Authentication choices!
Vincent van Kooten: Business Sales Manager Benelux
Distributed by
http://be.noxs.com/ - [email protected]
Agenda
• Why Authentication
• Authentication Solution areas
• Selection Criteria
• RSA Security Solutions
• Summary
RSA Security Solutions
Secure Mobile & Remote AccessSecure Mobile & Remote Access
Secure Enterprise Access
Secure Enterprise Access
Secure Transactions
Secure Transactions
Identity & Access Management
Identity & Access Management
Why Focus on Authentication?
• Authentication is the essential foundationfor trusted business process
— Establishes trust by proving identitiesof the participants in a transaction
— “On the Internet, no one knows you’re a dog”
Why Focus on Authentication?
Authentication is the foundation for other critical services
— Personalization
— Authorization / Access Management
— Identity Management
— AuditBusiness policy: liability, assurance for transactions
Relationships between people, groups, and organizations
Applications and services: access control and authorization
Relationships between identities and information
Presentation / Personalization: what the user sees
Defining relationships through quality of experience
Authenticated Identity(user, device, application, group, organization)
Source of graphic: Burton Group, “Enterprise Identity Management”, October 2002
Source: RSAS, adapted from Frost & Sullivan
Authentication Market Drivers
• Expanding access— Increasing numbers of mobile
workers
— Increasing numbers of telecommuters
— Extension of the enterprise network to third parties
• Customers
• Partners
— Increasing network size and complexity
— Need for portable credentials
• “Willy Sutton effect”— Increase in sensitive information
accessed remotely
— High levels of internal compromise/theft
— Growing security awareness
• The problem with passwords— Passwords provide weak security
— Multiple passwords are unmanageable
— Passwords are surprisingly expensive
Source: RSAS, adapted from Frost & Sullivan
Authentication Market Inhibitors
• Costs
— Deployment costs
— Perception of additional administrative burden
— Lack of installed base of smart card readers
— Concern over lost / forgotten / broken tokens or smart cards
• Deployability
— Concern over scalability
— Lack of interoperability with current systems
— Short-term focus on other business objectives
— Business as usual
• Business Justification
— Lack of security awareness
— Difficulty in quantifying ROI
Authentication Methods:Three Types of Factors
• Something you know— Password
— PIN number
• Something you have— Token
— Certificate
— Smart card
• Something you are (Biometrics)— Fingerprint
— Retina
• Strong authentication takes two factors
Authentication Solutions areas
• Securing IPsec VPN’s
• Securing SSL-VPN’s
• Securing Web applications/ Websites (content)/ OWA
• Securing Wireless LAN's
• Securing Remote Access Servers (Dialup)
• Securing Unix environments
• Securing Desktop/ Network Access (Windows) NEW!!!
Selection Criteria
• One size does not fit all in authentication
• Hardware tokens, Software tokens, Digital Certificates, SMS based authentication, Smart Cards, USB Tokens
• The choice of authentication solution will be as a result of Total Cost of Ownership and Strategic Fit for the users and for the organisation
Challenges
Total Cost of Ownership• Acquisition• Deployment• Operating
Strategic Fit (Users)• Convenience/ Ease of Use• Portability• Multi-Purpose
Strategic Fit(Corporate / System)• Relative Security• Interoperability / Back-End Integration• Robustness / Scale• Future Flexibility
Selection CriteriaThree Major Categories, Ten Attributes
• Total Cost of Ownership
— Acquisition cost
— Deployment cost
— Operating cost
• Strategic Fit (users)
— Convenience / Ease of Use
— Portability
— Multi-purpose
• Strategic Fit (corporate/system)
— Relative Security
— Interoperability / Back-end Integration
— Robustness / Scale
— Future Flexibility
Source: RSAS, adapted from Giga “The Hows and Whys of Online Authentication”, 1999
Selection CriteriaTotal Cost of Ownership
• Acquisition cost— What are the initial acquisition costs? This should include all additional
hardware, software, servers, readers, services, etc. associated with acquiring the authentication solution.
• Deployment cost— What are the costs to deploy the authentication solution? This includes
the distribution of any necessary hardware or software; ease of installation; ease of setup and configuration; training of end-users; etc.
• Operating cost— What are the ongoing operating costs? This may include costs
for replacement (e.g., expired / lost / stolen / broken)authentication devices; ongoing management; upgrades;vendor support; help desk support; etc.
RSA Security Solutions
Secure Mobile & Remote AccessSecure Mobile & Remote Access
Secure Enterprise Access
Secure Enterprise Access
Secure Transactions
Secure Transactions
Identity & Access Management
Identity & Access Management
Secure Mobile Secure Mobile & Remote& Remote
AccessAccess
RSA Security Solutions
Secure Secure EnterpriseEnterprise
AccessAccess
Identity &Identity &AccessAccess
ManagementManagement
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
Secure Secure TransactionsTransactions
• Portals• Intranet• Extranet• Supply chain• e-Government
• Improved user experience• Help desk and administrative
cost reduction• Risk management & mitigation• Regulatory & partner
compliance
• Automate business processes• Extend the enterprise• Build/strengthen on-line
customer & partner relationships• Regulatory requirements
• B2B trading networks /supply chain
• Web services• Embedded / OEM• Regulated vertical
applications
• Shift in application architectures
• Reduce application development cost
• Risk management & mitigation• Regulatory compliance
• Extra-enterprise e-transactions• Reduce supply chain costs• Regulatory requirements
• e-Business enablement• Intellectual property protection• Productivity via anywhere,
anytime access• Regulatory requirements
• Microsoft Windows login• Enterprise SSO• WLAN• Smart Badging
• Improved user experience• Cost Reduction• Risk management & mitigation• Regulatory compliance
• VPN• Citrix• Web portals• WLAN• SSL VPN
• Risk management & mitigation• Regulatory compliance• Help desk and administrative
cost reduction
• Empower workforce mobility• Productivity via anywhere, anytime
access• Enable partner and customer
transactions• Regulatory requirements
RSA ClearTrust
RSA BSafe
RSA FIM
RSA Security Solutions
Secure Secure EnterpriseEnterprise
AccessAccess
• Portals• Intranet• Extranet• Supply chain• e-Government
• Improved user experience• Help desk and administrative cost
reduction• Risk management & mitigation• Regulatory & partner compliance
Identity &Identity &AccessAccess
ManagementManagement
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
• B2B trading networks /supply chain
• Web services• Embedded / OEM• Regulated vertical
applications
• Shift in application architectures
• Reduce application development cost
• Risk management & mitigation• Regulatory compliance
Secure Secure TransactionsTransactions
• Automate business processes• Extend the enterprise• Build/strengthen on-line customer & partner
relationships• Regulatory requirements
• Extra-enterprise e-transactions• Reduce supply chain costs• Regulatory requirements
• e-Business enablement• Intellectual property protection• Productivity via anywhere,
anytime access• Regulatory requirements
• Microsoft Windows login• Enterprise SSO• WLAN• Smart Badging
• Improved user experience• Cost Reduction• Risk management & mitigation• Regulatory compliance
• VPN• Citrix• Web portals• WLAN• SSL VPN
• Risk management & mitigation• Regulatory compliance• Help desk and administrative
cost reduction
Secure Mobile Secure Mobile & Remote& Remote
AccessAccess
• Empower workforce mobility• Productivity via anywhere, anytime
access• Enable partner and customer
transactions• Regulatory requirements
RSA SecurID RSA Mobile
RSA SecurID RSA Keon RSA Passage
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
• VPN• Citrix• Web portals• WLAN• SSL VPN
• Risk management & mitigation
• Regulatory compliance• Help desk and
administrative cost reduction
Secure Mobile Secure Mobile & Remote& Remote
AccessAccess
• Empower workforce mobility• Productivity via anywhere, anytime
access• Enable partner and customer
transactions• Regulatory requirements
RSA Product Focus: RSA SecurID
RSA Security SolutionsSecure Mobile and Remote Access
• Microsoft Windows login• Enterprise SSO• WLAN• Smart Badging
RSA Security SolutionsSecure Enterprise Access
• e-Business enablement• Intellectual property
protection• Productivity via anywhere,
anytime access• Regulatory requirements
• Improved user experience• Risk management &
mitigation• Regulatory compliance
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
Secure Secure EnterpriseEnterprise
AccessAccess
RSA Product Focus: RSA SecurID for Microsoft® Windows®
RSA Product Focus: RSA Mobile
RSA Security SolutionsSecure Mobile and Remote Access
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
• VPN• Citrix• Web portals• WLAN• SSL VPN
• Risk management & mitigation
• Regulatory compliance• Help desk and
administrative cost reduction
Secure Mobile Secure Mobile & Remote& Remote
AccessAccess
• Empower workforce mobility• Productivity via anywhere, anytime
access• Enable partner and customer
transactions• Regulatory requirements
• Microsoft Windows login• Enterprise SSO• WLAN• Smart Badging
RSA Security SolutionsSecure Enterprise Access
• e-Business enablement• Intellectual property
protection• Productivity via anywhere,
anytime access• Regulatory requirements
• Improved user experience• Cost Reduction• Risk management &
mitigation• Regulatory compliance
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
Secure Secure EnterpriseEnterprise
AccessAccess
RSA Product Focus: RSA Keon Digital Certificates
• Microsoft Windows login• Enterprise SSO• WLAN• Smart Badging
RSA Security SolutionsSecure Enterprise Access
• e-Business enablement• Intellectual property
protection• Productivity via anywhere,
anytime access• Regulatory requirements
• Improved user experience• Cost Reduction• Risk management &
mitigation• Regulatory compliance
Key ApplicationsSecurity / IT DriversBusiness DriversCustomer Need
Secure Secure EnterpriseEnterprise
AccessAccess
RSA Product Focus: RSA SecurID Passage (SC & USB)
Summary
• Strong authentication consists of something you KNOW (pin) & something you HAVE (token, smartcard, USB, etc)
• Authentication enables business and creates TRUST
• Saves COSTS due to easy but secure access and usage
• After establishing trust the next step is authorization
• Different solutions for different needs
• We are here to help you with making sure that you pick the right solution