1. 1. #mfa_uncovered Multifactor Authentication Ronald Isherwood Kevin Miller @virtualfat @millzee69
2. 2. Who? Ronnie Isherwood Technology evangelist, presenter, author & editor Chairman (BCS Jersey) Founder (Jersey Techfair) #mfa_uncovered
3. 3. Who? Kevin Miller Founder / Director Consultant #mfa_uncovered
4. 4. Agenda Why do we need authentication? A brief history of authentication What is Multi-factor (MFA) authentication? Common authentication risks MFA Challenges MFA in the cloud or on premise Whats next Compliance and Reporting MFA Conclusion Q&A #mfa_uncovered
5. 5. Why do we need authentication? #mfa_uncovered
6. 6. Brief Authentication History 6 The Compatible Time-Sharing System (CTSS) Worlds first computing password Fernando Corbato Photo: MIT Museum #mfa_uncovered
7. 7. Brief Authentication History 7 #mfa_uncovered 1996 Secure Dynamics acquired RSA Data Security & RSA SecurID firmly established as Global Leader 1986 the first SecurID 2fa card sold! Allan Scherr - credited with the earliest documented case of password theft in 1962 On March 17, 2011, RSA's SecurID compromised!
8. 8. What is Multi-factor authentication? #mfa_uncovered
9. 9. Common authentication risks #mfa_uncovered 9 One password to rule them all: Malicious Software Man in the browser attack Man in the middle attack Account recovery
10. 10. MFA Challenges 10 Business challenges: - The business may think that because theres never been a security breach, theres no need for it. Cost? - User acceptance, overcoming resistance Cost? - Supporting processes already in place, are new ones required? Cost? - Initial increased support calls Cost? - commitment to ongoing maintenance & training Cost? #mfa_uncovered
11. 11. MFA Challenges 11 Technical challenges to consider - Hardware and software requirements - Implementation, training and maintenance POC, staff, configuration and acceptance testing, - Requires knowledge of systems being protected OWA, Citrix Storefront, Vmware, RDP, websites etc. - Scalability, high availability and disaster recovery - Post administration, device and user management - Reporting #mfa_uncovered
12. 12. MFA in the cloud or on premise 12 #mfa_uncovered
13. 13. What's next? Windows 10 13 Windows 10 new features: Windows Hello - Face recognition - Requires camera such as Intel RealSense 3D Camera (F200) Windows Passport - helps securely authenticate to applications, websites and networks on your behalf, no password sent #mfa_uncovered
14. 14. What's next? iOS 9 & OS X 10.11 14 Apple is introducing a revamped two-factor authentication system #mfa_uncovered
15. 15. Compliance & Reporting 15 MFA - part of the solution when applications have regulatory requirements such as: NIST 800-63 Level 3, HIPAA, PCI DSS Is it monitored? Is there alerting? Logs kept and for how long? Systems policies enforced? #mfa_uncovered
16. 16. Shameless plug! 16 #mfa_uncovered
17. 17. MFA Conclusion 17 Understand your business Your data - Secure data at its source (database), file server & email Entry points - The weakest link is the Achilles heel Using integral or cloud solution, decide level of responsibility. - Consider risks, reputation, costs and compliance. #mfa_uncovered 260b+ Globally lost (annually) to cybercrime of which the UK accounts for 10%!
18. 18. Another shameless plug! 18 #mfa_uncovered
19. 19. Questions? Thank you! #mfa_uncovered Ronnie Isherwood Kevin Miller @virtualfat @millzee69