Multi-Factor Authentication - "Moving Towards the Enterprise"
•Download as PPTX, PDF•
1 like•969 views
In the past year, we’ve seen a significant shift in how we are asked to authenticate to web applications. The trend is moving from relying on simple username & passwords to wider scale use of two-factor, risk-based & multi-factor authentication (MFA), such as software tokens, one-time password (OTP), and various forms of device identification. What does it all mean & is it something your organization needs? The simple answer is…multi-factor authentication needs to be on the radar of every organization, as passwords are no longer enough to protect users. Passwords are too easy to crack or steal & hackers are indiscriminant. From an operational perspective, organizations are losing money through high volumes of help desk tickets related to logins & password resets. Strong passwords are still just too weak of a defense in today’s business world. Join us at 11amET on Tuesday, April 1st for an interactive webcast with our team of subject matter experts to learn more about how to turn this new requirement into a seamless feature of your current environment.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Multi-Factor Authentication - "Moving Towards the Enterprise"
Similar to Multi-Factor Authentication - "Moving Towards the Enterprise" (20)
Recently uploaded
Recently uploaded (20)
Multi-Factor Authentication - "Moving Towards the Enterprise"
- 1. • What is Multi-Factor Authentication • Why MFA matters to the Enterprise? • Introduction to XSpectra • Demo • Q & A Multi-Factor Authentication - Moving Towards the Enterprise
- 2. Rohan Weerasinghe, Product Evangelist, XSpectra Mycroft Inc. INTRODUCTIONS Copyright ©2014 Mycroft Inc. All rights reserved Edward Edge, Product Evangelist, XSpectra Mycroft Inc.
- 3. WHAT IS MFA & WHY DOES IT MATTER TO THE ENTERPRISE? The trend is moving from relying on simple username & passwords to wider scale use of two-factor and multi-factor authentication (MFA), such as software tokens There are three different kinds of authentication factors: Something you know – password, PIN, challenge questions Something you have – fob, mobile phone (OTP), certificate Something you are – fingerprint, facial recognition, voice pattern Copyright ©2014 Mycroft Inc. All rights reserved
- 4. CASE IN POINT… • FEBRUARY 26, 2014: Data breach at Indiana University - 146,000 students’ SSN exposed • FEBRUARY 23, 2014: Apple issues fix for breach which could have provided hackers a route to read emails, instant messages, social media posts & even online bank transactions. • DECEMBER 19, 2013: 110M personal payment information accessed due to Target breach • JANUARY 23, 2013: Neiman Marcus announces 1.1M customer cards hacked by malicious software • JULY 12, 2012: Yahoo confirmed 400,000+ users info compromised. (Gmail, AOL & Hotmail) • JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party forum • JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account • APRIL 24, 2012: Nissian announced security breach earlier this year • FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised • FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked, • JANUARY 15, 2012: Hackers access personal information from Zappos’ 24 million users • JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France AND ON & ON & ON….
- 5. TRADITIONAL ENTERPRISE WITH NETWORK PERIMETER Enterprise Apps Network Perimeter Internal Employee Public Private SaaS Copyright ©2014 Mycroft Inc. All rights reserved
- 6. …and remote employees Enterprise Apps Network Perimeter Internal Employee SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY Public Private Mobile employee VPN SaaS Copyright ©2014 Mycroft Inc. All rights reserved
- 7. …and remote employees …and cloud applications Enterprise Apps Network Perimeter Cloud Apps/Platforms & Web Services SaaS Internal Employee SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY Public Private Mobile employee VPN SaaS Copyright ©2014 Mycroft Inc. All rights reserved
- 8. …and remote employees …and cloud applications …and external users Partner User Consumer Enterprise Apps Network Perimeter Cloud Apps/Platforms & Web Services SaaS Internal Employee SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY Public Private Mobile employee VPN No single perimeter to control! SaaS Copyright ©2014 Mycroft Inc. All rights reserved
- 9. IDENTITY IS THE NEW PERIMETER THE REQUIREMENT: A CENTRALIZED IDENTITY SERVICE Enterprise Apps Cloud Apps/Platforms & Web Services SaaS Identity Internal Employee Mobile employee Partner User On Premise Consumer Copyright ©2014 Mycroft Inc. All rights reserved
- 10. XSPECTRA OVERVIEW • On-demand IAM service based on CA CloudMinder™ based on longest, deepest history & experience in IAM built specifically for expansion to address full spectrum of organizational risk needs • Broadest & deepest feature set built for growing companies including: • Federated Single Sign-On • Automated & Self Service User Management • Multifactor Authentication • Centralized Holistic Provisioning & De-provisioning • Identity Platform • Risk Based Policy Enforcement • Addresses customer needs quickly through automation • Top-tier Security Operations Center in compliance with SAS 70 security standards for up to 24x7 support • Customizations team of professional services experts in- house to quickly address specific requirements • IAM capabilities without need for large IT infrastructure INTRODUCING…. Low cost with subscription pricing Enterprise-class features & functions HYBRID SOLUTION that integrates on-premise & cloud apps Quick deployment Copyright ©2014 Mycroft Inc. All rights reserved
- 11. CONCEPTUAL ARCHITECTURE Copyright ©2014 Mycroft Inc. All rights reserved
- 12. MYCROFT XSPECTRA ON-DEMAND SERVICE Strong Authentication QnA, OAuth, OpenID, Arcot PKI/OTP Security Code over SMS/Email/Voice Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up authentication Geo-location & velocity checking Fraud case management CA CloudMinder™ Advanced Authentication Federated SSO Standards-based federation STS (Token Translation) Portal to launch services Integration with other services CA CloudMinder™ Single Sign-on User management Access request Hybrid provisioning-cloud & on-premise Identity synchronization CA CloudMinder™ Identity Management Identity ManagementExpands current market offerings through: • Full Life Cycle Provisioning to targeted endpoint on-premise such as Active Directory, Oracle, SAP, etc. • Multifactor & Risk-based Authentication with choice of credential formats • Configurable policies for custom risk assessments • Federated SSO to cloud-platforms and SaaS applications • Self-Service capabilities such as registration, profile management, access requests, etc • Seamless integration with on-premise, cloud or hosted environments • All the benefits of the cloud including monthly subscription pricing, no up-front investment, reduced in-house costs & fast access Copyright ©2014 Mycroft Inc. All rights reserved
- 13. MYCROFT XSPECTRA ON-DEMAND SERVICE • Enhances log-in process to provide strong authentication • Implements risk-based authentication • Non-intrusive to the user experience • Measure risk based on device characteristics, location & velocity • Enhances credentials to support two- factor authentication • Arcot ID OTP • Arcot ID PKI • Supports authentication attempts from PC, Mac, tablet & phones Copyright ©2014 Mycroft Inc. All rights reserved Advanced Authentication
- 14. MYCROFT XSPECTRA RISK-BASED AUTHENTICATION
- 15. TWO-FACTOR AUTHENTICATION WITH OTP • Once the user is registered, one-time password (OTP) is a generated by iPhone, Android, Blackberry, a nd Windows clients • The OTP is active for short while and regenerates periodically – usually under a minute – however this is configurable • The user retrieves the OTP using their own PIN (Personal Identification Number) Copyright ©2014 Mycroft Inc. All rights reserved
- 16. Copyright ©2014 Mycroft Inc. All rights reserved
- 17. MULTIFACTOR AUTHENTICATION • Strong authentication & risk evaluation help reduce fraud misuse • Low TCO - efficient self-service capabilities, no infrastructure to deploy and no software upgrade expenses • Compliance - Strong & risk-based authentication can help meet FFIEC, HIPAA, PCI and SOX guidelines Strong Authentication QnA, OAuth, OpenID, Arcot PKI/OTP Security Code over SMS/Email/Voice Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up authentication Geo-location & velocity checking Fraud case management Copyright ©2014 Mycroft Inc. All rights reserved
- 18. Mycroft Inc. 369 Lexington Ave New York, NY 10017 212-983- 2656 info@mycroftinc.com www.mycroftcloud.com @IAMXSpectra Copyright ©2014 Mycroft Inc. All rights reserved
Editor's Notes
- Employees steal, people hack, identity-centric world. Secure your stuff – market opp is total fear. - Fear, need to protect, identity centric
- In the past, we had a single firewall and all your employees and applications were behind it. You could run any protocols you wanted, and you had complete control. Life was good.
- Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.[CLICK for animation]The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
- Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.[CLICK for animation]The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
- Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
- So, what we’re seeing is that identity has become the new perimeter. The whole notion of “inside the network” or “outside the network” is gone. The network is everywhere, and identity is what enables us to enforce security and enhance business across the whole environment.But, how does this work? A centralized identity service becomes our central control point that determines who has access to what, and enforces that policy – on premise or in the cloud.We can determine the level of authentication that is required up front, even if it’s different than what the app requires. We can authorize which app each user can use, and audit their activity across the range of apps.When a user leaves, by disabling their central authentication credentials, you can prevent them getting access to any of their apps. So, it simplifies the process of de-provisioning accounts and access upon termination.