3. Who? Kevin Miller Founder / Director Consultant
#mfa_uncovered
4. Agenda Why do we need authentication? A brief history of
authentication What is Multi-factor (MFA) authentication? Common
authentication risks MFA Challenges MFA in the cloud or on premise
Whats next Compliance and Reporting MFA Conclusion Q&A
#mfa_uncovered
5. Why do we need authentication? #mfa_uncovered
6. Brief Authentication History 6 The Compatible Time-Sharing
System (CTSS) Worlds first computing password Fernando Corbato
Photo: MIT Museum #mfa_uncovered
7. Brief Authentication History 7 #mfa_uncovered 1996 Secure
Dynamics acquired RSA Data Security & RSA SecurID firmly
established as Global Leader 1986 the first SecurID 2fa card sold!
Allan Scherr - credited with the earliest documented case of
password theft in 1962 On March 17, 2011, RSA's SecurID
compromised!
8. What is Multi-factor authentication? #mfa_uncovered
9. Common authentication risks #mfa_uncovered 9 One password to
rule them all: Malicious Software Man in the browser attack Man in
the middle attack Account recovery
10. MFA Challenges 10 Business challenges: - The business may
think that because theres never been a security breach, theres no
need for it. Cost? - User acceptance, overcoming resistance Cost? -
Supporting processes already in place, are new ones required? Cost?
- Initial increased support calls Cost? - commitment to ongoing
maintenance & training Cost? #mfa_uncovered
11. MFA Challenges 11 Technical challenges to consider -
Hardware and software requirements - Implementation, training and
maintenance POC, staff, configuration and acceptance testing, -
Requires knowledge of systems being protected OWA, Citrix
Storefront, Vmware, RDP, websites etc. - Scalability, high
availability and disaster recovery - Post administration, device
and user management - Reporting #mfa_uncovered
12. MFA in the cloud or on premise 12 #mfa_uncovered
13. What's next? Windows 10 13 Windows 10 new features: Windows
Hello - Face recognition - Requires camera such as Intel RealSense
3D Camera (F200) Windows Passport - helps securely authenticate to
applications, websites and networks on your behalf, no password
sent #mfa_uncovered
14. What's next? iOS 9 & OS X 10.11 14 Apple is introducing
a revamped two-factor authentication system #mfa_uncovered
15. Compliance & Reporting 15 MFA - part of the solution
when applications have regulatory requirements such as: NIST 800-63
Level 3, HIPAA, PCI DSS Is it monitored? Is there alerting? Logs
kept and for how long? Systems policies enforced?
#mfa_uncovered
16. Shameless plug! 16 #mfa_uncovered
17. MFA Conclusion 17 Understand your business Your data -
Secure data at its source (database), file server & email Entry
points - The weakest link is the Achilles heel Using integral or
cloud solution, decide level of responsibility. - Consider risks,
reputation, costs and compliance. #mfa_uncovered 260b+ Globally
lost (annually) to cybercrime of which the UK accounts for
10%!
18. Another shameless plug! 18 #mfa_uncovered
19. Questions? Thank you! #mfa_uncovered Ronnie Isherwood Kevin
Miller @virtualfat @millzee69