SlideShare a Scribd company logo

Strong authentication implementation guide

Nis
Nis

Secure and convenient strong authentication to protect identities and access to IT infrastructures is a key factor in the future of enterprise security. In the banking sector alone, Gemalto has contributed to large scale authentication rollouts for more than 3,000 financial institutions worldwide, with 50 million authentication devices delivered directly to our clients’ customers. Through our knowledge and experience as the global leader in digital security, we have identified key steps to successfully implement strong authentication in your organization. The steps are presented in this guide.

Technology
1 of 16
Download to read offline
Strong Authentication Implementation Guide
Introduction Secure and convenient strong authentication to protect identities and access to IT infrastructures is a key factor in the future of enterprise security. In the banking sector alone, Gemalto has contributed to large scale authentication rollouts for more than 3,000 financial institutions worldwide, with 50 million authentication devices delivered directly to our clients’ customers. Through our knowledge and experience as the global leader in digital security, we have identified key steps to successfully implement strong authentication in your organization. The steps are presented in this guide.
IT security risks are changing and increasing in complexity. Are you keeping pace? Recently the news has been filled with story upon story of security leaks and breaches. >> Dubbed the Internet’s worst nightmare, the Heartbleed bug exposed a vulnerability in OpenSSL that provided hackers the opportunity to steal passwords, credit card data or Social Security numbers from two-thirds of all websites >> The most successful one-day cyber attack against a government was the Columbian Independence Day Attack on July 20th, 2013. Web application and network DDoS attacks managed to completely shut down most government websites for the entire day. >> Retailers were hit hard in 2013, with Target and Neiman Marcus taking the hardest hits with 110M and 1.1M customers affected respectively. >> Healthcare suffered the highest number of attacks by any industry in 2013, over taking the business sector for the first time in almost 10 years. Healthcare had 267 breaches—43% of all attacks. >> Intensive and protracted DDoS attacks staged in waves were the cause of the longest and the largest cyber attack in history. The target? US financial institutions. >> Social network sites Twitter, Instagram, Snapchat, Skype, Facebook, Yahoo, LinkedIn, and Evernote, have all been hacked in recent years, amounting to millions of stolen user accounts. Understand the risks #1 Step 1 Increase in the number of data breaches from 2012-2013 Symantec 2014 Internet Security Threat Report, Volume 19 62%
The password problem Humans aren’t wired to remember passwords, hence why we see laughably weak passwords such as “123456” in use today. If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. The reason for the increase is that the threatscape has changed dramatically in recent years. Hackers are increasingly able to penetrate endpoints and download Trojans, keyloggers and other malware onto endpoint PCs or laptops to steal login passwords. Here are some of the reasons why they are winning the endpoint security fight: >> Hackers change malware so frequently that signature-based endpoint defenses like anti-virus software can't stop them, so basically every day is zero day. >> Command and control toolkits like ZeuS and SpyEye make it easier for hackers to manage zombie botnets and mount attacks. >> Hackers target high-value companies with many combined attacks over time, so called Advanced Persistent Threat (APT) attacks. In looking at the individual cases, over-reliance on password authentication is a common problem that enables cyber criminals to penetrate networks. If anyone who has access to your network is attacked, hackers can steal passwords and get a toehold in an IT infrastructure. From there, they expand to more valuable targets, such as system administrators, eventually creating their own system management accounts. If password-only authentication is allowed, even for system administrators, hackers can create new accounts or access and copy any file they choose. Understanding the threat should raise real questions about your security strategy: >> Is your security dependent on passwords? >> Do you need stronger security for network access? >> Are you relying on signature-based anti-virus software, leaving you vulnerable? >> Does your security depend on every employee, and perhaps their family members, never falling for a well-crafted phishing attack?
Strong, or multi-factor authentication is defined as authentication that uses two or more different forms of identity verification. An example of true multi-factor authentication could be where a user is required to insert his or her smart card (something they have) into a reader, and then must enter a PIN or passphrase (something they know) in order to unlock their credentials and access a secure network. If they have also have to place their fingertip (something they are) on a biometric fingerprint reader, this would add a third factor of verification. Each level of identity verification adds a further layer of protection. Implementing strong authentication provides a simple and cost effective way to: >> Mitigate the threat of impersonation for sensitive accounts >> Enable secure remote access for mobile workers >> Increase convenience by removing the need for complex and costly password policies >> Lower password maintenance costs >> Build the foundation of a comprehensive Identity Management Roadmap. Strong authentication technology significantly strengthens the fabric of the layered security because it adds “something you have” to the authentication process. A hacker who steals passwords or attempts to create his own admin accounts will be blocked by the strong authentication device associated to the identity he wants to use. When well-engineered, the second factor of authentication can be virtually impossible to duplicate. Examine how strong authentication can strengthen layered security #2 Step 2 OF BREACHES ARE COMMITTED BY OUTSIDERS VERIZON REPORT, 2013 OF BREACHES IN 2013 COULD HAVE BEEN AVOIDED WITH BASIC SECURITY CONTROLS OPEN TRUST ALLIANCE, 2014 92% 89% 76% OF NETWORK INTRUSIONS EXPLOITED WEAK OR STOLEN CREDENTIALS VERIZON REPORT, 2013
Many leading information technology organizations recommend strong authentication solutions as an element of a strong IT infrastructure. For example, Microsoft’s Core Infrastructure Optimization (IO) model is a structured process that helps organizations better understand and strive for a more secure, well-managed, and dynamic core infrastructure that will help reduce overall IT costs, make better use of IT resources, and make IT a strategic asset for the business. As part of its Identity & Security Management discussion, Microsoft says, “How much does it cost every time a user calls a help desk to ask for his or her password to be reset? This issue has plagued the IT world for decades, and the most common solution leads to more security breaches than any other single security issue.” Among other things, this model defines strong authentication, PKI certificates and smart cards as important attributes of a well-managed identity infrastructure using Microsoft’s Forefront Identity Manager. Specifically, it recommends credential management that: >> Enables users to reset their own passwords through both the Windows logon and the Forefront Identity Manager password-reset portal, which lowers help desk costs. >> Provides effective implementation of strong authentication with integrated smart card and certificate management. >> Increases access security beyond username and password solutions. >> Simplifies certificate and smartcard management using Forefront Identity Manager. >> Enhances remote access security through certificates with Network Access Protection. >> Includes stronger authentication through certificates for administrative access and management. >> Controls help desk costs by enabling end users to manage certain parts of their own identities. >> Improves security and compliance with minimal errors, while managing multiple identities and passwords A second organization that recommends strong authentication and PKI certificate-based smart cards for higher levels of trust in identities is the U.S. National Institute of Standards and Technology (NIST). In response to Homeland Security Presidential Directive 12 (HSPD -12), which called for one very secure identity management and security credential across the entire U.S. federal government, NIST has worked out a framework for strong authentication and defined different levels of identity assurance. This body of work underlies the U.S. federal government’s own secure identity credential, the Personal Identity Verification (PIV) card, issued to all federal employees and subcontractors. The standard defines four Assurance Levels ranging in confidence level from low to very high. The level of assurance is measured by the strength and rigor of the identity proofing process, the credential’s strength and the management processes the service provider applies to it. PKI certificate-based smart cards are Level 3 (high) and the same level as the PIV cards and the Department of Defense’s equivalent, the Common Access Card (CAC). SUPPORTING DOCUMENTS >> Special Publication 800-63, Electronic Authentication Guideline >> Federal Information Processing Standards Publication 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors >> Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
Consider your users' needs #3 Step 3 When evaluating the best way to move forward with implementing strong authentication, start by analyzing who you need to protect and what activities need to be protected. For example, not everyone in a company will need the same level of access to critical business information. For a remote salesperson, access to their email and CRM may be all they need. For an executive traveling, the access requirements are much broader, and the information being accessed will most likely have a higher degree of sensitivity. This is where a layered approach provides the right protection for the right business need. Enabling a mobile workforce to gain secure access to corporate resources can provide a competitive advantage allowing a quicker response to customer questions or sales proposals, or improve employee productivity and customer service, as examples. But while mobility can increase productivity, it also introduces a significant security risk. With numerous potential entry points into the network, the new challenge for IT security professionals is balancing security with convenience. Today, there are several tools available to IT security professionals to secure remote connectivity. VPN, access control gateways and intrusion prevention systems all play a role in ensuring only the right people have access to corporate data. But with the sophistication of these access control systems, in most cases the primary identity verification method is still a basic username and password. This is similar to purchasing a Ferrari and installing skeleton key locks on the doors. The two simply do not line up. Even with the sophistication of heuristics, access control list, data flow analysis, etc., an intruder can easily access the network undetected if they are logging in using legitimate credentials. To mitigate this, companies have implemented increasingly complex password schemes and forced users to change their passwords every 30- 90 days. While this makes it more difficult to guess a user’s password, the result has been more user lockouts and password resets through the help desk—with every call costing the company time and money. Implementing strong authentication makes life easier for employees, by removing the requirement to remember many different and frequently changing complex passwords. Another distinct class of users is C-level executives and senior managers involved in sensitive topics like mergers and acquisitions, corporate earnings forecasts and not-yet-disclosed investor releases. Requirements for this group can include: >> Secure email encryption/decryption. >> Digital signature of electronic documents. >> Strong authentication for hard disk encryption. >> Multi-factor desktop and remote access. Similarly, system administrators not only have unique needs, but this group should be among the first of individuals required to use strong authentication in any organization. Hackers strive to work their way through an organization and get to a system administrator’s account, and then set themselves up with their own admin account. At that point they can do virtually anything they want within the system or network. To stop this from happening, require strong authentication for all of your system admins before they can have access to make certain types of changes, such as creating new system admin accounts. There are many other examples, but the key is to look at all of the use cases in your organization. This will prepare you to look for technology solutions that can address all of the different requirements.
Build on what you already have #4 Step 4 as a hosted service, for example, and it is still easily integrated with the existing infrastructure. You may have deployed other security devices, so a requirement may be for these legacy devices to co-exist during a transition period. If you are in the process of phasing out one vendor and moving to Gemalto, the Gemalto OTP solution can co-exist with your other authentication provider. You need to carefully examine the applications you want to use with your strong authentication implementation. Many common programs, such as Microsoft Windows, Microsoft Office, Adobe Reader and Citrix Presentation Manager, natively support Gemalto strong authentication. Gemalto also provides an open API to enable easy integration with existing applications and IDConfirm. As you plan a strong authentication implementation, you must examine how it can fit into your current IT and security infrastructure. Fortunately, Gemalto has partnered with leading IT vendors such as Microsoft, Citrix, Adobe and many others to make this step easy. On the backend, Gemalto makes it simple to install its IDConfirm Authentication Server. It can be installed on an existing infrastructure in less than 10 minutes for initial configuration. The server works with leading identity store providers such as Microsoft Active Directory and can quickly sync between IDConfirm and existing user information for OTP seed provisioning, for example. An alternative for the backend is to use hosted services, which simplifies and speeds up the implementation and lowers up-front capital costs. Gemalto offers IDConfirm
Get flexible technology #5 Step 5 Not all users are created equal. As mentioned before, there are different roles within each company requiring different access privileges. Simply put, implementing strong authentication should not be one size fits all. Gemalto has a full portfolio of strong authentication options so you can implement the right technology to address each specific business need. Solutions range from one-time password (OTP) technology to full certificate-based identity solution enabling data encryption and digital signature. TECHNOLOGY CONSIDERATIONS As you examine technology options, consider these as requirements: >> Offer a wide portfolio of strong authentication solutions, from OTP to PKI certificate-based. This allows you to choose the level of protection that best fits the needs of your organization. >> Offer a variety of different form factors, including ID credentials, unconnected OTP devices, dual unconnected/connected USB tokens and mobile solutons. >> Support open industry standards when available (e.g., OATH for OTP). >> Offer a server platform to facilitate implementation. >> Provide a versatile authentication platform that supports a full range of devices and technologies. >> Capability to set and enforce risk-based authentication policies that raise the level of security required for certain types of higher risk logins and deny or scale back access privileges. >> Availability of cloud-based outsourced device provisioning. >> Solutions for securing cloud computing and mobile workforces.
One-time password (OTP) is a good first step in securing your network, especially when granting access to remote users. OTP provides an additional layer of security to username and password. The user simply enters a username and the numeric code provided by the OTP device. The authentication server validates the code, and access is granted to appropriate network resources. This increases the security of the login process by ensuring the person accessing the network is in possession of two factors of identity verification. In this case, the OTP device and a username and potentially a password. This means that someone cannot simply find a password written down or obtain credentials through social engineering. They actually need to have the OTP device and the right code in conjunction with the user’s other information. There are two other important benefits to IT teams that implement OTP-based security: >> OTP solves VPN headaches by eliminating the need for a VPN client, replacing it with OTP Windows logon >> It allows employees to use their mobile phones— something they already have—for OTP. Mobile OTP also enables organizations to have full ownership of their key management through self- provisioning using recognized methods such as the IETF reference standards for Open Authentication Organization (OATH) key provisioning. This means that there are no dependencies on the vendor maintaining the confidentiality of the keying material. The phone also enables PIN validation by the user during the OTP authentication process, further increasing security and identity verification. Start fast with one-time password #6 Step 6
While OTP authentication for network access is a significant step-up from user name and password, certificate-based authentication raises the bar even further. As discussed earlier, leading reference frameworks such as Microsoft’s Core IO and the federal government’s authentication guidelines and FIPS 201 standard, recommend credentials and processes based on PKI certificates and smart cards for high levels of security and identity assurance. With a solid identity foundation that includes consolidated ID repository, good data sources and a mature ID provisioning system, deploying certificate- based authentication is easy and can be done at a minimal cost. Gemalto’s Protiva smart card-based solutions leverage public key infrastructure (PKI) to provide certificate- based strong authentication. This ensures two-factors of authentication by leveraging the smart card product (card or token) for something you have, combined with Move up to PKI certificate-based identities #7 Step 7a user selected PIN for something you know to provide two factors of authentication. With proper security controls in place to verify the identity of the user before smart card issuance and certificate provisioning, you can be assured that only the legitimate user is the one accessing the corporate network and sensitive data. Once a certificate-based identity solution has been deployed; there are several additional security features that can be added. Some of the notable features include: >> File encryption – The problem of securing the Data-at-Rest (DAR) has been resolved, and hard drive encryption is the solution. While OTP increases network access security, it brings little value to hard drive encryption; however, certificate-based smart card security can be used together with disk encryption systems to provide multi-factor authentication for decrypting sensitive files or hard drives. >> Email encryption – Ensure the security of sensitive information through email. Leveraging the cryptographic process within the smart card deployment, email is encrypted and can only be decrypted by the intended recipient – keeping your email safe from unwanted eyes. >> Digital signature – Using the Internet for business processes is cheaper and faster, but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital Signatures created using Protiva smart card devices with PKI can securely authenticate virtual documents saving both time and money. >> Mutual authentication – As hosted applications become more prevalent, there is a need for stronger controls both from the system to authenticate the user and also the user being able to authenticate into the system. This provides an additional layer of security to ensure information exchanged online is secure, and the user is interacting only with the legitimate application. Implementing PKI certificate-based smart cards brings your IT infrastructure in line with the high levels of e-authentication security recommended by security specialists at Microsoft and NIST. RISK APPROPRIATE AUTHENTICATION >> Not all users are created equal. Each user accessing the network has a set of requirements based on job function and access needs. When implementing strong security controls, user needs and the ability of IT security to support these needs will require a flexible security solution to meet these varied user profiles.
There are three options when deploying a certificate- based identity solution: .NET, minidriver enabled (MD), or PIV. Each solution provides a high level of assurance of the identity of the user attempting to gain logical access to the network. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. .NET and MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a.NET or MD certificate-based authentication solution is virtually plug and play.NET & MD are also compatible with MAC OS and Linux environments. Adding biometric functionality adds a further level of security with the addition of fingerprint match-on-card user verification. This functionality is supported by Windows Biometric Framework. Additionally, MD smart cards exists with a certification according to US regulations (FIPS 140-2 Level 3) or European regulations (CC EAL5+ / PP SSCD). MD smart cards can also be manufactured as dual interface and are compatible with the NFC interface present on many smartphones and tablets. As reflected by the FIPS 201 certification, PIV smart cards fully conform to the solution selected by the U.S. Department of Defense. This is the identity card base for both the Common Access Card (CAC) used by millions of military personnel and the Personal Identity Verification (PIV) identity credential used by non-military federal agencies. Choose the most appropriate certificate-based solution #8 Step 8 CHOOSING A SOLUTON >> If your main goal is an optimized integration with Microsoft infrastructure, plus compatibility with other operating systems, you should strongly consider NET cards. >> If, on top of this integration capability, you need a certification to signature regulations (CC or FIPS) and/or a compatibility with the NFC interface of mobile devices, a minidriver-enabled (MD) smart card, certified and/or dual interface is the right choice. >> If interoperability with the US government is an important factor, the PIV (PIV – Interoperable) is a better choice..
A fast way to get started is to use a technology provider that offers a combination of supporting security partner specialists and Web-based services. Gemalto has strong security channel partners worldwide to help you plan and implement your strong authentication solutions. If you think Web services can help simplify and accelerate deployment in your large enterprise, consider requiring these of your technology provider: >> Complete fulfillment service Why maintain a stock of OTP tokens? Gemalto can provide complete OTP fulfillment including order handling, packaging, shipping, tracking and provisioning the OTP hardware device (token or display card). To get started quickly, use cloud- based services and channel partners #9 Step 9 For the mobile OTP app, Gemalto provides a portal for redirection to the appropriate app store based upon the user’s smart phone device (i.e., redirected to Apple app store for iPhone app download). >> No batch fulfillment requirement Gemalto will ship an individual hardware OTP device to an individual end user or provides the option to ship in batches to a central distribution point. >> Web store option Gemalto can create a custom web store for your users to order their OTP device and provide shipping information. For cost allocation, each device or batches of devices could be purchased through the web store attributing the cost to the specific group or cost center associated with the user. >> Automated seeding process By syncing with an existing identity store, IDConfirm simply links an OTP seed with the user account. This allows the user to self-activate once they have received their OTP device or downloaded the mobile OTP app.
Consider the importance of mobile #10 Step 10 Mobile phones have become ubiquitous, and smart phones continue to gain significant momentum especially in developed countries. This has introduced an interesting option for OTP technology – leverage the mobile device as an OTP token. There are two ways that this can take place. The first is to use the short message service (SMS) capability within every mobile device. The user requests an OTP when logging in to a specific resource and receives one back from the network. The second option is to have an app that can be used on a smart phone. When a user is required to enter an OTP for strong authentication, he or she simply launches the app which generates an OTP eliminating the need for an additional hardware device. Gemalto also has one-touch user authentication, which once the user receives the OTP from the app, they simply push send passcode. No need to physically enter the OTP. Another option is to use a smart card ID with a mobile device. The mobile must be connected to a special reader device with either a cable, as a sleeve around the mobile device, or via Bluetooth wireless technologies. The NFC interface, when available on the mobile, can also be used with dual interface cards. The future of mobile security: The Secure Element As the mobile industry advances and standards mature, more security options are becoming available to store digital ID credentials directly in a hardware-based «Secure Element» that is part of a smart phone or mobile tablet architecture. The Secure Element is based on smart card technology such as a SIM/UICC card, a MicroSD card or an embedded Secure Element chipset. In all these cases, the Secure Element is the key security factor that generates and stores cryptographic secrets and performs the associated algorithms needed for strong authentication and other digital security services.
GEMALTO.COM Learn more When the time is right, consider contacting Gemalto. Our Protiva family offers a full spectrum of strong authentication solutions, from OTP to PKI credentials in cards or tokens. Our Protiva IDConfirm server can fit simply into your infrastructure, and Gemalto gives you many options for deployment, from enabling your in-house management to cloud-based services for hosting of provisioning on-boarding. About Gemalto As the global leader in digital security. Gemalto solutions enable some of the world’s best known organizations to protect user identities and IT resources without compromising convenience or efficiency. We develop secure embedded software and secure products which we design and personalize. Our platforms and services manage these secure products, the confidential data they contain and the trusted end-user services they enable. Our innovations enable our clients to offer trusted and convenient digital services to billions of individuals. Gemalto thrives with the growing number of people using its solutions to interact with the digital and wireless world. Visit gemalto.com/identity Follow our blog at: blog.gemalto.com © Gemalto 2014. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. May, 2014 - CC

Recommended

Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet BankingChiheb Chebbi
 
Retail
Retail Retail
Retail CMR WORLD TECH
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce securityNaveed Ahmed Siddiqui
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersMark Gibson
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 

Recommended

Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet BankingChiheb Chebbi
 
Retail
Retail Retail
Retail CMR WORLD TECH
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce securityNaveed Ahmed Siddiqui
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersMark Gibson
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
Paper id 35201568
Paper id 35201568Paper id 35201568
Paper id 35201568IJRAT
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05BookStoreLib
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)Pace IT at Edmonds Community College
 
ambronite - Drinkable Supermeal
ambronite - Drinkable Supermealambronite - Drinkable Supermeal
ambronite - Drinkable SupermealBusiness Finland
 
Eevia
EeviaEevia
EeviaBusiness Finland
 

More Related Content

What's hot

Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Securitykailash shaw
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
Paper id 35201568
Paper id 35201568Paper id 35201568
Paper id 35201568IJRAT
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05BookStoreLib
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)Pace IT at Edmonds Community College
 

What's hot (20)

Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
 
Paper id 35201568
Paper id 35201568Paper id 35201568
Paper id 35201568
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
 

Viewers also liked

ambronite - Drinkable Supermeal
ambronite - Drinkable Supermealambronite - Drinkable Supermeal
ambronite - Drinkable SupermealBusiness Finland
 
Innovation for health promoting and functional food solutions
Innovation for health promoting and functional food solutionsInnovation for health promoting and functional food solutions
Innovation for health promoting and functional food solutionsBusiness Finland
 
Evira - safe food from finland to the world
Evira - safe food from finland to the worldEvira - safe food from finland to the world
Evira - safe food from finland to the worldBusiness Finland
 
New business opportunity - Nurses further training
New business opportunity - Nurses further trainingNew business opportunity - Nurses further training
New business opportunity - Nurses further trainingBusiness Finland
 
Lowering cholesterol with benecol innovations in Korea
Lowering cholesterol with benecol innovations in KoreaLowering cholesterol with benecol innovations in Korea
Lowering cholesterol with benecol innovations in KoreaBusiness Finland
 

Viewers also liked (6)

ambronite - Drinkable Supermeal
ambronite - Drinkable Supermealambronite - Drinkable Supermeal
ambronite - Drinkable Supermeal
 
Eevia
EeviaEevia
Eevia
 
Innovation for health promoting and functional food solutions
Innovation for health promoting and functional food solutionsInnovation for health promoting and functional food solutions
Innovation for health promoting and functional food solutions
 
Evira - safe food from finland to the world
Evira - safe food from finland to the worldEvira - safe food from finland to the world
Evira - safe food from finland to the world
 
New business opportunity - Nurses further training
New business opportunity - Nurses further trainingNew business opportunity - Nurses further training
New business opportunity - Nurses further training
 
Lowering cholesterol with benecol innovations in Korea
Lowering cholesterol with benecol innovations in KoreaLowering cholesterol with benecol innovations in Korea
Lowering cholesterol with benecol innovations in Korea
 

Similar to Strong authentication implementation guide

Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsITIO Innovex
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsUbisecure
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 

Similar to Strong authentication implementation guide (20)

Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online Transactions
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
120 i143
120 i143120 i143
120 i143
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
 

More from Nis

Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...
Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...
Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...Nis
 
Les utilisateurs privilégiés sécurisé : 5 recommandations !
Les utilisateurs privilégiés sécurisé : 5 recommandations !Les utilisateurs privilégiés sécurisé : 5 recommandations !
Les utilisateurs privilégiés sécurisé : 5 recommandations !Nis
 
Who is the privileged user
Who is the privileged userWho is the privileged user
Who is the privileged userNis
 
Exec protect armored office
Exec protect armored officeExec protect armored office
Exec protect armored officeNis
 
Guide de mise en oeuvre de l'authentification forte
Guide de mise en oeuvre de l'authentification forteGuide de mise en oeuvre de l'authentification forte
Guide de mise en oeuvre de l'authentification forteNis
 
Protiva ExecProtect Armored Office
Protiva ExecProtect Armored OfficeProtiva ExecProtect Armored Office
Protiva ExecProtect Armored OfficeNis
 
Sécuriser votre chaîne d'information dans Azure
Sécuriser votre chaîne d'information dans AzureSécuriser votre chaîne d'information dans Azure
Sécuriser votre chaîne d'information dans AzureNis
 

More from Nis (7)

Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...
Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...
Gestion des utilisateurs privilégiés - Contrôler les accès sans dégrader la s...
 
Les utilisateurs privilégiés sécurisé : 5 recommandations !
Les utilisateurs privilégiés sécurisé : 5 recommandations !Les utilisateurs privilégiés sécurisé : 5 recommandations !
Les utilisateurs privilégiés sécurisé : 5 recommandations !
 
Who is the privileged user
Who is the privileged userWho is the privileged user
Who is the privileged user
 
Exec protect armored office
Exec protect armored officeExec protect armored office
Exec protect armored office
 
Guide de mise en oeuvre de l'authentification forte
Guide de mise en oeuvre de l'authentification forteGuide de mise en oeuvre de l'authentification forte
Guide de mise en oeuvre de l'authentification forte
 
Protiva ExecProtect Armored Office
Protiva ExecProtect Armored OfficeProtiva ExecProtect Armored Office
Protiva ExecProtect Armored Office
 
Sécuriser votre chaîne d'information dans Azure
Sécuriser votre chaîne d'information dans AzureSécuriser votre chaîne d'information dans Azure
Sécuriser votre chaîne d'information dans Azure
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Strong authentication implementation guide

  • 2.
  • 3. Introduction Secure and convenient strong authentication to protect identities and access to IT infrastructures is a key factor in the future of enterprise security. In the banking sector alone, Gemalto has contributed to large scale authentication rollouts for more than 3,000 financial institutions worldwide, with 50 million authentication devices delivered directly to our clients’ customers. Through our knowledge and experience as the global leader in digital security, we have identified key steps to successfully implement strong authentication in your organization. The steps are presented in this guide.
  • 4. IT security risks are changing and increasing in complexity. Are you keeping pace? Recently the news has been filled with story upon story of security leaks and breaches. >> Dubbed the Internet’s worst nightmare, the Heartbleed bug exposed a vulnerability in OpenSSL that provided hackers the opportunity to steal passwords, credit card data or Social Security numbers from two-thirds of all websites >> The most successful one-day cyber attack against a government was the Columbian Independence Day Attack on July 20th, 2013. Web application and network DDoS attacks managed to completely shut down most government websites for the entire day. >> Retailers were hit hard in 2013, with Target and Neiman Marcus taking the hardest hits with 110M and 1.1M customers affected respectively. >> Healthcare suffered the highest number of attacks by any industry in 2013, over taking the business sector for the first time in almost 10 years. Healthcare had 267 breaches—43% of all attacks. >> Intensive and protracted DDoS attacks staged in waves were the cause of the longest and the largest cyber attack in history. The target? US financial institutions. >> Social network sites Twitter, Instagram, Snapchat, Skype, Facebook, Yahoo, LinkedIn, and Evernote, have all been hacked in recent years, amounting to millions of stolen user accounts. Understand the risks #1 Step 1 Increase in the number of data breaches from 2012-2013 Symantec 2014 Internet Security Threat Report, Volume 19 62%
  • 5. The password problem Humans aren’t wired to remember passwords, hence why we see laughably weak passwords such as “123456” in use today. If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. The reason for the increase is that the threatscape has changed dramatically in recent years. Hackers are increasingly able to penetrate endpoints and download Trojans, keyloggers and other malware onto endpoint PCs or laptops to steal login passwords. Here are some of the reasons why they are winning the endpoint security fight: >> Hackers change malware so frequently that signature-based endpoint defenses like anti-virus software can't stop them, so basically every day is zero day. >> Command and control toolkits like ZeuS and SpyEye make it easier for hackers to manage zombie botnets and mount attacks. >> Hackers target high-value companies with many combined attacks over time, so called Advanced Persistent Threat (APT) attacks. In looking at the individual cases, over-reliance on password authentication is a common problem that enables cyber criminals to penetrate networks. If anyone who has access to your network is attacked, hackers can steal passwords and get a toehold in an IT infrastructure. From there, they expand to more valuable targets, such as system administrators, eventually creating their own system management accounts. If password-only authentication is allowed, even for system administrators, hackers can create new accounts or access and copy any file they choose. Understanding the threat should raise real questions about your security strategy: >> Is your security dependent on passwords? >> Do you need stronger security for network access? >> Are you relying on signature-based anti-virus software, leaving you vulnerable? >> Does your security depend on every employee, and perhaps their family members, never falling for a well-crafted phishing attack?
  • 6. Strong, or multi-factor authentication is defined as authentication that uses two or more different forms of identity verification. An example of true multi-factor authentication could be where a user is required to insert his or her smart card (something they have) into a reader, and then must enter a PIN or passphrase (something they know) in order to unlock their credentials and access a secure network. If they have also have to place their fingertip (something they are) on a biometric fingerprint reader, this would add a third factor of verification. Each level of identity verification adds a further layer of protection. Implementing strong authentication provides a simple and cost effective way to: >> Mitigate the threat of impersonation for sensitive accounts >> Enable secure remote access for mobile workers >> Increase convenience by removing the need for complex and costly password policies >> Lower password maintenance costs >> Build the foundation of a comprehensive Identity Management Roadmap. Strong authentication technology significantly strengthens the fabric of the layered security because it adds “something you have” to the authentication process. A hacker who steals passwords or attempts to create his own admin accounts will be blocked by the strong authentication device associated to the identity he wants to use. When well-engineered, the second factor of authentication can be virtually impossible to duplicate. Examine how strong authentication can strengthen layered security #2 Step 2 OF BREACHES ARE COMMITTED BY OUTSIDERS VERIZON REPORT, 2013 OF BREACHES IN 2013 COULD HAVE BEEN AVOIDED WITH BASIC SECURITY CONTROLS OPEN TRUST ALLIANCE, 2014 92% 89% 76% OF NETWORK INTRUSIONS EXPLOITED WEAK OR STOLEN CREDENTIALS VERIZON REPORT, 2013
  • 7. Many leading information technology organizations recommend strong authentication solutions as an element of a strong IT infrastructure. For example, Microsoft’s Core Infrastructure Optimization (IO) model is a structured process that helps organizations better understand and strive for a more secure, well-managed, and dynamic core infrastructure that will help reduce overall IT costs, make better use of IT resources, and make IT a strategic asset for the business. As part of its Identity & Security Management discussion, Microsoft says, “How much does it cost every time a user calls a help desk to ask for his or her password to be reset? This issue has plagued the IT world for decades, and the most common solution leads to more security breaches than any other single security issue.” Among other things, this model defines strong authentication, PKI certificates and smart cards as important attributes of a well-managed identity infrastructure using Microsoft’s Forefront Identity Manager. Specifically, it recommends credential management that: >> Enables users to reset their own passwords through both the Windows logon and the Forefront Identity Manager password-reset portal, which lowers help desk costs. >> Provides effective implementation of strong authentication with integrated smart card and certificate management. >> Increases access security beyond username and password solutions. >> Simplifies certificate and smartcard management using Forefront Identity Manager. >> Enhances remote access security through certificates with Network Access Protection. >> Includes stronger authentication through certificates for administrative access and management. >> Controls help desk costs by enabling end users to manage certain parts of their own identities. >> Improves security and compliance with minimal errors, while managing multiple identities and passwords A second organization that recommends strong authentication and PKI certificate-based smart cards for higher levels of trust in identities is the U.S. National Institute of Standards and Technology (NIST). In response to Homeland Security Presidential Directive 12 (HSPD -12), which called for one very secure identity management and security credential across the entire U.S. federal government, NIST has worked out a framework for strong authentication and defined different levels of identity assurance. This body of work underlies the U.S. federal government’s own secure identity credential, the Personal Identity Verification (PIV) card, issued to all federal employees and subcontractors. The standard defines four Assurance Levels ranging in confidence level from low to very high. The level of assurance is measured by the strength and rigor of the identity proofing process, the credential’s strength and the management processes the service provider applies to it. PKI certificate-based smart cards are Level 3 (high) and the same level as the PIV cards and the Department of Defense’s equivalent, the Common Access Card (CAC). SUPPORTING DOCUMENTS >> Special Publication 800-63, Electronic Authentication Guideline >> Federal Information Processing Standards Publication 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors >> Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
  • 8. Consider your users' needs #3 Step 3 When evaluating the best way to move forward with implementing strong authentication, start by analyzing who you need to protect and what activities need to be protected. For example, not everyone in a company will need the same level of access to critical business information. For a remote salesperson, access to their email and CRM may be all they need. For an executive traveling, the access requirements are much broader, and the information being accessed will most likely have a higher degree of sensitivity. This is where a layered approach provides the right protection for the right business need. Enabling a mobile workforce to gain secure access to corporate resources can provide a competitive advantage allowing a quicker response to customer questions or sales proposals, or improve employee productivity and customer service, as examples. But while mobility can increase productivity, it also introduces a significant security risk. With numerous potential entry points into the network, the new challenge for IT security professionals is balancing security with convenience. Today, there are several tools available to IT security professionals to secure remote connectivity. VPN, access control gateways and intrusion prevention systems all play a role in ensuring only the right people have access to corporate data. But with the sophistication of these access control systems, in most cases the primary identity verification method is still a basic username and password. This is similar to purchasing a Ferrari and installing skeleton key locks on the doors. The two simply do not line up. Even with the sophistication of heuristics, access control list, data flow analysis, etc., an intruder can easily access the network undetected if they are logging in using legitimate credentials. To mitigate this, companies have implemented increasingly complex password schemes and forced users to change their passwords every 30- 90 days. While this makes it more difficult to guess a user’s password, the result has been more user lockouts and password resets through the help desk—with every call costing the company time and money. Implementing strong authentication makes life easier for employees, by removing the requirement to remember many different and frequently changing complex passwords. Another distinct class of users is C-level executives and senior managers involved in sensitive topics like mergers and acquisitions, corporate earnings forecasts and not-yet-disclosed investor releases. Requirements for this group can include: >> Secure email encryption/decryption. >> Digital signature of electronic documents. >> Strong authentication for hard disk encryption. >> Multi-factor desktop and remote access. Similarly, system administrators not only have unique needs, but this group should be among the first of individuals required to use strong authentication in any organization. Hackers strive to work their way through an organization and get to a system administrator’s account, and then set themselves up with their own admin account. At that point they can do virtually anything they want within the system or network. To stop this from happening, require strong authentication for all of your system admins before they can have access to make certain types of changes, such as creating new system admin accounts. There are many other examples, but the key is to look at all of the use cases in your organization. This will prepare you to look for technology solutions that can address all of the different requirements.
  • 9. Build on what you already have #4 Step 4 as a hosted service, for example, and it is still easily integrated with the existing infrastructure. You may have deployed other security devices, so a requirement may be for these legacy devices to co-exist during a transition period. If you are in the process of phasing out one vendor and moving to Gemalto, the Gemalto OTP solution can co-exist with your other authentication provider. You need to carefully examine the applications you want to use with your strong authentication implementation. Many common programs, such as Microsoft Windows, Microsoft Office, Adobe Reader and Citrix Presentation Manager, natively support Gemalto strong authentication. Gemalto also provides an open API to enable easy integration with existing applications and IDConfirm. As you plan a strong authentication implementation, you must examine how it can fit into your current IT and security infrastructure. Fortunately, Gemalto has partnered with leading IT vendors such as Microsoft, Citrix, Adobe and many others to make this step easy. On the backend, Gemalto makes it simple to install its IDConfirm Authentication Server. It can be installed on an existing infrastructure in less than 10 minutes for initial configuration. The server works with leading identity store providers such as Microsoft Active Directory and can quickly sync between IDConfirm and existing user information for OTP seed provisioning, for example. An alternative for the backend is to use hosted services, which simplifies and speeds up the implementation and lowers up-front capital costs. Gemalto offers IDConfirm
  • 10. Get flexible technology #5 Step 5 Not all users are created equal. As mentioned before, there are different roles within each company requiring different access privileges. Simply put, implementing strong authentication should not be one size fits all. Gemalto has a full portfolio of strong authentication options so you can implement the right technology to address each specific business need. Solutions range from one-time password (OTP) technology to full certificate-based identity solution enabling data encryption and digital signature. TECHNOLOGY CONSIDERATIONS As you examine technology options, consider these as requirements: >> Offer a wide portfolio of strong authentication solutions, from OTP to PKI certificate-based. This allows you to choose the level of protection that best fits the needs of your organization. >> Offer a variety of different form factors, including ID credentials, unconnected OTP devices, dual unconnected/connected USB tokens and mobile solutons. >> Support open industry standards when available (e.g., OATH for OTP). >> Offer a server platform to facilitate implementation. >> Provide a versatile authentication platform that supports a full range of devices and technologies. >> Capability to set and enforce risk-based authentication policies that raise the level of security required for certain types of higher risk logins and deny or scale back access privileges. >> Availability of cloud-based outsourced device provisioning. >> Solutions for securing cloud computing and mobile workforces.
  • 11. One-time password (OTP) is a good first step in securing your network, especially when granting access to remote users. OTP provides an additional layer of security to username and password. The user simply enters a username and the numeric code provided by the OTP device. The authentication server validates the code, and access is granted to appropriate network resources. This increases the security of the login process by ensuring the person accessing the network is in possession of two factors of identity verification. In this case, the OTP device and a username and potentially a password. This means that someone cannot simply find a password written down or obtain credentials through social engineering. They actually need to have the OTP device and the right code in conjunction with the user’s other information. There are two other important benefits to IT teams that implement OTP-based security: >> OTP solves VPN headaches by eliminating the need for a VPN client, replacing it with OTP Windows logon >> It allows employees to use their mobile phones— something they already have—for OTP. Mobile OTP also enables organizations to have full ownership of their key management through self- provisioning using recognized methods such as the IETF reference standards for Open Authentication Organization (OATH) key provisioning. This means that there are no dependencies on the vendor maintaining the confidentiality of the keying material. The phone also enables PIN validation by the user during the OTP authentication process, further increasing security and identity verification. Start fast with one-time password #6 Step 6
  • 12. While OTP authentication for network access is a significant step-up from user name and password, certificate-based authentication raises the bar even further. As discussed earlier, leading reference frameworks such as Microsoft’s Core IO and the federal government’s authentication guidelines and FIPS 201 standard, recommend credentials and processes based on PKI certificates and smart cards for high levels of security and identity assurance. With a solid identity foundation that includes consolidated ID repository, good data sources and a mature ID provisioning system, deploying certificate- based authentication is easy and can be done at a minimal cost. Gemalto’s Protiva smart card-based solutions leverage public key infrastructure (PKI) to provide certificate- based strong authentication. This ensures two-factors of authentication by leveraging the smart card product (card or token) for something you have, combined with Move up to PKI certificate-based identities #7 Step 7a user selected PIN for something you know to provide two factors of authentication. With proper security controls in place to verify the identity of the user before smart card issuance and certificate provisioning, you can be assured that only the legitimate user is the one accessing the corporate network and sensitive data. Once a certificate-based identity solution has been deployed; there are several additional security features that can be added. Some of the notable features include: >> File encryption – The problem of securing the Data-at-Rest (DAR) has been resolved, and hard drive encryption is the solution. While OTP increases network access security, it brings little value to hard drive encryption; however, certificate-based smart card security can be used together with disk encryption systems to provide multi-factor authentication for decrypting sensitive files or hard drives. >> Email encryption – Ensure the security of sensitive information through email. Leveraging the cryptographic process within the smart card deployment, email is encrypted and can only be decrypted by the intended recipient – keeping your email safe from unwanted eyes. >> Digital signature – Using the Internet for business processes is cheaper and faster, but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital Signatures created using Protiva smart card devices with PKI can securely authenticate virtual documents saving both time and money. >> Mutual authentication – As hosted applications become more prevalent, there is a need for stronger controls both from the system to authenticate the user and also the user being able to authenticate into the system. This provides an additional layer of security to ensure information exchanged online is secure, and the user is interacting only with the legitimate application. Implementing PKI certificate-based smart cards brings your IT infrastructure in line with the high levels of e-authentication security recommended by security specialists at Microsoft and NIST. RISK APPROPRIATE AUTHENTICATION >> Not all users are created equal. Each user accessing the network has a set of requirements based on job function and access needs. When implementing strong security controls, user needs and the ability of IT security to support these needs will require a flexible security solution to meet these varied user profiles.
  • 13. There are three options when deploying a certificate- based identity solution: .NET, minidriver enabled (MD), or PIV. Each solution provides a high level of assurance of the identity of the user attempting to gain logical access to the network. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. .NET and MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a.NET or MD certificate-based authentication solution is virtually plug and play.NET & MD are also compatible with MAC OS and Linux environments. Adding biometric functionality adds a further level of security with the addition of fingerprint match-on-card user verification. This functionality is supported by Windows Biometric Framework. Additionally, MD smart cards exists with a certification according to US regulations (FIPS 140-2 Level 3) or European regulations (CC EAL5+ / PP SSCD). MD smart cards can also be manufactured as dual interface and are compatible with the NFC interface present on many smartphones and tablets. As reflected by the FIPS 201 certification, PIV smart cards fully conform to the solution selected by the U.S. Department of Defense. This is the identity card base for both the Common Access Card (CAC) used by millions of military personnel and the Personal Identity Verification (PIV) identity credential used by non-military federal agencies. Choose the most appropriate certificate-based solution #8 Step 8 CHOOSING A SOLUTON >> If your main goal is an optimized integration with Microsoft infrastructure, plus compatibility with other operating systems, you should strongly consider NET cards. >> If, on top of this integration capability, you need a certification to signature regulations (CC or FIPS) and/or a compatibility with the NFC interface of mobile devices, a minidriver-enabled (MD) smart card, certified and/or dual interface is the right choice. >> If interoperability with the US government is an important factor, the PIV (PIV – Interoperable) is a better choice..
  • 14. A fast way to get started is to use a technology provider that offers a combination of supporting security partner specialists and Web-based services. Gemalto has strong security channel partners worldwide to help you plan and implement your strong authentication solutions. If you think Web services can help simplify and accelerate deployment in your large enterprise, consider requiring these of your technology provider: >> Complete fulfillment service Why maintain a stock of OTP tokens? Gemalto can provide complete OTP fulfillment including order handling, packaging, shipping, tracking and provisioning the OTP hardware device (token or display card). To get started quickly, use cloud- based services and channel partners #9 Step 9 For the mobile OTP app, Gemalto provides a portal for redirection to the appropriate app store based upon the user’s smart phone device (i.e., redirected to Apple app store for iPhone app download). >> No batch fulfillment requirement Gemalto will ship an individual hardware OTP device to an individual end user or provides the option to ship in batches to a central distribution point. >> Web store option Gemalto can create a custom web store for your users to order their OTP device and provide shipping information. For cost allocation, each device or batches of devices could be purchased through the web store attributing the cost to the specific group or cost center associated with the user. >> Automated seeding process By syncing with an existing identity store, IDConfirm simply links an OTP seed with the user account. This allows the user to self-activate once they have received their OTP device or downloaded the mobile OTP app.
  • 15. Consider the importance of mobile #10 Step 10 Mobile phones have become ubiquitous, and smart phones continue to gain significant momentum especially in developed countries. This has introduced an interesting option for OTP technology – leverage the mobile device as an OTP token. There are two ways that this can take place. The first is to use the short message service (SMS) capability within every mobile device. The user requests an OTP when logging in to a specific resource and receives one back from the network. The second option is to have an app that can be used on a smart phone. When a user is required to enter an OTP for strong authentication, he or she simply launches the app which generates an OTP eliminating the need for an additional hardware device. Gemalto also has one-touch user authentication, which once the user receives the OTP from the app, they simply push send passcode. No need to physically enter the OTP. Another option is to use a smart card ID with a mobile device. The mobile must be connected to a special reader device with either a cable, as a sleeve around the mobile device, or via Bluetooth wireless technologies. The NFC interface, when available on the mobile, can also be used with dual interface cards. The future of mobile security: The Secure Element As the mobile industry advances and standards mature, more security options are becoming available to store digital ID credentials directly in a hardware-based «Secure Element» that is part of a smart phone or mobile tablet architecture. The Secure Element is based on smart card technology such as a SIM/UICC card, a MicroSD card or an embedded Secure Element chipset. In all these cases, the Secure Element is the key security factor that generates and stores cryptographic secrets and performs the associated algorithms needed for strong authentication and other digital security services.
  • 16. GEMALTO.COM Learn more When the time is right, consider contacting Gemalto. Our Protiva family offers a full spectrum of strong authentication solutions, from OTP to PKI credentials in cards or tokens. Our Protiva IDConfirm server can fit simply into your infrastructure, and Gemalto gives you many options for deployment, from enabling your in-house management to cloud-based services for hosting of provisioning on-boarding. About Gemalto As the global leader in digital security. Gemalto solutions enable some of the world’s best known organizations to protect user identities and IT resources without compromising convenience or efficiency. We develop secure embedded software and secure products which we design and personalize. Our platforms and services manage these secure products, the confidential data they contain and the trusted end-user services they enable. Our innovations enable our clients to offer trusted and convenient digital services to billions of individuals. Gemalto thrives with the growing number of people using its solutions to interact with the digital and wireless world. Visit gemalto.com/identity Follow our blog at: blog.gemalto.com © Gemalto 2014. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. May, 2014 - CC