• What is Multi-Factor Authentication

• Why MFA matters to the Enterprise?

• Introduction to XSpectra

• Demo

• Q & A

Multi-Factor Authentication - Moving Towards the Enterprise

Rohan Weerasinghe, Product Evangelist, XSpectraMycroft Inc.

INTRODUCTIONS

Copyright ©2014 Mycroft Inc. All rights reserved

Edward Edge, Product Evangelist, XSpectraMycroft Inc.

WHAT IS MFA & WHY DOES IT MATTER TO THE ENTERPRISE?

The trend is moving from relying on simple username & passwords to wider scale use of two-factor and multi-factor authentication (MFA),

such as software tokens

There are three different kinds of authentication factors:

Something you know – password, PIN, challenge questionsSomething you have – fob, mobile phone (OTP), certificateSomething you are – fingerprint, facial recognition, voice

pattern

Copyright ©2014 Mycroft Inc. All rights reserved

CASE IN POINT…

• FEBRUARY 26, 2014: Data breach at Indiana University - 146,000 students’ SSN exposed

• FEBRUARY 23, 2014: Apple issues fix for breach which could have provided hackers a route to read emails, instant messages, social media posts & even online bank transactions.

• DECEMBER 19, 2013: 110M personal payment information accessed due to Target breach

• JANUARY 23, 2013: Neiman Marcus announces 1.1M customer cards hacked by malicious software

• JULY 12, 2012: Yahoo confirmed 400,000+ users info compromised. (Gmail, AOL & Hotmail)

• JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party forum

• JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account

• APRIL 24, 2012: Nissian announced security breach earlier this year

• FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised

• FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked, 

• JANUARY 15, 2012: Hackers access personal information from Zappos’ 24 million users

• JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France

AND ON & ON & ON….

TRADITIONAL ENTERPRISE WITH NETWORK PERIMETER

Enterprise Apps

Network Perimeter

Internal Employee

Public

Private

SaaS

Copyright ©2014 Mycroft Inc. All rights reserved

…and remote employees

Enterprise Apps

Network Perimeter

Internal Employee

SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY

Public

Private

Mobile employeeVPN

SaaS

Copyright ©2014 Mycroft Inc. All rights reserved

…and remote employees …and cloud applications

Enterprise Apps

Network Perimeter

Cloud Apps/Platform

s& Web

Services

SaaS

Internal Employee

SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY

Public

Private

Mobile employeeVPN

SaaS

Copyright ©2014 Mycroft Inc. All rights reserved

…and remote employees …and cloud applications …and external users

Partner User

Consumer

Enterprise Apps

Network Perimeter

Cloud Apps/Platform

s& Web

Services

SaaS

Internal Employee

SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY

Public

Private

Mobile employee VPN

No single perimeter to control!

SaaS

Copyright ©2014 Mycroft Inc. All rights reserved

IDENTITY IS THE NEW PERIMETERTHE REQUIREMENT: A CENTRALIZED IDENTITY SERVICE

EnterpriseApps

Cloud Apps/Platform

s& Web

Services

SaaS

Identity

Internal Employee

Mobile employee

Partner User

On Premise

Consumer

Copyright ©2014 Mycroft Inc. All rights reserved

XSPECTRA OVERVIEW

• On-demand IAM service based on CA CloudMinder™ based on longest, deepest history & experience in IAM built specifically for expansion to address full spectrum of organizational risk needs

• Broadest & deepest feature set built for growing companies including:

• Federated Single Sign-On

• Automated & Self Service User Management

• Multifactor Authentication

• Centralized Holistic Provisioning & De-provisioning

• Identity Platform

• Risk Based Policy Enforcement

• Addresses customer needs quickly through automation

• Top-tier Security Operations Center in compliance with SAS 70 security standards for up to 24x7 support

• Customizations team of professional services experts in-house to quickly address specific requirements

• IAM capabilities without need for large IT infrastructure

INTRODUCING….

Low cost with subscription pricing

Enterprise-class features & functions

HYBRID SOLUTION that integrates on-premise & cloud apps

Quick deployment

Copyright ©2014 Mycroft Inc. All rights reserved

CONCEPTUAL ARCHITECTURE

Copyright ©2014 Mycroft Inc. All rights reserved

MYCROFT XSPECTRA ON-DEMAND SERVICE

Strong Authentication

QnA, OAuth, OpenID, Arcot PKI/OTP

Security Code over SMS/Email/Voice

Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up

authentication Geo-location & velocity checking Fraud case management

CA CloudMinder™ Advanced Authentication

Federated SSO Standards-based federation STS (Token Translation) Portal to launch services Integration with other services

CA CloudMinder™ Single Sign-on

User management Access request Hybrid provisioning-cloud & on-

premise Identity synchronizationCA CloudMinder™ Identity

Management

Identity ManagementExpands current market offerings through:

• Full Life Cycle Provisioning to targeted endpoint on-premise such as Active Directory, Oracle, SAP, etc.

• Multifactor & Risk-based Authentication with choice of credential formats

• Configurable policies for custom risk assessments

• Federated SSO to cloud-platforms and SaaS applications

• Self-Service capabilities such as registration, profile management, access requests, etc

• Seamless integration with on-premise, cloud or hosted environments

• All the benefits of the cloud including monthly subscription pricing, no up-front investment, reduced in-house costs & fast access

Copyright ©2014 Mycroft Inc. All rights reserved

MYCROFT XSPECTRA ON-DEMAND SERVICE

• Enhances log-in process to provide strong authentication

• Implements risk-based authentication

• Non-intrusive to the user experience

• Measure risk based on device characteristics, location & velocity

• Enhances credentials to support two-factor authentication

• Arcot ID OTP

• Arcot ID PKI

• Supports authentication attempts from PC, Mac, tablet & phones

Copyright ©2014 Mycroft Inc. All rights reserved

Advanced Authentication

MYCROFT XSPECTRA RISK-BASED AUTHENTICATION

TWO-FACTOR AUTHENTICATION WITH OTP

• Once the user is registered, one-time password (OTP) is a generated by iPhone, Android, Blackberry, and Windows clients

• The OTP is active for short while and regenerates periodically – usually under a minute – however this is configurable

• The user retrieves the OTP using their own PIN (Personal Identification Number)

Copyright ©2014 Mycroft Inc. All rights reserved

DEMO

Copyright ©2014 Mycroft Inc. All rights reserved

MULTIFACTOR AUTHENTICATION

• Strong authentication & risk evaluation help reduce fraud misuse

• Low TCO - efficient self-service capabilities, no infrastructure to deploy and no software upgrade expenses

• Compliance - Strong & risk-based authentication can help meet FFIEC, HIPAA, PCI and SOX guidelines

Strong Authentication

QnA, OAuth, OpenID, Arcot PKI/OTP Security Code over SMS/Email/Voice Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up authentication Geo-location & velocity checking Fraud case management

Copyright ©2014 Mycroft Inc. All rights reserved

Mycroft Inc.

369 Lexington Ave

New York, NY 10017 212-983-2656

info@mycroftinc.com

www.mycroftcloud.com@IAMXSpectra

Q & A

Copyright ©2014 Mycroft Inc. All rights reserved