COSTS, THREATS AND ACCESS

Similar documents
DigitalPersona for Healthcare Organizations

Solution. Imagine... a New World of Authentication.

Overview. DigitalPersona Logon for Windows Data Sheet. DigitalPersona s Composite Authentication transforms

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Make security part of your client systems refresh

white paper SMS Authentication: 10 Things to Know Before You Buy

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

SIEM: Five Requirements that Solve the Bigger Business Issues

Five Reasons It s Time For Secure Single Sign-On

Demonstrating Compliance in the Financial Services Industry with Veriato

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Mobile Data Security Essentials for Your Changing, Growing Workforce

Symantec Data Center Transformation

Oracle Buys Automated Applications Controls Leader LogicalApps

Authentication and Fraud Detection Buyer s Guide

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

The Device Has Left the Building

To Audit Your IAM Program

Endpoint Protection with DigitalPersona Pro

Security Enhancements

Challenges and. Opportunities. MSPs are Facing in Security

Disk Encryption Buyers Guide

Crash course in Azure Active Directory

Are You Flirting with Risk?

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

THE ROLE OF ADVANCED AUTHENTICATION IN CYBERSECURITY FOR CREDIT UNIONS AND BANKS

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Why Implement Endpoint Encryption?

Overview. Business value

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

Single Secure Credential to Access Facilities and IT Resources

How BlackBerry 2FA and BlackBerry UEM Help This Law Enforcement Agency to Protect and Serve New York

efax Corporate for Independent Agent Offices

Community Development Commission of the County of Los Angeles

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

DigitalPersona Pro Enterprise

Are You Flirting with Risk?

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

White Paper Server. Five Reasons for Choosing SUSE Manager

Virtualizing the SAP Infrastructure through Grid Technology. WHITE PAPER March 2007

Accelerate Your Enterprise Private Cloud Initiative

ROI CASE STUDIES. Case Study Forum. Credit Union Reduces Network Congestion, Improves Productivity, and Gains More than $800,000 in Benefits with

QuickBooks Online Security White Paper July 2017

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Escaping PCI purgatory.

BUILDING the VIRtUAL enterprise

34% DOING MORE WITH LESS How Red Hat Enterprise Linux shrinks total cost of ownership (TCO) compared to Windows. I n a study measuring

Self-Serve Password Reset

Simplified. Software-Defined Storage INSIDE SSS

Maximize your move to Microsoft in the cloud

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

OVERVIEW BROCHURE GRC. When you have to be right

TEMENOS T24 Core Banking Optimized on Microsoft SQL Server Database Platform

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

Reaping the Benefits of Managed Services

The case for cloud-based data backup

Streamline IT with Secure Remote Connection and Password Management

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

SecureDoc: Making BitLocker simple, smart and secure for you. Your guide to encryption success

How Identity as a Service Makes UCaaS/SaaS Integrations More Scalable, Productive, and Secure

Six Ways to Protect your Business in a Mobile World

What is ISO ISMS? Business Beam

HP Security Solutions for business PCs. Comprehensive protection measures so you can work smarter and with greater confidence.

5 Reasons for IT to Get Physical with Access Control

DigitalPersona Altus. Solution Guide

Compliance in 5 Steps

Tracking and Reporting

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Symantec Document Retention and Discovery

Code42 Defines its Critical Capabilities Methodology

Mobile Device policy Frequently Asked Questions April 2016

PSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK

Why is Office 365 the right choice?

VMware Enterprise Desktop Virtualization. Robin Crewe Senior Director, Virtual Desktop Infrastructure (VDI)

The security challenge in a mobile world

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

White Paper. How to Write an MSSP RFP

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

Data Sheet The PCI DSS

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Defender 5: The Right Way to Prove, Identify and Establish Trust

Increase user productivity and security by integrating identity management and enterprise single sign-on solutions.

Keys to a more secure data environment

Top 5 Reasons. The Business Case for Bomgar Remote Support

IT Consulting and Implementation Services

SDN meets the real world part two: SDN rewrites the WAN manual

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Integrated Access Management Solutions. Access Televentures

Get your business Skype d up. Lessons learned from Skype for Business adoption

Transcription:

w h i t e pa p e r COSTS, THREATS AND ACCESS The Balancing Act for Credit Unions

The Balancing Act: Costs, Threats and Access For credit unions, security is a never-ending balancing act. Today, the desktop computers and mobile devices of employees serve as both repositories of sensitive business and member data, and as access points to applications and corporate networks. Comprehensive security must not only protect information, but also safely enable access to it from any device at any time. Gartner finds that 30% of helpdesk calls are associated with passwords. Data protection and secure access require comprehensive security based on strong authentication. But password-based and PIN authentication can be problematic. Employees forget passwords and PINs and call the Helpdesk for assistance, or write them down and leave them in unsecured locations. According to estimates from Gartner, password-related Helpdesk calls such as password resets cost an average of $17 per call. Gartner also found that 30% of a Helpdesk s overall call volume is usually associated with passwords. 1 Credit unions typically have numerous applications deployed, each of which requires different login credentials and the enforcement of password change policies. This makes the headaches and costs of dealing with forgotten passwords even more onerous. To improve user authentication, many credit unions seek to strengthen their password policies. They tell employees to use longer and more complex passwords, change them more frequently, or use different passwords for each business application. But instead of strengthening security, such tactics often weaken it. Market data shows that users inevitably: Write down passwords on Post-it notes Use the same password for many applications Share passwords with colleagues 2 The High Stakes of Security When it comes to security, the stakes are high for credit unions of all sizes. Legislation such as the Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLBA) compel companies to guard the data and personally identifiable information of consumers. Adding to the burden, the number of data breach notification laws continues to grow. Security lapses result in government fines and penalties, and more costs. A recent Data Breach Incident report published by Verizon states an average cost of a data breach is $5.2 million. 3 It s more imperative than ever for credit unions to build an impenetrable security infrastructure with strong authentication. But with this must come fast access to information that enables advisors to deliver prompt, competent member service. Credit unions spend a lot of time and money trying to achieve these dual, sometimes conflicting, objectives. 2 The Balancing Act for Credit Unions

Managing Disparate Security Systems is Costly A variety of solutions are often used by credit unions to strengthen authentication, security and compliance. The common practice of patching together numerous security systems creates challenges such as additional expenses and unnecessary complexity for IT staff and users. A comprehensive security strategy that includes different products for Windows logon, password resets, two-factor authentication for VPN and Single Sign-On for enterprise applications can cost a fortune to purchase and manage. It also often results in redundancies in tasks, cumbersome protocols and excessive time management burdens, all of which mean inefficiencies. Moreover, complexity for users translates into slower access to the key information that advisors need to provide strong member service. Bogging Down in a Virtual Headlock Affinity Plus Federal Credit Union received an average of 800 calls per month for password resets, costing $13,600 in help desk calls. Affinity Plus Federal Credit Union was grappling with these common issues. Based in St. Paul, Minnesota, the not-for-profit cooperative s 400 employees serve over 140,000 members at 28 locations throughout the state. The credit union provides a range of financial services to employee groups, as well as students and alumni of state colleges. With assets of over $1.3 billion, Affinity Plus is one of the largest credit unions in Minnesota and the Upper Midwest. For Affinity Plus, delivering stellar service to its members is more than a source of pride; it s a competitive differentiator. Anything that slows down the ability of its advisors to serve members quickly is a problem. As a not-for-profit owned by its members, it is also particularly mindful of costs. The company s authentication protocols were handicapping its member advisors. Like many organizations, Affinity Plus used a password-based authentication system. With more than 25 applications requiring separate logins for access, each with passwords that have different expiration cycles, requests from member advisors for password resets were generating an average of 800 calls per month to the firm s Helpdesk. This was driving up costs and adversely affecting service. Based on Gartner s estimates of $17 per call, that s an estimated $13,600 per month in Helpdesk calls alone. 4 Affinity Plus password-based authentication system was undercutting the ability of its member advisors to quickly and efficiently assist members. Seeking a Solution to Password Gridlock To increase the speed and productivity of its member advisors, Affinity Plus explored comprehensive security solutions that were not solely dependent on password authentication. It sought a system that is flexible, scalable, centrally managed and would require no modifications to its existing applications or infrastructure. We had to resolve the virtual headlock of passwords, states Cary Tonne, Vice President of Information Technology for Affinity Plus Federal Credit Union. Most importantly, the solution had to enhance our ability to provide our members with an extraordinary experience. Ease of deployment, low administration demands and fast response times were also critical. 3 The Balancing Act for Credit Unions

Biometrics and Crossmatch Affinity Plus focused on biometrics. It recognized that biometrics could speed logons for its member advisors, heighten security and reduce the cost and time it was losing from password-based authentication. Biometrics fit in our environment and offered us room to grow, says Tonne. The advantages of biometrics include: Fingerprints can t be lost, forgotten or easily stolen Ease of use and intuitiveness for advisors Irrefutability; links users to their actions Fast Cost effective Proven technology Industry data supports Affinity Plus conclusion. In a survey of best-in-class companies, Aberdeen Group found that the 52% with strong authentication not only reduced the number of security breaches, but also lowered human errors related to security by 80%. 5 Preventing just a handful of security incidents can easily add up to millions of dollars in savings per year. After examining various biometric solutions and numerous fingerprint readers on the market, Affinity Plus selected the Crossmatch DigitalPersona solution. DigitalPersona is a leading centrally-managed suite of security solutions that protect data and control access to PCs and applications. From biometrics to tokens and cards, DigitalPersona makes strong authentication simple and affordable for PC logon, enterprise application Single Sign-On and VPN access. It also supports fast user switching on shared PCs using a common Windows account. This powerful, flexible solution helps credit unions improve security, achieve compliance, boost user efficiency, reduce help desk calls and lower IT costs. DigitalPersona employs a unique, integrated approach that enables the deployment and management of multiple security applications from one single console. It consists of: Management options Security applications Authentication methods Once an application is enabled with DigitalPersona s Single Sign-On module, IT Managers can replace standard, password-based logons with their preferred authentication policy. When users try to log on to managed applications, they are prompted to authenticate based on the policy chosen by the administrator. IT Managers can choose from a broad range of policies, ranging from no authentication (i.e., Single Sign-On) to multi-credential authentication with methods such as biometrics, proximity cards, smart cards and even Bluetooth phones. DigitalPersona s audit and reporting functionality monitors users activity by providing evidence of who logged on to a given application, when, and using which authentication methods. 4 The Balancing Act for Credit Unions

DigitalPersona s efficient management of multiple security and authentication applications, combined with a low Total Cost of Ownership, helps organizations increase security and compliance while achieving a high Return on Investment. The solution delivers savings of up to 54% over comparable systems. Based on industry data, an organization with 1,000 seats may be able to achieve cost savings of $340,000 by using DigitalPersona. These estimates do not take into account any monetary reduction from less vulnerability to a security breach, which could easily add up to millions of dollars. The Crossmatch DigitalPersona solution delivers savings of up to 54% over comparable solutions. The Evaluation Plan: 3 Ring Proof-of-Concept The IT team at Affinity Plus established a strategy for testing the Crossmatch DigitalPersona solution. Measuring the impact on each of the following key stakeholders was paramount in its evaluation: Members Member Advisors IT Staff IT Environment Internal champions were identified within the company to pilot the solution. The groups selected were considered the super users of applications. They included employees that work only with data (finance, the group suffering the most from the problems associated with password-based authentication); those that work with members (member advisors); and the IT staff that would be responsible for managing the solution. Why Affinity Plus Chose DigitalPersona The trial of DigitalPersona impressed Affinity Plus. It s scalable, easy to configure and provides authentication across shared workstations, which is very beneficial for our member advisors and roving workers, sums up Tonne. It also doesn t require changes to applications and snaps right into Active Directory, so it s familiar to our IT staff and really easy to configure. Once a new security policy is configured with DigitalPersona, it is automatically distributed according to the standard Active Directory replication cycle. The ability to centrally manage the solution from the cloud, and its scalability and flexibility, were other key selling points. 5 The Balancing Act for Credit Unions

Crossmatch Solution the Right Fit for Credit Unions The Crossmatch biometrics-based solution makes sense for credit unions. It heightens security while simplifying numerous everyday tasks. SECURE FINANCIAL TRANSACTIONS AND PAYMENT DATA Access to computers can be securely controlled Member advisers safely and quickly log on to applications with Single Sign-On Institutions secure cash transactions and communications with two-factor authentication using fingerprints, smart cards, digital signature or other methods. Detailed event logs track who did what, when PROCESSING PAYMENTS IN THE BACK OFFICE Whenever the back office handles transactions involving member data and funds, the Crossmatch solution can add strong authentication to PC s or applications for improved user accountability and security. ACCESSING MEMBERS DATA AT THE LOCAL BRANCH With DigitalPersona, logging on to any workstation or application is seamless and more secure with strong authentication and Single Sign-On. WORKING REMOTELY DigitalPersona protects access to company networks for users with laptops. Employees can securely log on to the network using a VPN with the security of two-factor RADIUS authentication but without the pain and hassles of using tokens. ADDING A NEW EMPLOYEE TO THE STAFF When new employees are hired, their registered fingerprints or smart card credentials are automatically provisioned throughout the environment so they can access their accounts, applications or virtual desktops from any computer without re-registering or calling the Helpdesk. Each pilot user group at Affinity Plus provided positive feedback on their experience using DigitalPersona, confirming that the Crossmatch biometric solution solved their password issues. Convinced that the Crossmatch solution could relieve the strain on its Helpdesk and improve the speed and productivity of its member advisors, Affinity Plus purchased and began to install DigitalPersona. 6 The Balancing Act for Credit Unions

Affinity Plus Best Practices for Deployment To ensure a smooth deployment Affinity Plus crafted a detailed plan. It would install DigitalPersona in its IT department and operations, and then in Financial Accounting because this department used so many applications and required the most logons. Building up internal interest and excitement played a key role in creating a positive environment for employees to embrace the change. To create an optimal environment for the implementation we deployed it for key branch staff first to create evangelists and discussed its benefits with them at all employee meetings and department/branch meetings to keep interest levels high throughout the rollout, explains Tonne. After this first phase, the DigitalPersona solution was rolled out seamlessly to all Affinity Plus locations and staff. From Password Logjam to Savings and Efficiency Affinity Plus quickly began to reap the benefits of deploying the Crossmatch DigitalPersona solution. Everyone liked the move to biometrics, says Tonne. It actually became a conversation topic between our members and member advisors. Fewer helpdesk calls save Affinity Plus Federal Credit Union at least $90,000 in annual IT costs. Affinity Plus member advisors use biometrics to authenticate their initial logon into the company s system. To access second-tier applications, some use biometrics while others still use methods such as PIN and/or passwords. The Crossmatch solution essentially eliminated helpdesk calls related to initial logins to our system because our member advisors no longer have a password to forget, says Tonne. But some of our employees still use passwords and other means to access the next tier of applications, so our helpdesk continues to field some calls for password resets. Affinity Plus focuses on providing exceptional member service, says Tonne. The Crossmatch DigitalPersona solution allows us to accomplish this. As a result of deploying the Crossmatch biometrics-based solution, Affinity Plus realized the following benefits: Net gain of 1,000 hours of member advisor time per year Advisors can better assist members because they no longer waste time on login issues All employees can easily use their fingerprint to get into applications, even ones they don t use often IT is no longer inundated by password reset calls Fewer helpdesk calls save at least $90,000 in annual IT costs ROI was achieved in months as helpdesk and compliance costs dropped Easier to prepare for quarterly compliance audits and exceed requirements Fewer user calls freed up two full-time helpdesk employees to work on other projects Able to more easily introduce new applications to the company s IT environment 7 The Balancing Act for Credit Unions

Bonus: Unexpected Benefits Affinity Plus originally sought to use the Crossmatch DigitalPersona solution to eliminate password authentications and facilitate the productivity of its member advisors. While it achieved this, it also realized contributions in other ways. DigitalPersona allows a company to mandate the use of only biometrics for authentication, or the latitude to indicate when it wants to use biometrics and when additional vehicles for strong authentication can be employed, Tonne explains. Either way it s used, DigitalPersona is a great, flexible system that financial institutions can use to reduce or eliminate help desk calls, if they so choose. In addition to deftly and seamlessly handling authentication, DigitalPersona enhances security, strengthens regulatory compliance and also gives our member advisors the freedom to easily bounce between systems to access the applications they need, says Tonne. The credit union is so pleased with the results that it is now examining other ways to incorporate biometrics into its business strategy. Lessons Learned Through its experience implementing the Crossmatch DigitalPersona solution, Affinity Plus learned several valuable lessons to impart to other credit unions considering incorporating biometrics into their business. These include: 1. Provide a solid foundation for success by developing a strong, comprehensive project plan. 2. Delineate where, which departments, and with whom to start your roll out. 3. Strategize how biometrics aligns with each of your current business strategies. 4. Determine how to capitalize on the opportunities adopting biometrics will create. 5. Identify evangelists within teams, branches, departments and management, and opportunities to set the right tone, generate excitement and awareness and educate your staff on biometrics. Pressure on credit unions to protect the data of members continues unabated. Meanwhile, improving member service, lowering IT costs and giving employees unimpeded access to information and applications remains critical. As the success of Affinity Plus Federal Credit Union illustrates, a comprehensive security solution featuring strong, but flexible, authentication options greatly facilitates achieving these objectives. In fact, Aberdeen Group reports that best-in-class organizations that adopt strong authentication methods are 31% more likely to use comprehensive solutions that provide an infrastructure capable of dealing with multiple applications and credentials. 6 For credit unions seeking to enable secure access to applications and information, increase productivity, lower compliance costs, and reduce the administrative burdens and rigidity of password-only based authentication, it s time to incorporate biometrics into your business strategy. 8 The Balancing Act for Credit Unions

About Crossmatch TO LEARN MORE For more information, visit www.crossmatch.com or contact us at: In North America, call: +1 561 622 1650 In EMEA, call: +44 1189 654001 In Asia, call: +886 2 2735 5586 Crossmatch helps organizations solve their identity management challenges through biometrics. Our enrollment and authentication solutions are trusted to create, validate and manage identities for a wide range of government, law enforcement, financial institution, retail and commercial applications. Our solutions are designed using proven biometric technologies, flexible enrollment and strong multi-factor authentication software, and deep industry expertise. We offer an experienced professional services capability to assess, design, implement and optimize our identity management solutions for a customer s individual challenges. Our products and solutions are utilized by over 200 million people in more than 80 countries. Learn more at www.crossmatch.com REFERENCES 1. Toolkit: Evaluating Enterprise Options for Managing Passwords, Gartner, November 2006 2. Toolkit: Evaluating Enterprise Options for Managing Passwords, Gartner, November 2006 3. Verizon 2015 Data Breach Investigation Report 4. Toolkit: Evaluating Enterprise Options for Managing Passwords, Gartner, November 2006 5. Full Disk Encryption on the Rise. Aberdeen Group, 2009 6. Strong User Authentication: Best-in-Class Performance at Assuring Identities. Aberdeen Group. 2008 DISCLAIMER THE INFORMATION IN THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS DOCUMENT ARE BELIEVED TO BE ACCURATE BUT CROSSMATCH MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION. CROSSMATCH SPECIFICALLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS OR COMPLIANCE WITH ANY NATIONAL, STATE OR LOCAL LEGAL OR REGULATORY REQUIREMENTS OF ANY KIND. Crossmatch 3950 RCA Boulevard, Suite 5001 Palm Beach Gardens, FL 33410 USA Tel: +1 561.622.1650 Fax: +1 561.622.9938 www.crossmatch.com Copyright 2015-16 Crossmatch. All rights reserved. Specifications are subject to change without prior notice. The Crossmatch logo and Crossmatch are trademarks or registered trademarks of Cross Match Technologies, Inc. in the United States and other countries. DigitalPersona is a trademark or registered trademark of DigitalPersona, Inc., which is owned by the parent company of Cross Match Technologies, Inc. All other brand and product names are trademarks or registered trademarks of their respective owners. 20160218

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback