall,andotheroptions. SIMPLIFIED COMPLIANCE Industry-specific securityregulationsevolvecontinually.Synchronossexpertsmanagethe complexities, eliminatingtheneedtopurchaseregulation-specificsoftwareandhiretalent todeploy and maintainit.We’vedesignedourdatacenters,technology,andprocessesto meetthe most stringentgovernmentstandardsandindustryregulations.TheU.S.Federal Government and the U.K.GovernmentselectedSynchronossUniversalIDforstrong authentication based onourscalableplatformandportfolioofsecuritystandards. TheSynchronossUniversalIDserviceis: • FICAMLevel3certified,thefirstcloudservicetoreceivethiscertification • FederalInformationSecurityManagementAct(FISMA)approved • FederalBridgeCertificationAuthority(FBCA)certified • NIST800-63-2and800-53compliant • FIPS199and140-2compliant • HIPAAcompliant • U.S.AccessBoardSection508compliant • EUGeneralDataProtectionRegulationcompliant ©Synchronoss,Inc.AllRightsReserved 1-0616 6 synchronoss.com
  • 8. About Synchronoss REALIZE THE PROMISE OF ENTERPRISE MOBILITY Uncompromised productivityandsecurity.OurSecureMobilityPlatformmeetstoday’sneeds andcan help make tomorrow’spossibilitiesareality.Itisdesignedtoenhanceandcomplement existing mobility investments,soyougetabetterROI—andcanfinallyrealizethetruepower ofmobility. Synchronoss Enterprisedeliversrealmobilityforenterpriseswiththemoststringentsecurity requirements.The SecureMobilityPlatformenableshighlyregulatedbusinesstobuildtoward modernmobilityinawaythatcomplementsexistinginvestments. SynchronossEnterprise,inajointventurewithGoldmanSachsandVerizon, isextending deeper into the enterprisetobridgethegapandsolvetheinherentcomplexityassociatedwith mobilityandidentity. Since2000, we’ve providedcloudsolutionsandsoftware-basedactivationtocommunication service providers acrosstheglobe.CompaniessuchasAT&T,VerizonWireless,Comcast,Time Warner Cable, Apple, andMicrosofthaveusedourscalabletechnologysolutionstoallowtheir customers to connect, synchronize,andactivateconnecteddevicesandservicesthatpower theconnectedworld. Weknowmobility.Weknowsecurity.Wecanhelpyourorganizationdosecurebusiness,everywhere. Learn More To find out how you can reduce risk, strengthen security, and confidently extend network access to employees, partners and customers, visit www.synchronoss.com/identity. synchronoss.com ©Synchronoss,Inc.AllRightsReserved 1-0716 7