User Authentication for Software-as-a-Service (SaaS) Applications White Paper
|
|
- Harry Bryant
- 8 years ago
- Views:
Transcription
1 User Authentication for Software-as-a-Service (SaaS) Applications White Paper User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 1 of 16
2 DISCLAIMER Disclaimer of Warranties and Limitations of Liabilities The product is provided on an 'as is' basis, without any other warranties, or conditions, express or implied, including but not limited to warranties of merchantable quality, merchantability of fitness for a particular purpose, or those arising by law, statute, usage of trade or course of dealing. The entire risk as to the results and performance of the product is assumed by you. Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect, incidental, special or consequential damages whatsoever, including but not limited to loss of revenue or profit, lost or damaged data of other commercial or economic loss, even if we have been advised of the possibility of such damages or they are foreseeable; or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers and suppliers shall not exceed the amount paid by you for the Product. The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term, or a fundamental breach. Some states/countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you. Copyright No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security Inc. Trademarks DIGIPASS & VACMAN are registered trademarks of VASCO Data Security. All other trademarks or trade names are the property of their respective owners. VASCO reserves the right to make changes to specifications at any time and without notice. The information furnished by VASCO in this document is believed to be accurate and reliable. However, VASCO may not be held liable for its use, nor for infringement of patents or other rights of third parties resulting from its use. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 2 of 16
3 CONTENTS 1. Overview Objective Intended Audience The Market How did we get here? Customer Authentication: Security Background Market factors Attacks and Defenses VASCO Delivery Platforms (Channel) Solutions Conclusion User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 3 of 16
4 1. OVERVIEW 1.1 OBJECTIVE The objective of this white paper is to help educate the reader on the critical components in which authentication solutions are applied within Business to Business (B2B) applications. B2B applications, or more commonly referred to as Software-as-a-Service (SaaS) providers, are one of the fastest growing markets in which authentication is being deployed. The authentication for SaaS applications and its users contain a number of aspects that are unique and worth discussing from both a security and business perspective. 1.2 INTENDED AUDIENCE This paper is written for decision makers who use a SaaS application or are responsible for building and supporting a SaaS application. The ideal reader is looking to better understand how authentication and security will affect his/her users experience. 1.3 THE MARKET Today s SaaS providers encompass a complete spectrum of applications including: Real estate Pharmaceuticals Legal & intellectual property Engineering CRM & ERP e-learning & education Healthcare Enterprise Content Management User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 4 of 16
5 In addition, the authentication of hosted systems is not singularly limited to providers of the application itself. Certainly, this is a critical component to address, but the market can be broken into three key segments: SaaS Providers SaaS providers are organizations who provide an application or service over an online channel. SaaS providers are focused on insuring that their application, data, and functions they provide to their customers, are safe and secure. SaaS users SaaS users are customers of outsourced software who access critical applications and data over an online channel. SaaS users must be confident that the provider s critical applications and data they access are safe. Operational Portals Operational portals are web applications that are built by an organization to provide access to internal systems or processes to external users. Operational portals must insure that the applications, data, and functions they provide are secure and the users who access their systems are properly authenticated. Each segment represents unique challenges and opportunities. A particular challenge that has emerged over the last few years is that of deploying effective and efficient security. One aspect of security that has become critical to the success of online applications is that of authentication. Authentication can be best defined as The process of determining whether someone [or something] is, in fact, who [or what] it is declared to be. Essentially, we must insure the person who is accessing our application is who they say they are! In the physical world, this is quite easy to do. We can validate a passport or a driver s license and once a person has been authenticated - we can usually recognize them quite easily in the future. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 5 of 16
6 However, when dealing in the online world, it is not so easy to establish this connection. Providers and vendors have both come up with a number of different methods and techniques to perform a virtual authentication. Most readers will recognize some or all of the various types of authentication which can be broken down into three areas: 1) Single-factor authentication: Commonly known as username and password, Single-factor authentication includes something you know which is an ID and/or password). Single factor authentication is ideal for low risk applications where cost is a major factor and the security of compromised passwords is not a high priority. 2) Two-factor authentication: Two-factor authentication includes something you know (a password) and something you have (phone, token, card). Two-factor authentication is ideal to secure applications where the total cost of ownership (TCO) is the primary cost factor and the info users are accessing is of a sensitive nature. This can include personal information, patent information, health records etc. 3) Three-factor authentication: Three factors of authentication include something you know (a password), something you have, and something you are (biometric). Three-factor authentication is ideal to secure physical access to sensitive locations or the most sensitive information. Cost is a small concern. Any application that is accessed over a remote channel will require some form of user authentication. In this short paper, we will attempt to align the business drivers in making the decision to determine the role authentication will have on the security of these users. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 6 of 16
7 1.4 HOW DID WE GET HERE? There have been a number of converging factors that have driven the need for stronger authentication within SaaS applications. Many of these factors have happened over the past few years and continue to evolve today. Such variables include an increase in regulation, the advancement of more decentralized computing (i.e. Cloud computing), and the emergence of mobile devices and platforms. In addition, companies who provide online applications are driven to provide systems and applications that are more robust and available from any place and at any time to satisfy today s demanding users. These combined factors have opened new opportunities and new risks. In fact, we can look over the past few years and the stages that have led to today, to help determine the role authentication will have in the future: 1. The financial market successfully extends applications to the Internet. e-banking for both commercial and retail customers improves efficiency and convenience to both users and the bank and today s consumers and businesses are now dependant on ebanking. ebanking becomes the first customer interfacing application to reach widespread adoption. 2. Remote employee access becomes generally accepted. The mobile workforce is introduced and employees gain access to applications, databases, and sensitive information over virtual private networks (VPN) and web applications. The authenticity of the user becomes suspect and two-factor authentication is introduced to secure access to systems and networks. 3. Organizations move to more decentralized operations and a virtual working model. Off shore development, home offices, and international operations all combine to drive more distributed computing, applications, and access from anywhere and at any time. SaaS is introduced to reduce capital expenditures, improve productivity, and work effectively in a mobile world. 4. An increase in regulatory focus for fraud and security impacts financial institutions and businesses. Secure access and protection of sensitive information becomes a requirement. Mandates under FFIEC, PCI, HIPAA, SOX, and others, drive decision makers to secure sensitive information and user access. 5. Fraud and evolving attacks begin to undermine the trust in the system. The combination of the (a) inherent insecurity of the Internet and remote access; (b) the proliferation of the [cheap] PC, and (c) broadband access give online fraud a platform to attack users. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 7 of 16
8 6. High Tech and Low Tech attacks evolve into an industry. Phishing attacks become common. Viruses, Trojans, and key loggers increase and education is ineffective to combat these attacks. Today s decision makers must now weigh security, regulation, and the need to extend applications and improve functionality as they plan for the future. And for organizations that provide a customer interfacing application, the authentication and security of their users becomes critical to the short and long term viability of the organization. The remainder of this paper will illustrate the basic philosophy of securing customers, the fraud attacks and defenses used to combat them, and the different client platforms and channels which are used to gain secure access. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 8 of 16
9 2. CUSTOMER AUTHENTICATION: SECURITY BACKGROUND First, it is best understood that securing customers is very different from securing internal employees. Whereas internal employees are a captive and controlled audience that can be forced and/or required to use a specific security mechanism, customers are fickle and have the right to choose which services or products they use. Therefore, adding security to any service will have an impact on the customer. This is a fact that must always be considered when choosing, educating, and deploying a security solution to end-users. VASCO is a security company first - focused on authentication but will have to strike a balance between security and user acceptance. To use a simple analogy, VASCO believes that using strong locks properly is critical to the success of the application. As an authentication provider, VASCO simply harnesses and listens to market information to build solutions to secure tomorrows users. In doing so, VASCO has built products under a family concept which means all solutions (past, present, and future), methods (passive or active security), and platforms are interoperable with one another to insure the constant balance of cost, security, and user acceptance is met. 2.2 MARKET FACTORS With fraud on the rise worldwide and with the natural progression to offer more goods and services online security will become even more important in the future. Either decision makers and/or application owners will improve the level of security for their users or the applications they provide, will be limited. Essentially, it can be concluded that something will need to give. Trends and technology come and go but in the end, a company will need to secure users of its services properly or it risks losing customers. To do so, authentication must be looked at as a philosophy and not as a product. It is not for one entity to say this is good authentication and this is poor. In fact, it is up to the decision maker that best understands his/her customer base to determine the level of authentication required today what they expect the level of authentication to look like a year from now and where they expect it to go in the future. Only with an understanding of this long view, can VASCO truly offer [good] advice on how a user should be secured. The long view must answer the following questions: 1. Who are the company s customers today what are they able to access what is the risk? 2. What services are planned to offer to them tomorrow? User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 9 of 16
10 3. What are the risks? From fraud? Disgruntled employees? 4. Will regulation impact the company or the application? 5. Can the company implement a solution today that will help protect the user tomorrow? 6. How are the users educated today? How will this happen tomorrow? The authentication we choose to implement from these answers is then based on a compromise between three points of a triangle (1) the level of security (2) total cost of ownership (TCO) and (3) user acceptance. As way of example, static passwords have a low TCO and high user acceptance, but they have very low security. Biometric devices have very high security but they are expensive and may have severe user acceptance issues. Hardware authenticators (tokens) have high security, but there is an expense associated with their implementation. As a company looks to make decisions that impact its customers, it must take both the triangle and the long view into consideration. In fact, the decision a bank makes and the product the bank implements is not the end solution it is merely another step. 2.3 ATTACKS AND DEFENSES The use of username and password schemes to authenticate users has become increasingly risky. Although many SaaS and web applications utilize standard username and password schemes, these schemes are based on static information and are insecure by nature. Username and passwords are easy to guess, crack, hack, and steal. Often, passwords are reusable over other applications and over a long period of time. Dynamic information is much more secure than static information. Dynamic information is much more difficult to hack or steal and if stolen, it is only good for a period of time. Dynamic information drastically reduces the risk of someone gaining access to information that they are not allowed to access. The combination of dynamic information with a physical device further increases the level of security as a fraudster must have the physical device and know a password to gain access. This is the fundamental premise behind strong, two- factor authentication. Something you know (password) + something you have (device) + dynamic information = strong authentication. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 10 of 16
11 The fraud market has begun to shift over the past year and the threats of attacks have shifted from simple password/social attacks based on phishing and pharming - to actual account theft from various social, technical, and low tech fraud. Password attacks can be fairly simple to defend against and by deploying dynamic passwords, educating customers, and verifying the host application, we can do a good job in mitigating our risks. Dynamic passwords or one-time passwords are a fantastic defense against phishing, pharming, and Trojan Horses. Validation of the use of one-time passwords can be seen with phishing attacks on Salesforce.com users and their recommendation to use one-time password technologies. For SaaS organizations that are looking to promote access and/or transfer of information, transaction thefts, or man-in-the-middle-attacks (MITM), have added an element of sophistication onto the fraudster s attack. It is no longer acceptable to insure that only the user and the site he accesses is protected SaaS organizations must now begin to look in how to secure any transaction or transfer of information. Providing and verifying the signature of a transaction becomes more important today but the approach that you take is even more important when considering the long view as cited earlier. In fact, today we are still dealing with social attacks (phishing, pharming) and derivatives of these attacks User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 11 of 16
12 (real-time phishing). When discussing MITM attacks, we are essentially talking about tomorrow s issue. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 12 of 16
13 This further illustrates the point that what is decided today, has a big impact on tomorrow. VASCO s solution for MITM is to combine two-factor authentication with an electronic signature (esignature). Essentially, an electronic signature takes pieces of information specific to the transaction (e.g. account information from both parties and the dollar amount) and generates a unique value based on these factors. This value is used to validate the transaction. If a third party changes the information (e.g. changes the account information) the unique value will not match and the fraudulent transaction can be avoided. The act of generating and verifying an esignature can be as active or passive as the user requires and can used within pharmaceutical, legal, educational, and business applications that transfer and update information over an online channel. As a conclusion, VASCO provides a complete portfolio of channels to deliver dynamic passwords used to replace static passwords. This is typically done when users need to access sensitive information through a remote channel like a phone or web application. VASCO also secures transactions by taking multiple fields of a transaction and creating a unique signature on the transaction. The verification of this signature insures the transaction is not compromised. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 13 of 16
14 3. VASCO DELIVERY PLATFORMS (CHANNEL) VASCO s defenses against the various attacks can be delivered in a variety of different ways. Certainly, the majority of VASCO s customers implement authentication devices to protect their users, but this should not be confused with a limitation. In fact, VASCO s dynamic password, host authentication, and e-signature functionality can all be delivered over almost any platform that is required by a customer. Customers have deployed this technology using faxes, Blackberry, telephone, VRU, mobile phones, SMS, smart cards, software, hardware, etc. There are over 50 different channels that VASCO supports and more are added every day. There are over seven versions of software solutions and several solutions for blind and visually impaired users. When VASCO discusses authentication with clients the delivery platform or channel should be the last piece to consider. Only after understanding the philosophy, the attacks, and defenses, you wish to use, should the mechanism used to implement your approach be discussed. The delivery platform used will have an impact on the security triangle - but it does not necessarily impact the long view. This point is the most crucial as the delivery platform for today is chosen. If the factors as written earlier can be accepted, the discussions on the strengths and weaknesses of the platform you are looking to select can be done with a clearer conscience. This is the point that is most commonly misunderstood. The platform that is delivered is the easy part understanding why a particular platform is chosen, is difficult. A complete list of different platforms can be accessed at SOLUTIONS There are a number of passive and active actions that can be implemented to defend and protect users from online fraud. Many stand up to the rigors of outside regulations and internal policies but the most proven solution in the market has been in use for over a decade and still continues to evolve today. Time-based one-time passwords and electronic signatures have proven to strike the balance between security, user acceptance, and cost more than any other solution. Time-based one-time passwords (OTP), are dynamic passwords that change consistently - making them very difficult to hack or steal. OTP s use three things in order to calculate a secure password: Time A unique secret User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 14 of 16
15 A secure algorithm When a user wishes to initiate an authentication, he will access his dynamic password via the channel provided. As discussed earlier, the channel can be a mobile device, hardware token, software, or other form factor. The user simply provides a password to access the secure DIGIPASS credential and the device will generate a unique one-time password based on the current time and unique secret of the owner. The password is only good for a specific period of time which makes it far more difficult to hack. Moreover, because the user is required to know a password and have a DIGIPASS, the security is based on twofactors of authentication. As an additional layer of security, electronic signatures can be used to sign a transaction. E- signature is a method used to insure a transaction is not altered or changed without the user s acknowledgement. E-signatures can be used to augment the one-time password to provide a secure solution to combat against phishing, Trojans, and man-in-the-middle attacks. It is based on the same fundamentals as one-time passwords and will use various pieces of information specific to the transaction in order to sign the transaction. This can include specific fields critical to the transfer of information (medical information, personal data, product ID numbers, etc.) If any information is altered during the transition, the client signature will not match the server signature and the transaction will be invalid. First, the user is authenticated using a DIGIPASS credential and dynamic password insuring that someone hasn t compromised the account. Secondly, the user can authenticate the transaction insuring someone hasn t hijacked the session and altered the transaction. Finally, the complete solution is supported by one back-end system. There is no need to purchase separate server solutions to support various users or channels deployed to the client. Integrating client authentication from one scalable back-end infrastructure provides ample security for today s applications and allows for tomorrow s emerging markets and customers. VASCO s approach to build all systems under this family concept has been proven and can be linked to different generations of applications and users. Customers that have started with a simple hardware authenticator (token) can move to a mobile credential or PKI certificate in the future with limited impact on the back-end system. This fact reduces management, help desk, investment in infrastructure and the overall cost of the security system making it possible to invest more into the application provided to the customer. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 15 of 16
16 4. CONCLUSION The markets are undergoing drastic change. Increased functionality, distributed computing, fraud, and regulation are all motivating SaaS providers and users of SaaS applications to consider the implications of strong authentication. The acceleration of mobile technology and smart phones will continue to drive the need for authentication security in the future. VASCO has a proven history of securing millions of users over the last ten years and with its DIGIPASS product family, customers can authenticate and sign transactions with software, mobile authentication, hardware devices or any combination. The DIGIPASS solution remains the world s most recognized, reliable, and secure credential used today. To support DIGIPASS, VASCO provides two unique server platforms: 1. VACMAN Controller is a flexible, scalable, and secure API. VACMAN Controller is ideal for e-banking and e-commerce applications, or SaaS providers who wish to embed authentication within their application. With unlimited scalability and rich functionality, VACMAN Controller has become the standard tool for supporting large scale authentication deployments. 2. IDENTIKEY is a flexible, robust, and secure authentication server. IDENTIKEY provides robust authentication support ideal for organizations looking to secure their Business-to-Business applications, internal portals, and access to remote systems. IDENTIKEY supports hardware, software, and mobile authentication. The complete VASCO solution range is designed to strike the balance between security, user acceptance, and Total Cost of Ownership (TCO). As SaaS providers and users of SaaS applications begin to consider the impact of authentication it is important to consider the points that are discussed in this paper. SaaS applications represent what s next to the online channel. Driven by mobile technology, a global economy, and regulation, the security of cloud computing remains dependant on the authenticity of the users who access the system and actions they make over the internet and mobile channel. VASCO remains steadfast in securing today s applications and what is to come tomorrow. User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 16 of 16
Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have"
Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have" DIGIPASS Embedded Solutions White Paper DIGIPASS Embedded Solutions White Paper Page 1 of 14 2009 VASCO Data
More informationWHITE PAPER. Identikey Server 3.1 Strong Authentication solution against MITM Attacks for e-banking
WHITE PAPER Identikey Server 3.1 Strong Authentication solution against MITM Attacks for e-banking Protection against Man-in-the-Middle attacks As the global leader in two-factor authentication solutions
More informationWHITE PAPER. Identikey Server 3.1 Strong Authentication solution for On-Demand Applications and SaaS
WHITE PAPER Identikey Server 3.1 Strong Authentication solution for On-Demand Applications and SaaS Emerging trend: SaaS and Online Applications for every market Software deployments are shifting from
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationDIGIPASS as a Service. Google Apps Integration
DIGIPASS as a Service Google Apps Integration April 2011 Table of Contents 1. Introduction 1.1. Audience and Purpose of this Document 1.2. Available Guides 1.3. What is DIGIPASS as a Service? 1.4. About
More informationDIGIPASS Authentication for Check Point Connectra
DIGIPASS Authentication for Check Point Connectra With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 21 Disclaimer Disclaimer of Warranties and Limitations
More informationDIGIPASS Authentication for Cisco ASA 5500 Series
DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations
More informationThe 4 forces that generate authentication revenue for the channel
The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationIndustry Briefing: Security of Internet Payments - Legislative Developments in Europe
Industry Briefing: Security of Internet Payments - Legislative Developments in Europe Copyright 2015 VASCO Data Security. All rights reserved. No part of this publication may be reproduced, stored in a
More informationVASCO Consulting Services
VASCO Consulting Services OVERVIEW OF ALL VASCO CONSULTING SERVICES 1. VASCO Consulting Services BEFORE your implementation S trong authentication for e-banking: overview and best practices Two-factor
More informationSecuring Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud
Securing Internet Payments across Europe Guidelines for Detecting and Preventing Fraud Table of Contents Executive Summary Protecting Internet Payments: A Top Priority for All Stakeholders European Central
More informationWhat the Future of Online Banking Authentication Could Be
Universal Banking Solution System Integration Consulting Business Process Outsourcing Banking on Internet and mobile is gaining popularity The Pew Internet & American Life Project Tracking survey of December
More informationVASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
More informationDIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
More informationDIGIPASS Authentication for GajShield GS Series
DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationMIGRATION GUIDE. Authentication Server
MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as
More informationAuthentication Strategy: Balancing Security and Convenience
Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new
More informationINTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass
INTEGRATION GUIDE DIGIPASS Authentication for F5 FirePass Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security
More informationDIGIPASS Authentication for Citrix Access Gateway VPN Connections
DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer
More informationSolution Brief Efficient ecommerce Fraud Management for Acquirers
Solution Brief Efficient ecommerce Fraud Management for Acquirers Table of Contents Introduction Sophisticated Fraud Detection and Chargeback Reduction Improved Compliance Posture Transparent User Experience
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationBEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS
BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS TABLE OF CONTENTS BEST SECURITY PRACTICES Home banking platforms have been implemented as an ever more efficient 1 channel through for banking transactions.
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationStrong Authentication. Securing Identities and Enabling Business
Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationA Blueprint for Securing Mobile Banking Applications
A Blueprint for Securing Mobile Banking Applications By Will LaSala and Benjamin Wyrick, VASCO Data Security Table of Contents Foreword by David Strom Research Findings: Current State of Mobile Banking
More informationMODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationSecure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security
Secure your business DIGIPASS BY VASCO The world s leading software company specializing in Internet Security Secure Your Business A secure and flexible work environment Today s workforce needs to use
More informationWhitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION A RECENT SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PARED WITH THE FACT THAT
More informationAuthentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationBlackShield Authentication Service
BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationSecure the door to your business
Secure the door to your business Extranet Portal Security Summary Page 1 - Secure the door to your business Page 2 - Case Study Bebat Page 3 - Case Study SD Worx Page 4 - Case Study YOB Page 5 - Case Study
More informationDIGIPASS Authentication for Check Point Security Gateways
DIGIPASS Authentication for Check Point Security Gateways With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 38 Disclaimer Disclaimer of Warranties and
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationTake the cost, complexity and frustration out of two-factor authentication
Take the cost, complexity and frustration out of two-factor authentication Combine physical and logical access control on a single card to address the challenges of strong authentication in network security
More informationIdentikey Server Getting Started Guide 3.1
Identikey Server Getting Started Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationProposed Service. Name of Proposed Service: Technical description of Proposed Service: Registry-Registrar Two-Factor Authentication Service
Print Date: 2009-06-25 23:04:33 Proposed Service Name of Proposed Service: Registry-Registrar Two-Factor Authentication Service Technical description of Proposed Service: Background: The frequency and
More informationDigipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started
Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Getting Started Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of
More informationDIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access
DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations
More informationStrong Authentication in details
Strong Authentication in details Kuznetsov Alexander Technical Account Manager VASCO Core Activities Overview DIGIPASS DIGIPASS Go Range DIGIPASS E-signature DIGIPASS Reader DIGIPASS for Mobile DIGIPASS
More informationGrow revenues and profits while securing online subscription accounts
APPLICATION NOTE Grow revenues and profits while securing online subscription accounts www.vasco.com Copyright 2013 VASCO Data Security. All rights reserved. No part of this publication may be reproduced,
More informationProtecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations
More informationDIGIPASS Authentication for Windows Logon Product Guide 1.1
DIGIPASS Authentication for Windows Logon Product Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions,
More informationBlackBerry Enterprise Solution and RSA SecurID
Technology Overview BlackBerry Enterprise Solution and RSA SecurID Leveraging Two-Factor Authentication to Provide Secure Access to Corporate Resources Table of Contents Executive Summary 3 Empowering
More informationCA Arcot RiskFort. Overview. Benefits
PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud
More informationDIGIPASS Authentication for SonicWALL SSL-VPN
DIGIPASS Authentication for SonicWALL SSL-VPN With VACMAN Middleware 3.0 2006 VASCO Data Security. All rights reserved. Page 1 of 53 Integration Guideline Disclaimer Disclaimer of Warranties and Limitations
More informationNACS/PCATS WeCare Data Security Program Overview
NACS/PCATS WeCare Data Security Program Overview March 27, 2012 Abstract This document describes the WeCare Program, discusses common data security threats, outlines an 8-point plan to improve data security,
More informationTwo-Factor Authentication
Chen Arbel Vice President, Strategic Development Authentication Unit & Software DRM Aladdin Knowledge Systems Two-Factor Authentication The key to compliance for secure online banking Legal Notice Copyright
More informationDIGIPASS Authentication for Windows Logon Getting Started Guide 1.1
DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationIBM Tivoli Security using Two-Factor Authentication against PHISHING
IBM Tivoli Security using Two-Factor Authentication against PHISHING IBM Tivoli Security IBM Tivoli Security provides an integrated family of security products that provide a comprehensive and scalable
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationCA ArcotOTP Versatile Authentication Solution for Mobile Phones
PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding
More informationMicrosoft Azure Multi-Factor authentication. (Concept Overview Part 1)
Microsoft Azure Multi-Factor authentication (Concept Overview Part 1) In this Document we will discuss the concept of Azure Multifactor Authentication (MFA) concept, when and how you can use it and what
More informationIntel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
More informationStrong Authentication for Juniper Networks
Strong Authentication for Juniper Networks SSL VPN SSO and OWA with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright
More informationThe Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device
The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-668-6536 www.phonefactor.com Executive
More informationWhy SMS for 2FA? MessageMedia Industry Intelligence
Why SMS for 2FA? MessageMedia Industry Intelligence MessageMedia Industry Intelligence Why SMS for 2FA? ii Contents OTP Authentication Methods...2 Hard Tokens for OTP...3 App-based Tokens for OTP...4 Email
More informationhow can I provide strong authentication for VPN access in a user convenient and cost effective manner?
SOLUTION BRIEF CA Advanced Authentication how can I provide strong authentication for VPN access in a user convenient and cost effective manner? agility made possible provides a flexible set of user convenient,
More informationProtect Your Customers and Brands with Multichannel Two-Factor Authentication
SAP Brief Mobile Services from SAP SAP Authentication 365 Objectives Protect Your Customers and Brands with Multichannel Two-Factor Authentication Protecting your most valuable asset your customers Protecting
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationDIGIPASS as a Service. Product Guide
DIGIPASS as a Service Product Guide October 2011 Table of Contents 1. Introduction... 1 1.1. 1.2. 1.3. 1.4. Audience and Purpose of this Document... Available Guides... What is DIGIPASS as a Service?...
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationEXECUTIVE VIEW MYDIGIPASS.COM. KuppingerCole Report. by Alexei Balaganski August 2013. by Alexei Balaganski ab@kuppingercole.
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski August 2013 by Alexei Balaganski ab@kuppingercole.com August 2013 Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges...
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationTrue Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
More informationSafeNet Cisco AnyConnect Client. Configuration Guide
SafeNet Cisco AnyConnect Client Configuration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationOVERVIEW. DIGIPASS Authentication for Office 365
OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More informationConfidence in Commerce: Enabling e-banking and online services with two-factor authentication
Abstract The combination of online banking s rising popularity and the increasing number of online services offered by financial organizations indicates a bright future for e-banking. However, to maximize
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationDigipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide
Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Installation Guide Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations
More informationMulti-Factor Authentication
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
More informationAn Overview and Competitive Analysis of the One-Time Password (OTP) Market
An Overview and Competitive Analysis of the One-Time Password (OTP) Market A White Paper Prepared by Martha Vazquez, Research Analyst TABLE OF CONTENTS Introduction... 3 Brief Overview of the OTP Market...
More informationTop 5 Reasons to Choose User-Friendly Strong Authentication
SOLUTION BRIEF: USER-FRIENDLY STRONG AUTHENTICATION........................................ Top 5 Reasons to Choose User-Friendly Strong Authentication Who should read this paper This executive brief asserts
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationPASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information