SlideShare a Scribd company logo

Secure Authentication in the Age of Remote Working

Yusuf Khan
Yusuf Khan

Full details on these slides is published on my website at below link: https://trustbeyondauth.com/2020/08/13/secure-authentication-in-age-of-remote-working-introduction-to-mfa/ This slide is to bring awareness on securing the authentication during the age of remote working due to current lockdown situations and bringing MFA in place for having more secured work place.

Technology
1 of 11
Download to read offline
Secure Authentication in the Age of Remote Working – An Awareness Yusuf Khan – Digital Identity Architect Jul 2020
No longer privilege ..but a forced alternative for business continuity
Increased risks with this sudden shift Phishing – Email Scams /SMS Scams Business continuity vs security Weak security practices/controls Attacks on remote working infra Malicious insider Home Wi-fi security – E.g. Weaker protocols WEP instead of WPA-2
According to Barracuda Networks. by over 600% since the end of February
Recent Attacks During Covid DocuSign scam - June 2020 WordPress Admin – July 2020 Fine fear UK Gov scam – Apr 2020Tesco Voucher scam – May 2020 Microsoft Office 365 spear phishing – May 2020 *Full details of above attacks : https://www.itgovernance.co.uk/blog/category/catches-of-the-month
BYOD Organization devices Organization Managed devices Secured over VPN How some organizations managing/securing remote working conditions? IT systems secured with organization issued credentials and IT security IT systems secured with organization issued credentials and IT security Level : Zero Level : Low Level : Medium NoMFA+SSOSolutioninplaceinall
In Verizon’s “2019 Data Breach Investigation Report” (DBIR), data showed that passwords caused 81% of data breaches over the past few years. Based on an article by TechRepublic, larger companies that are using SSO and MFA, the average employee needs to maintain around 25 passwords. Without MFA and SSO, employees may have to deal with as many as 85 different passwords. Verizon report on breaches without MFA and SSO
Tie them together SSO Solution (And its not new) - Provide credentials once - SSO between on premise and cloud solution - SSO to web and enterprise applications plus VDI and SaaS applications. MFA Solution (And its also not new) - Additional factor to verify identity - SMS TOTP, Authenticators, FIDO2 - Biometric verification Next step : Intelligence Adaptive MFA, Behavioral Analysis So what is MFA and SSO solution?
How to Enable MFA? • Identify systems/components • Raise awareness and communicate • Execution plan and engage IT and information security. • Identify target user phased rollout • Support enrollment and usage of MFA initial phases • Monitor and test feedback/results - KPIs • Depending on above results go for Gradual/Full rollout
Is MFA Vulnerable? • Social Engineering • Bad design and/or implementation AWARENESS IS THE KEY Answer is Yes. But risks are still less . Here are some major failure reasons
Thank You Write to me for any queries : Email : ykhan.mca@gmail.com

Recommended

The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...United Security Providers AG
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 

More Related Content

What's hot

Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsLumension
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
What is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudWhat is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudNuData Security
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentPrahlad Reddy
 
The Internet of things paradox
The Internet of things paradoxThe Internet of things paradox
The Internet of things paradoxGolden Locksmith
 

What's hot (20)

Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware Trends
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
What is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudWhat is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web Fraud
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise Assessment
 
The Internet of things paradox
The Internet of things paradoxThe Internet of things paradox
The Internet of things paradox
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT Infomagnum
 

Similar to Secure Authentication in the Age of Remote Working

"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfEnterprise Insider
 
Implementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionImplementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionAbhishek Agarwal
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication? Sinch
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Security human
Security humanSecurity human
Security humanJisc
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Gilbert Verdian
 
Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsITIO Innovex
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementJumpCloud
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Webinar 2 IT Security
Webinar 2 IT SecurityWebinar 2 IT Security
Webinar 2 IT Securitypcapicik
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamenskamensm02
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityAppsian
 

Similar to Secure Authentication in the Age of Remote Working (20)

"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
 
Implementing Phishing Resistant Solution
Implementing Phishing Resistant SolutionImplementing Phishing Resistant Solution
Implementing Phishing Resistant Solution
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Security human
Security humanSecurity human
Security human
 
APT & What we can do TODAY
APT & What we can do TODAYAPT & What we can do TODAY
APT & What we can do TODAY
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.
 
Role Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online TransactionsRole Of Two Factor Authentication In Safeguarding Online Transactions
Role Of Two Factor Authentication In Safeguarding Online Transactions
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity Management
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Webinar 2 IT Security
Webinar 2 IT SecurityWebinar 2 IT Security
Webinar 2 IT Security
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining Security
 

Recently uploaded

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 

Recently uploaded (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 

Secure Authentication in the Age of Remote Working

  • 1. Secure Authentication in the Age of Remote Working – An Awareness Yusuf Khan – Digital Identity Architect Jul 2020
  • 2. No longer privilege ..but a forced alternative for business continuity
  • 3. Increased risks with this sudden shift Phishing – Email Scams /SMS Scams Business continuity vs security Weak security practices/controls Attacks on remote working infra Malicious insider Home Wi-fi security – E.g. Weaker protocols WEP instead of WPA-2
  • 4. According to Barracuda Networks. by over 600% since the end of February
  • 5. Recent Attacks During Covid DocuSign scam - June 2020 WordPress Admin – July 2020 Fine fear UK Gov scam – Apr 2020Tesco Voucher scam – May 2020 Microsoft Office 365 spear phishing – May 2020 *Full details of above attacks : https://www.itgovernance.co.uk/blog/category/catches-of-the-month
  • 6. BYOD Organization devices Organization Managed devices Secured over VPN How some organizations managing/securing remote working conditions? IT systems secured with organization issued credentials and IT security IT systems secured with organization issued credentials and IT security Level : Zero Level : Low Level : Medium NoMFA+SSOSolutioninplaceinall
  • 7. In Verizon’s “2019 Data Breach Investigation Report” (DBIR), data showed that passwords caused 81% of data breaches over the past few years. Based on an article by TechRepublic, larger companies that are using SSO and MFA, the average employee needs to maintain around 25 passwords. Without MFA and SSO, employees may have to deal with as many as 85 different passwords. Verizon report on breaches without MFA and SSO
  • 8. Tie them together SSO Solution (And its not new) - Provide credentials once - SSO between on premise and cloud solution - SSO to web and enterprise applications plus VDI and SaaS applications. MFA Solution (And its also not new) - Additional factor to verify identity - SMS TOTP, Authenticators, FIDO2 - Biometric verification Next step : Intelligence Adaptive MFA, Behavioral Analysis So what is MFA and SSO solution?
  • 9. How to Enable MFA? • Identify systems/components • Raise awareness and communicate • Execution plan and engage IT and information security. • Identify target user phased rollout • Support enrollment and usage of MFA initial phases • Monitor and test feedback/results - KPIs • Depending on above results go for Gradual/Full rollout
  • 10. Is MFA Vulnerable? • Social Engineering • Bad design and/or implementation AWARENESS IS THE KEY Answer is Yes. But risks are still less . Here are some major failure reasons
  • 11. Thank You Write to me for any queries : Email : ykhan.mca@gmail.com