In the past year, we’ve seen a significant shift in how we are asked to authenticate to web applications. The trend is moving from relying on simple username & passwords to wider scale use of two-factor, risk-based & multi-factor authentication (MFA), such as software tokens, one-time password (OTP), and various forms of device identification. What does it all mean & is it something your organization needs?
The simple answer is…multi-factor authentication needs to be on the radar of every organization, as passwords are no longer enough to protect users. Passwords are too easy to crack or steal & hackers are indiscriminant. From an operational perspective, organizations are losing money through high volumes of help desk tickets related to logins & password resets. Strong passwords are still just too weak of a defense in today’s business world.
Join us at 11amET on Tuesday, April 1st for an interactive webcast with our team of subject matter experts to learn more about how to turn this new requirement into a seamless feature of your current environment.
Multi-Factor Authentication - "Moving Towards the Enterprise"
1. • What is Multi-Factor Authentication
• Why MFA matters to the Enterprise?
• Introduction to XSpectra
• Demo
• Q & A
Multi-Factor Authentication - Moving Towards the Enterprise
4. CASE IN POINT…
• FEBRUARY 26, 2014: Data breach at Indiana University - 146,000 students’ SSN exposed
• FEBRUARY 23, 2014: Apple issues fix for breach which could have provided hackers a route to read
emails, instant messages, social media posts & even online bank transactions.
• DECEMBER 19, 2013: 110M personal payment information accessed due to Target breach
• JANUARY 23, 2013: Neiman Marcus announces 1.1M customer cards hacked by malicious software
• JULY 12, 2012: Yahoo confirmed 400,000+ users info compromised. (Gmail, AOL & Hotmail)
• JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party forum
• JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account
• APRIL 24, 2012: Nissian announced security breach earlier this year
• FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised
• FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked,
• JANUARY 15, 2012: Hackers access personal information from Zappos’ 24 million users
• JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France
AND ON & ON & ON….
Employees steal, people hack, identity-centric world. Secure your stuff – market opp is total fear. - Fear, need to protect, identity centric
In the past, we had a single firewall and all your employees and applications were behind it. You could run any protocols you wanted, and you had complete control. Life was good.
Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.[CLICK for animation]The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.[CLICK for animation]The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
Then, you install a VPN to deal with remote users.Along came partners and consumers who need to access your applications, both on-premise and in the cloud. There is now great complexity in managing security for the extended environment. You can no longer control the location of users, and yet you must provide convenient and secure access to your enterprise applications to them. Same with partners.The network perimeter is now gone. There is no single perimeter anymore.A new model is necessary to deal with this complexity.
So, what we’re seeing is that identity has become the new perimeter. The whole notion of “inside the network” or “outside the network” is gone. The network is everywhere, and identity is what enables us to enforce security and enhance business across the whole environment.But, how does this work? A centralized identity service becomes our central control point that determines who has access to what, and enforces that policy – on premise or in the cloud.We can determine the level of authentication that is required up front, even if it’s different than what the app requires. We can authorize which app each user can use, and audit their activity across the range of apps.When a user leaves, by disabling their central authentication credentials, you can prevent them getting access to any of their apps. So, it simplifies the process of de-provisioning accounts and access upon termination.