multi-factor authentication - "moving towards the enterprise"
DESCRIPTION
In the past year, we’ve seen a significant shift in how we are asked to authenticate to web applications. The trend is moving from relying on simple username & passwords to wider scale use of two-factor, risk-based & multi-factor authentication (MFA), such as software tokens, one-time password (OTP), and various forms of device identification. What does it all mean & is it something your organization needs? The simple answer is…multi-factor authentication needs to be on the radar of every organization, as passwords are no longer enough to protect users. Passwords are too easy to crack or steal & hackers are indiscriminant. From an operational perspective, organizations are losing money through high volumes of help desk tickets related to logins & password resets. Strong passwords are still just too weak of a defense in today’s business world. Join us at 11amET on Tuesday, April 1st for an interactive webcast with our team of subject matter experts to learn more about how to turn this new requirement into a seamless feature of your current environment.TRANSCRIPT
• What is Multi-Factor Authentication
• Why MFA matters to the Enterprise?
• Introduction to XSpectra
• Demo
• Q & A
Multi-Factor Authentication - Moving Towards the Enterprise
Rohan Weerasinghe, Product Evangelist, XSpectraMycroft Inc.
INTRODUCTIONS
Copyright ©2014 Mycroft Inc. All rights reserved
Edward Edge, Product Evangelist, XSpectraMycroft Inc.
WHAT IS MFA & WHY DOES IT MATTER TO THE ENTERPRISE?
The trend is moving from relying on simple username & passwords to wider scale use of two-factor and multi-factor authentication (MFA),
such as software tokens
There are three different kinds of authentication factors:
Something you know – password, PIN, challenge questionsSomething you have – fob, mobile phone (OTP), certificateSomething you are – fingerprint, facial recognition, voice
pattern
Copyright ©2014 Mycroft Inc. All rights reserved
CASE IN POINT…
• FEBRUARY 26, 2014: Data breach at Indiana University - 146,000 students’ SSN exposed
• FEBRUARY 23, 2014: Apple issues fix for breach which could have provided hackers a route to read emails, instant messages, social media posts & even online bank transactions.
• DECEMBER 19, 2013: 110M personal payment information accessed due to Target breach
• JANUARY 23, 2013: Neiman Marcus announces 1.1M customer cards hacked by malicious software
• JULY 12, 2012: Yahoo confirmed 400,000+ users info compromised. (Gmail, AOL & Hotmail)
• JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party forum
• JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account
• APRIL 24, 2012: Nissian announced security breach earlier this year
• FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised
• FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked,
• JANUARY 15, 2012: Hackers access personal information from Zappos’ 24 million users
• JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France
AND ON & ON & ON….
TRADITIONAL ENTERPRISE WITH NETWORK PERIMETER
Enterprise Apps
Network Perimeter
Internal Employee
Public
Private
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees
Enterprise Apps
Network Perimeter
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employeeVPN
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees …and cloud applications
Enterprise Apps
Network Perimeter
Cloud Apps/Platform
s& Web
Services
SaaS
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employeeVPN
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees …and cloud applications …and external users
Partner User
Consumer
Enterprise Apps
Network Perimeter
Cloud Apps/Platform
s& Web
Services
SaaS
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employee VPN
No single perimeter to control!
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
IDENTITY IS THE NEW PERIMETERTHE REQUIREMENT: A CENTRALIZED IDENTITY SERVICE
EnterpriseApps
Cloud Apps/Platform
s& Web
Services
SaaS
Identity
Internal Employee
Mobile employee
Partner User
On Premise
Consumer
Copyright ©2014 Mycroft Inc. All rights reserved
XSPECTRA OVERVIEW
• On-demand IAM service based on CA CloudMinder™ based on longest, deepest history & experience in IAM built specifically for expansion to address full spectrum of organizational risk needs
• Broadest & deepest feature set built for growing companies including:
• Federated Single Sign-On
• Automated & Self Service User Management
• Multifactor Authentication
• Centralized Holistic Provisioning & De-provisioning
• Identity Platform
• Risk Based Policy Enforcement
• Addresses customer needs quickly through automation
• Top-tier Security Operations Center in compliance with SAS 70 security standards for up to 24x7 support
• Customizations team of professional services experts in-house to quickly address specific requirements
• IAM capabilities without need for large IT infrastructure
INTRODUCING….
Low cost with subscription pricing
Enterprise-class features & functions
HYBRID SOLUTION that integrates on-premise & cloud apps
Quick deployment
Copyright ©2014 Mycroft Inc. All rights reserved
CONCEPTUAL ARCHITECTURE
Copyright ©2014 Mycroft Inc. All rights reserved
MYCROFT XSPECTRA ON-DEMAND SERVICE
Strong Authentication
QnA, OAuth, OpenID, Arcot PKI/OTP
Security Code over SMS/Email/Voice
Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up
authentication Geo-location & velocity checking Fraud case management
CA CloudMinder™ Advanced Authentication
Federated SSO Standards-based federation STS (Token Translation) Portal to launch services Integration with other services
CA CloudMinder™ Single Sign-on
User management Access request Hybrid provisioning-cloud & on-
premise Identity synchronizationCA CloudMinder™ Identity
Management
Identity ManagementExpands current market offerings through:
• Full Life Cycle Provisioning to targeted endpoint on-premise such as Active Directory, Oracle, SAP, etc.
• Multifactor & Risk-based Authentication with choice of credential formats
• Configurable policies for custom risk assessments
• Federated SSO to cloud-platforms and SaaS applications
• Self-Service capabilities such as registration, profile management, access requests, etc
• Seamless integration with on-premise, cloud or hosted environments
• All the benefits of the cloud including monthly subscription pricing, no up-front investment, reduced in-house costs & fast access
Copyright ©2014 Mycroft Inc. All rights reserved
MYCROFT XSPECTRA ON-DEMAND SERVICE
• Enhances log-in process to provide strong authentication
• Implements risk-based authentication
• Non-intrusive to the user experience
• Measure risk based on device characteristics, location & velocity
• Enhances credentials to support two-factor authentication
• Arcot ID OTP
• Arcot ID PKI
• Supports authentication attempts from PC, Mac, tablet & phones
Copyright ©2014 Mycroft Inc. All rights reserved
Advanced Authentication
MYCROFT XSPECTRA RISK-BASED AUTHENTICATION
TWO-FACTOR AUTHENTICATION WITH OTP
• Once the user is registered, one-time password (OTP) is a generated by iPhone, Android, Blackberry, and Windows clients
• The OTP is active for short while and regenerates periodically – usually under a minute – however this is configurable
• The user retrieves the OTP using their own PIN (Personal Identification Number)
Copyright ©2014 Mycroft Inc. All rights reserved
DEMO
Copyright ©2014 Mycroft Inc. All rights reserved
MULTIFACTOR AUTHENTICATION
• Strong authentication & risk evaluation help reduce fraud misuse
• Low TCO - efficient self-service capabilities, no infrastructure to deploy and no software upgrade expenses
• Compliance - Strong & risk-based authentication can help meet FFIEC, HIPAA, PCI and SOX guidelines
Strong Authentication
QnA, OAuth, OpenID, Arcot PKI/OTP Security Code over SMS/Email/Voice Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up authentication Geo-location & velocity checking Fraud case management
Copyright ©2014 Mycroft Inc. All rights reserved
Mycroft Inc.
369 Lexington Ave
New York, NY 10017 212-983-2656
www.mycroftcloud.com@IAMXSpectra
Q & A
Copyright ©2014 Mycroft Inc. All rights reserved