Multi-Factor Authentication - "Moving Towards the Enterprise"
-
Upload
mycroftinc -
Category
Technology
-
view
298 -
download
0
description
Transcript of Multi-Factor Authentication - "Moving Towards the Enterprise"
• What is Multi-Factor Authentication
• Why MFA matters to the Enterprise?
• Introduction to XSpectra
• Demo
• Q & A
Multi-Factor Authentication - Moving Towards the Enterprise
Rohan Weerasinghe, Product Evangelist, XSpectraMycroft Inc.
INTRODUCTIONS
Copyright ©2014 Mycroft Inc. All rights reserved
Edward Edge, Product Evangelist, XSpectraMycroft Inc.
WHAT IS MFA & WHY DOES IT MATTER TO THE ENTERPRISE?
The trend is moving from relying on simple username & passwords to wider scale use of two-factor and multi-factor authentication (MFA),
such as software tokens
There are three different kinds of authentication factors:
Something you know – password, PIN, challenge questionsSomething you have – fob, mobile phone (OTP), certificateSomething you are – fingerprint, facial recognition, voice
pattern
Copyright ©2014 Mycroft Inc. All rights reserved
CASE IN POINT…
• FEBRUARY 26, 2014: Data breach at Indiana University - 146,000 students’ SSN exposed
• FEBRUARY 23, 2014: Apple issues fix for breach which could have provided hackers a route to read emails, instant messages, social media posts & even online bank transactions.
• DECEMBER 19, 2013: 110M personal payment information accessed due to Target breach
• JANUARY 23, 2013: Neiman Marcus announces 1.1M customer cards hacked by malicious software
• JULY 12, 2012: Yahoo confirmed 400,000+ users info compromised. (Gmail, AOL & Hotmail)
• JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party forum
• JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account
• APRIL 24, 2012: Nissian announced security breach earlier this year
• FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised
• FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked,
• JANUARY 15, 2012: Hackers access personal information from Zappos’ 24 million users
• JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France
AND ON & ON & ON….
TRADITIONAL ENTERPRISE WITH NETWORK PERIMETER
Enterprise Apps
Network Perimeter
Internal Employee
Public
Private
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees
Enterprise Apps
Network Perimeter
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employeeVPN
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees …and cloud applications
Enterprise Apps
Network Perimeter
Cloud Apps/Platform
s& Web
Services
SaaS
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employeeVPN
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
…and remote employees …and cloud applications …and external users
Partner User
Consumer
Enterprise Apps
Network Perimeter
Cloud Apps/Platform
s& Web
Services
SaaS
Internal Employee
SINGLE POINT OF PERIMETER CONTROL IS GOING AWAY
Public
Private
Mobile employee VPN
No single perimeter to control!
SaaS
Copyright ©2014 Mycroft Inc. All rights reserved
IDENTITY IS THE NEW PERIMETERTHE REQUIREMENT: A CENTRALIZED IDENTITY SERVICE
EnterpriseApps
Cloud Apps/Platform
s& Web
Services
SaaS
Identity
Internal Employee
Mobile employee
Partner User
On Premise
Consumer
Copyright ©2014 Mycroft Inc. All rights reserved
XSPECTRA OVERVIEW
• On-demand IAM service based on CA CloudMinder™ based on longest, deepest history & experience in IAM built specifically for expansion to address full spectrum of organizational risk needs
• Broadest & deepest feature set built for growing companies including:
• Federated Single Sign-On
• Automated & Self Service User Management
• Multifactor Authentication
• Centralized Holistic Provisioning & De-provisioning
• Identity Platform
• Risk Based Policy Enforcement
• Addresses customer needs quickly through automation
• Top-tier Security Operations Center in compliance with SAS 70 security standards for up to 24x7 support
• Customizations team of professional services experts in-house to quickly address specific requirements
• IAM capabilities without need for large IT infrastructure
INTRODUCING….
Low cost with subscription pricing
Enterprise-class features & functions
HYBRID SOLUTION that integrates on-premise & cloud apps
Quick deployment
Copyright ©2014 Mycroft Inc. All rights reserved
CONCEPTUAL ARCHITECTURE
Copyright ©2014 Mycroft Inc. All rights reserved
MYCROFT XSPECTRA ON-DEMAND SERVICE
Strong Authentication
QnA, OAuth, OpenID, Arcot PKI/OTP
Security Code over SMS/Email/Voice
Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up
authentication Geo-location & velocity checking Fraud case management
CA CloudMinder™ Advanced Authentication
Federated SSO Standards-based federation STS (Token Translation) Portal to launch services Integration with other services
CA CloudMinder™ Single Sign-on
User management Access request Hybrid provisioning-cloud & on-
premise Identity synchronizationCA CloudMinder™ Identity
Management
Identity ManagementExpands current market offerings through:
• Full Life Cycle Provisioning to targeted endpoint on-premise such as Active Directory, Oracle, SAP, etc.
• Multifactor & Risk-based Authentication with choice of credential formats
• Configurable policies for custom risk assessments
• Federated SSO to cloud-platforms and SaaS applications
• Self-Service capabilities such as registration, profile management, access requests, etc
• Seamless integration with on-premise, cloud or hosted environments
• All the benefits of the cloud including monthly subscription pricing, no up-front investment, reduced in-house costs & fast access
Copyright ©2014 Mycroft Inc. All rights reserved
MYCROFT XSPECTRA ON-DEMAND SERVICE
• Enhances log-in process to provide strong authentication
• Implements risk-based authentication
• Non-intrusive to the user experience
• Measure risk based on device characteristics, location & velocity
• Enhances credentials to support two-factor authentication
• Arcot ID OTP
• Arcot ID PKI
• Supports authentication attempts from PC, Mac, tablet & phones
Copyright ©2014 Mycroft Inc. All rights reserved
Advanced Authentication
MYCROFT XSPECTRA RISK-BASED AUTHENTICATION
TWO-FACTOR AUTHENTICATION WITH OTP
• Once the user is registered, one-time password (OTP) is a generated by iPhone, Android, Blackberry, and Windows clients
• The OTP is active for short while and regenerates periodically – usually under a minute – however this is configurable
• The user retrieves the OTP using their own PIN (Personal Identification Number)
Copyright ©2014 Mycroft Inc. All rights reserved
DEMO
Copyright ©2014 Mycroft Inc. All rights reserved
MULTIFACTOR AUTHENTICATION
• Strong authentication & risk evaluation help reduce fraud misuse
• Low TCO - efficient self-service capabilities, no infrastructure to deploy and no software upgrade expenses
• Compliance - Strong & risk-based authentication can help meet FFIEC, HIPAA, PCI and SOX guidelines
Strong Authentication
QnA, OAuth, OpenID, Arcot PKI/OTP Security Code over SMS/Email/Voice Device identification Risk detection & prevention Configurable rules engine Adaptive and step-up authentication Geo-location & velocity checking Fraud case management
Copyright ©2014 Mycroft Inc. All rights reserved
Mycroft Inc.
369 Lexington Ave
New York, NY 10017 212-983-2656
www.mycroftcloud.com@IAMXSpectra
Q & A
Copyright ©2014 Mycroft Inc. All rights reserved