Modern Threats: what are the big trends making the case for Multi-Factor Authentication?

Kevin Thiele

Agenda

Trends in the IT industry that are making you more vulnerable The real security risk to your business Common pitfalls to avoid when building your defence Best practices to follow to keep your data safe

2

Security

3

Trend #1 Mobility and BYOD

4

Trend #2 Cloud Adoption

5

Trend #3 The Digital Workplace

A Lethal Cocktail

More users access more information Access from multiple devices and locations More data stored in the Cloud Hackers target everyone Data protected with just a password

High Risk of Data Loss

7

The Threat is Real

Evolving Security Threat Landscape

8

Hacking is the fastest growing crime type

Size doesn’t matter32% of attacks were aimedat companies with less than

250 employees

Targeted AttacksFrom 2012 – 2014

TargetedAttacks grew 62%

$

Ransomware24.000 victims per

day in 2014

76% of all network breaches involveweak or stolen passwords

Common MistakesProtecting endpoints, patching and updating and

forgetting authenticationFeeling safe when no attacks are detectedTrusting your Cloud provider will protect you Feeling safe because you are small or don’t have

any secret data

9

Evolving User Authentication

10

25 years of strong user authentication canbe described in three phases:

High risk segmentFinancial and governmental institutions, in particular security oriented branches of government puts Hardware Tokens intouse

Large enterprisesLarger organizations across industriesrealise the need and Two-factor authentication becomes a security bestpractice

Everyone is a targetHacking is a frequent part of the newscycle. Ransomware, APT, etc. are actualthreats, keyloggers and other malware aredispersed across the net, and everyonebecomes a target

Banks, Police etc.’90s

‘Best Practice’’00s

All Organizations’10s

VPN

1

VPN, Citrix, OWA

3

VPN / SSL, Citrix, OWA, SharePoint, CRM, Web,

ActiveSync, etc.

10+

Likelihood of attacks, loss of data, remoteaccess, systems, number of users, etc.

1st GenerationHard Tokens

2nd GenerationMobile-based

3rd GenerationIntelligent MFA

Time

Best Practices for User Authentication

Protect Premise and Cloud ApplicationsMake sure the solution is user-friendly Make it easy for IT to implementMonitor login attemptsEnable Geo-fencing

11

Security Convenience Administration Returns

Four Key Areas to look for Value

12

Attack SurfaceVDI VPN Cloud Services Data Applications

Username and Password

Traditional Two-factor Authentication

Challenge-based

Location Aware

Real-time

Behavior Aware Time-restrictedSession-specific

Adaptive Multi-factor Authentication

Narrowing the Attack Surface

13

will protect the most vulnerable parts of your infrastructure.

Security

14

SecurityPrevent Security Breaches With Contextual Intelligence

15

Convenience

Make Security Hassle-free and Painless for the User

Convenience

Active Sync Provisioning allows for self-enrollment in BYOD use cases

Superior user experience

16

Easy to read MemoPasscodes™ ensures a more relaxed login process

Live status feedback shows the user how long the OTP is valid for

Contextual intelligence allows for easier login from trusted locations like your home

Password Change notifications and mobile AD Password reset option

Location Aware Message Dispatching – e.g. not SMS if you cannot receive SMS

Convenience

A user-centric approachMultiple OTP delivery methods for added convenience and automated failover

17

Easy for IT to ImplementManage And Scale Administration

AdministrationEasy to Install, Configure, Maintain and ScaleFlexible deployment optionsWide range of OTP delivery methodsEnable Monitoring and Reporting

18

Administrations

Returns and ROI

TCO is typically 50% lower than hardware tokens Boost productivity with a more convenient solution Integrated Password Reset option Reduced burden on IT professionals

19

Returns

"A cost saving potential of approx. 1 million Euro over a three-year period makes a lot of sense."

Case study: PostNord

Returns

SummaryCloud and Mobile Working is now the normNew working practices need new security Threats are real and do not discriminateUsers need to be productive and secureSecurity needs to be automatic and intuitiveSelf-service will reduce IT support costs

20

Keeping you safeWithout spoiling the ride