Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Similar documents
Multi-factor authentication enrollment guide for Deloitte client or business partner user

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

From Dabbling to Doing The Age of the Intuitive Enterprise

Building and Testing an Effective Incident Response Plan

Anticipating the wider business impact of a cyber breach in the health care industry

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good

Risk-based security in practice Turning information into smart screening. October 2014

Vulnerability Management. June Risk Advisory

Global Mobile Consumer Survey, US Edition Overview of results

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Cloud Computing Overview. The Business and Technology Impact. October 2013

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

Adopting SSAE 18 for SOC 1 reports

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Are we breached? Deloitte's Cyber Threat Hunting

The Deloitte-NASCIO Cybersecurity Study Insights from

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The New Healthcare Economy is rising up

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Headline Verdana Bold

Cyber Risk and Networked Medical Devices

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Real estate predictions 2017 What changes lie ahead?

Cyber Security Incident Response Fighting Fire with Fire

Protection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

GDPR: An Opportunity to Transform Your Security Operations

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Cyber Security is it a boardroom issue?

Risk Advisory Academy Training Brochure

Achieving third-party reporting proficiency with SOC 2+

HOMEPAGE. Start here to find content via search Login, register, or subscribe. Quick links to content

Best Practices in Securing a Multicloud World

Achieving effective risk management and continuous compliance with Deloitte and SAP

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Cyber Security: Are digital doors still open?

GDPR: A QUICK OVERVIEW

CFOs in a new global environment Sandy Cockrell, Deloitte

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Preface. Operations within the EU. Serving the EU customers. Third parties operating in the EU

Yubico with Centrify for Mac - Deployment Guide

Deloitte Discovery Caribbean & Bermuda Countries Guide

Internet of Things (IoT) Securing the Connected Ecosystem

FIDO Alliance Response to the European Banking Authority (EBA)

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Cyber Espionage A proactive approach to cyber security

Go mobile. Stay in control.

The impact of digital transformation on industries

Spread your wings Professional qualifications and development at Deloitte. What impact will you make? careers.deloitte.com

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.

LEAD RETRIEVAL BY FIRA BARCELONA

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Emerging Technologies The risks they pose to your organisations

Building Resilience to Denial-of-Service Attacks

Webcast title in Verdana Regular

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

The value of visibility. Cybersecurity risk management examination

DigitalPersona Altus. Solution Guide

Deloitte Connect Frequently Asked Questions (FAQs) Deloitte users

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

Multi-factor authentication enrollment guide for Deloitte practitioners

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

ADOPTING FIDO SearchSecurity

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Mobile: Purely a Powerful Platform; Or Panacea?

AS emas emudhra Authentication Solution

Duo End User Education Templates

MITIGATE CYBER ATTACK RISK

Accelerate Your Enterprise Private Cloud Initiative

MassMEDIC s 21st Annual Conference

Dissecting NIST Digital Identity Guidelines

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

3-Part Guide to Developing a BYOD Strategy

VMware Cloud Operations Management Technology Consulting Services

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

The power management skills gap

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Data Sheet The PCI DSS

PKI is Alive and Well: The Symantec Managed PKI Service

Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte

Six steps to control the uncontrollable

Building a Resilient Security Posture for Effective Breach Prevention

Effective Cyber Incident Response in Insurance Companies

Password-less protection. Reduce your risk exposure with password alternatives

Mobile Devices prioritize User Experience

Deloitte Forensic Caribbean & Bermuda Countries Guide

Securing Your Digital Transformation

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

Transcription:

Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock

MFA Evolved Authentication Spiros Angelopoulos Principal Solutions Architect, ForgeRock Multi-factor Authentication 2

Why MFA, specifically? Who knows who I really am? The agencies want something better than username/password The citizens are expecting it (banks have spoiled them!) And technology is adjusting 2018 Verizon Data Breach Investigations Report

Evolved authentication a good answer Orchestrate factors and signals based on Context, Behavior, Risk, User Choice, Analytics Visually design smart login experiences using a simple, drag-and-drop interface Optimize login journeys and gain deeper customer insights with analytics Leverage an extensive security ecosystem that enables third party integration Deliver dynamic content personalization informed by user and device context

Some considerations Review what you are trying to protect Take a closer look at your user community especially its habits and expectations Consult with experts on what is the right MFA profile for you Understand the integration effort and its impact to other operations Match your MFA (and your policies) to the value of your assets and the risk associated with their breach/theft

Types of MFA Lots of options KBA Passphrase/pin OTP/SMS/App Behavioral Soft token (certificate) Hard token (certificate +) Biometric Combination of above

Requirements for the technology to work Ease of use, by your admins and users alike Ease of integration to all apps/environments that might need it now or the future Ease of audit so you always have visibility into operations Test, test, and when done, test again

Related concepts Sort out your directories and databases (everywhere that matters) Maximize confidence in your enrollment and suspension processes Identify what policies are implemented, when, and how Fine-tune the experience to make it usable and safe

Mobile authentication Authenticator Mobile App for ios and Android that uses push notifications to enable passwordless logins Personalize by adding your logo, or use the source code to build your own mobile app Uses SNS for secure communication to phone to eliminate man in the middle attacks Maximize support for other methods and devices: OATH, T/HOTP, SMS Swipe, Fingerprint Scan Custom

USB tokens Seek platform and deployment flexibility Match the cost of ownership/management to the user group that needs it Ensure compatibility with your business and technical targets Verify multi-layered offerings including (when necessary), eventbased access, FIDO, PIV, and even biometric functions

Cutting edge For normal users Location/time-based New-gen PKI Wearable devices Lifestyle monitoring Simple biometrics with user awareness Combinations of 2 or more For administrators Thorough biometric-based evaluations Non-invasive, stealthy mechanisms Combinations of 3 or more

An example of efficient auth management (ForgeRock authentication trees)

MFA Implementation Strategy Debi Mohanty Senior Manager, Deloitte & Touche LLP Multi-factor Authentication 14

Operational challenges with MFA multifactor authentication FAR - False Accept Rate FRR - False Reject Rate FTE - Failure to Enroll FTA - Failure to Acquire Copyright 2018 Deloitte & Touche LLP. All rights reserved. Multi-factor Authentication 15

For better MFA implementation, following are identified as four key desired outcomes Strengthened Security Smooth Integration Positive User Experience Set the Stage Reduce risk of potential compromise and/or stolen credentials Yield minimal impact to employee productivity Create a better, simple, and consistent user experience Build upon leading practices for future MFA integrations In order to achieve the desired outcomes, companies should look at integrating technical solutions with organizational change management principles to develop a holistic deployment strategy. Copyright 2018 Deloitte & Touche LLP. All rights reserved. Multi-factor Authentication 16

An effective deployment strategy allows for desired MFA outcomes For an MFA rollout, two-fold deployment strategy involves critical technical and organizational change management (OCM) components. 1 Application Readiness 2 Perform technical integration, testing and piloting for each application s MFA enablement User Readiness Focus on user awareness and adoption of MFA, starting with the IT population and migrating to the broader user base MFA Use Case Discovery Development & Integration Testing Application Pilot Change Impact / Risk Assessment Leadership Engagement Pilot Feedback Gathering Support Model Application Go-Live Hypercare Support Comms & Resource Development Awareness Campaign Go-Live Communications Copyright 2018 Deloitte & Touche LLP. All rights reserved. Multi-factor Authentication 17

Success factors that help drive MFA success The success of an MFA deployment requires meticulous planning, strategic execution, and collaborated team effort by dedicated team members. Copyright 2018 Deloitte & Touche LLP. All rights reserved. Multi-factor Authentication 18

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Copyright 2018 Deloitte Development LLP. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback