Next Generation Authentication

Transcription

1 Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1

2 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2

3 $ 3

4 4

5 Threat Landscape 60% OF FORTUNE 500 had addresses compromised by malware Source : RSA Security Brief, February 2011 Malware and the Enterprise 5

6 Threat Landscape 88% of Fortune 500 had BOTNET ACTIVITY associated with their networks Source : RSA Security Brief, February 2011 Malware and the Enterprise 6

7 Threat Landscape Of the 60 million variants of malware in existence today ONE-THIRD were created last year alone Source : RSA Security Brief, February

8 8

9 are the New Perimeter People 9

10 Advanced Threats 83% of organizations believe they have been the victim of an Advanced Threats 65% of organizations don t believe they have sufficient resources to prevent Advanced Threats 91% of breaches led to data compromise within days or less 79% of breaches took weeks or more to discover Source: Ponemon Institute Survey Conducted Growing Risk of Advanced Threats Source: Verizon 2011 Data Breach Investigations Report 10

11 RSA Approach GOVERNANCE Manage Business Risk, Policies and Workflows ADVANCED VISIBILITY AND ANALYTICS Collect, Retain and Analyze Internal and External Intelligence INTELLIGENT CONTROLS Rapid Response and Containment Cloud Network Mobility 11

12 Authentication 12

13 Today s Challenge: Establishing Trusted Identities Diverse User Population BYOD Cloud and Managed Service Advanced Threats 13

14 Diverse User Populations Require Choice Internal Employees, Temporary Employees, Contractors, Partners, Clients, Customers, Auditors, Remote workers Choice of credentials to meet convenience requirements External users and customers require convenient and easy to manage solutions Scalability and costs aligned with size of user population Large user populations require lower cost per user Scalability to address future authentication plans Single management platform Ability to manage choice of credentials on a single platform to minimize IT resources and maximize efficiency 14

15 BYOD Protect Access from Any Device Use of the mobile device as the authenticator Strong authentication natively integrated with 3 rd party remote access applications Authentication SDKs accessible on application development platforms for custom app development 15

16 Cloud Extend Authentication Controls Secure authentication and identity validation to cloud-based resources Seamless federation of authentication credentials to cloud applications Integrated approach to authentication and cloud-based identity management TO THE CLOUD Hosted and managed strong authentication services FROM THE CLOUD 16

17 Threats Layer Authentication Controls RISK BASED ANALYSIS Evaluate risk of activity based on device and user characteristics Compare risk to accepted policy controls CREDENTIAL MATCHED TO RISK Require user credential appropriate to risk level Allow different credentials for different use cases and users MONITORING AND REPORTING Monitor risk levels and adjust policies Report activities for compliance audits 17

18 Technologies 18

19 One-time Password (OTP) Two-factor Authentication: OTP = PIN + Tokencode PIN: Something the user knows Tokencode: Something the user has 19

20 Digital Certificates (PKI) User Key Recovery Module Device Certificate Authority Application Validation Manager 20

21 Dynamic Knowledge-based Authentication 21

22 Behavior Device Fraud Risk-based Authentication Risk Engine Policy Mgr. Authenticate Continue Web Mobile App, Browser Web Access Management SSL/VPN Feedback Out-of-band Challenge Knowledge Others Step-up Authentication Feedback Case Mgmt Feedback 22

23 RSA Mobile Authentication SDKs Software Development Kit (SDK) for mobile apps Sample application, documentation and library for embedding functionality in mobile apps Free of charge for RSA customers and RSA Secured partners Developers can choose from the following functionality SecurID OTP Module Import software tokens, generate OTP User visible or invisible OTP Adaptive Authentication Module Retrieve device identifiers and location information for risk evaluation by Adaptive Authentication Transaction Signing 23

24 Specialized Authentication Acceptance 24

25 BYOD Security Impact Summary Evolving Threat Landscape Information Explosion Diverse User Population BYOD Cloud Developments Intelligent Risk Management Authentication Control is Key Strong Authentication Choice (Direct and via SDK) One-time Passwords Digital Certificates Knowledge-based Authentication Risk-based Authentication BYOD renews focus on security management and authentication 25

26 THANK YOU 26

27