HIPAA Compliance discussion
GoToWebinar Housekeeping: attendee participation Open and hide your control panel Join audio: Choose Mic & Speakers to use VoIP Choose Telephone and dial using the information provided Submit questions and comments via the Questions panel Note: Today s presentation is being recorded and will be provided within 48 hours. Send questions via Twitter at @duosec and #duotalk
All Breaches Involve Stolen Credentials Strong two-factor authentication stops breaches February 2013
Malware and cybercrime success AV-Test Malware Samples Delaware FINCEN SARs
HIPAA isn t the biggest risk The total economic impact of medical identity theft is $30.9 billion annually, up from $28.6 billion in 2010. Ponemon Institute, Second Annual Survey on Medical Identity Theft. (2011)
HIPAA compliance isn t the easiest task Administrative Physical Technical
Barriers for two-factor success Complex User Enrollment/User management Complex Deployment and Administration Terrible End User Experience Lack of 2nd factor authentication options Expensive (Cost and Time)
Solution: two-factor authentication Something you know + something you have (are/do) Regulatory standard (PCI, HIPAA, FFIEC, CJIS, SOX) and industry best-practice, even for consumer accounts
A nightmare for users and admins Two factors: Cost & Complexity! Customers & users hate Defeated 20-year old tech Phishing email used in RSA breach:
Duo: Making Your First Line of Defense Easy Your User Your System + Duo Security Industry-Leading Security Easy to Deploy: Scale in the cloud Easy to Manage: Users enroll themselves Easy to Use: Your phone is your key
Duo s Mission We do this by... Solve the biggest problems in security today: Account Takeover and Online Fraud. Making security easy and scalable, eliminating the cost and complexity of traditional two-factor solutions Leveraging and securing mobile devices Pro-actively securing your BYOD environment... for enterprise, provider, and consumer web
Easy to Use: Your Phone is Your Key Duo verifies users after their regular login 1 2 3 Using any phone, mobile device, or standard token Duo Push Passcodes SMS Phone call Tokens
Duo s Primary Benefits Intuitive User Experience Friendly, interactive login process Flexible, convenient form factors Customizable user interface Easy Setup & Administration Administrator & developer friendly Simple, fast, self-service user enrollment Affordable, Scalable & Best TCO Mobile security and control 2012 Pay-as-you-grow, free for personal use No hardware requirements, no token overhead Industry-Leading Security Secure by design, externally audited Security is in our DNA
Easy to Deploy - 15 minute setup 1 Sign-up 2 Configure Application
Easy to Manage - users enroll themselves 1 Inline self-enrollment 2 One-click app install
Industry-Leading Security Duo Push: Public key protocol secure by design Out-of-band verification defeats Man-in-the-Middle, Man-in-the- Browser, other endpoint attacks Support for tamper-resistant mobile HSM / secure element BYOD visibility, audit, and control 99.995% availability since 2010
Outlook Web Access
Step 1: primary login
Step 1: primary login
Step 2: Duo login
Online: Duo Push
Online: Duo Push
Online: Duo Push Login Approved
Logged In
Offline: Passcodes
Offline: Passcodes
Offline: Passcodes
Offline: Passcodes
Logged In
royal victorian ear & eye hospital Business Challenge Failed IT audit: lack of two-factor authentication for remote employees Using both webmail and VPN Non tech-savvy user base primarily located in Australia Duo Solution Duo 2FA Cloud Service Citrix Access Gateway and Microsoft Outlook Web Access integrations Auth factors: primarily SMS Employee self-enrollment Results Hosted solution with Citrix and Outlook support made Duo their top pick User base is happy with the solution especially those using Duo Push Administration has been straight-forward. IT department easily handles requests for phone number changes, re-enrollment via email link, and log monitoring
Online Tech Upcoming Events July 30 - How to Achieve Maximum ROI and Patient Satisfaction via EMR Webinar Contact Online Tech Email: contactus@onlinetech.com Phone: 877.740.5028 Web: www.onlinetech.com White Papers: www.onlinetech.com/resources/white-papers
Q&A Thank you for participating in today s webinar! Try Duo Security s solution yourself with a free trial: http://duo.sc/duopricing Download Evaluation Guide for two-factor solutions: http://duo.sc/evalguide Duo Security Diane Sheldon-Ku (734) 418-8623 diane@duosecurity.com InCommon and Duo Security offer affordable campus licenses for phone-based second-factor authentication. Download our white paper: http://duo.sc/duowhitepaper Duo Security's two-factor authentication is easy to integrate and use on a wide variety of systems. They are raising the bar for login security. www.incommon.org/duo http://duo.sc/incommon Steve Weis, computer security expert and creator of the Google Authenticator online account protection.