Authentication Strategy: Balancing Security and Convenience

Similar documents
expanding web single sign-on to cloud and mobile environments agility made possible

CA Arcot RiskFort. Overview. Benefits

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Closing the Biggest Security Hole in Web Application Delivery

How To Comply With Ffiec

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

A to Z Information Services stands out from the competition with CA Recovery Management solutions

An Enterprise Architect s Guide to API Integration for ESB and SOA

CA Technologies Healthcare security solutions:

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

CA Technologies optimizes business systems worldwide with enterprise data model

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

CA SiteMinder SSO Agents for ERP Systems

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

CA Workload Automation for SAP Software

5 Pillars of API Management with CA Technologies

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

Building a Roadmap to Robust Identity and Access Management

Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions

The Future of Workload Automation in the Application Economy

Strengthen security with intelligent identity and access management

Top 5 Reasons to Choose User-Friendly Strong Authentication

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

Beyond passwords: Protect the mobile enterprise with smarter security solutions

SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible

CA Technologies Solutions for Criminal Justice Information Security Compliance

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

Radix Technologies China establishes compelling cloud services using CA AppLogic

ScaleMatrix safeguards 100 terabytes of data and continuity of cloud services with CA Technologies

Atkins safeguards availability of client s geospatial systems with a CA AppLogic private cloud environment

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

how can I comprehensively control sensitive content within Microsoft SharePoint?

Work Smarter, Not Harder: Leveraging IT Analytics to Simplify Operations and Improve the Customer Experience

SOLUTION BRIEF ADVANCED AUTHENTICATION. How do I increase trust and security with my online customers in a convenient and cost effective manner?

how can I improve performance of my customer service level agreements while reducing cost?

agility made possible

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Sallie Mae slashes change management costs and complexity with CA SCM

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

The National Commission of Audit

WHITE PAPER OCTOBER Unified Monitoring. A Business Perspective

Securing Virtual Desktop Infrastructures with Strong Authentication

agility made possible

Designing a CA Single Sign-On Architecture for Enhanced Security

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

CA Business Service Insight

Advanced Authentication Methods: Software vs. Hardware

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

agility made possible

Preemptive security solutions for healthcare

protect your assets. control your spending

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Sicredi improves data center monitoring with CA Data Center Infrastructure Management

How To Improve Your It Performance

agility made possible

How To Use Ca Product Vision

FEMSA manages more than 80,000 IT, finance and HR tickets with CA Service Desk Manager

How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?

BancoEstado achieves greater data efficiency and system development agility with CA ERwin

Addressing Security for Hybrid Cloud

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

Evolving the IT Service Experience to Meet New Business and User Demands

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Transcription:

Authentication Strategy: Balancing Security and Convenience

Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new online services Leveraging new advances in cloud computing and virtualization Accommodating the needs of a variety of demanding, tech-savvy users Driving greater employee productivity and increasing business intelligence Protect the business by: Mitigating the risk of fraud, breaches, insider threats and improper access from both internal and external sources Safeguarding critical systems, applications and data Ultimately, these goals serve a specific purpose: securely enable online business. With online applications and services driving the market and providing a key competitive differentiator organizations are under mounting pressure to remain agile and accelerate the delivery of web-enabled capabilities. But at the same time, they must ensure that new online offerings are supported by security measures capable of effectively protecting personal information plus critical business data without impeding the user experience. 02

Mobility Presents Additional Considerations The rapid proliferation of mobile devices has created additional security requirements for any organization attempting to increase its presence in the online market. And because smartphones and tablets afford end users a variety of new ways to interact with the enterprise, IT needs to evolve the security measures designed to protect online applications and services accordingly. Business spending on mobile projects will GROW 100% by 2015. 1 These challenges will only increase as the mobility trend gains even more momentum. In 2016, 350 million employees will use SMARTPHONES 200 million will bring their own. 1 1 Mobile is the New Face of Engagement, Forrester Research Inc., February 13, 2012. 03

New Trends Are Reshaping the Security Landscape Before the rise of online applications and services, not to mention the ubiquity of smartphones and tablets, security was a relatively simple process: INTERNAL EMPLOYEE NETWORK PERIMETER ENTERPRISE APPS Enterprise applications were contained within a network firewall, access was limited to internal employees and it was easy to manage identities and understand the context of a user s actions. PARTNER But as online interactions expand to include customers, mobile users and business partners as well as on-premise and cloud-based applications the traditional network perimeter has become less and less effective. Essentially, the concept of the firewall and the idea that most interactions occur inside the network is no longer valid. As a result, IT s long-held ideas about how to manage security must change. But how? If IT security teams can no longer rely on the network perimeter as an adequate means of securing the enterprise, where can they turn? CUSTOMER MOBILE EMPLOYEE CLOUD PLATFORM & WEB SERVICES SAAS The answer lies in intensifying the focus on users and confirming their identities before access is granted. INTERNAL EMPLOYEE ENTERPRISE APPS 04 NETWORK PERIMETER IS GONE!

Authentication Is the Front Door of the Identity Perimeter As identity becomes the driving force behind new security paradigms, IT must respond by placing a stronger emphasis than ever before on authentication the process of ensuring that users truly are who they say they are. To this end, businesses should account for three crucial factors when planning their authentication strategies: Security More applications, users and devices mean no one-sizefits-all approach will be sufficient, so developing a secure, centralized way to provide layered, riskappropriate authentication is imperative. User Experience A simple, yet secure, authentication process is essential to preserving the user experience and can be a key differentiator for driving adoption of customer-facing, web-based applications. Cost Control A flexible, efficient and centralized authentication solution can help reduce IT costs from initial deployment through ongoing maintenance and support. Additionally, a key point IT should consider is the fact that today s complex and evolving online environment emphasizes the need to review both current and future authentication needs and develop strategies that can cover a broad spectrum of predictable user groups and use cases. 05

Authentication Methods Must Reflect Today s Security and Access Requirements In the past, most IT departments employed authentication approaches that asked the majority of individuals to provide nothing more than a valid user ID and password and only a small set of executives were required to offer additional, stronger credentials when they needed to access highly sensitive resources. But given the recent trend of hackers and other malicious entities targeting common users and their basic passwords as an entry point for advanced persistent attacks, organizations must strengthen their authentication methods for all employee, partner and customer profiles leveraging strategies that go well beyond the weak user ID-password approach. As organizations look to expand the use of strong authentication methodologies, it is especially important for them to... 3 3 3 3 3 3 Enable access to online applications from a variety of devices Accommodate unique user groups with different access requirements and privileges Provide the appropriate level of security based on the risk of a given activity Protect an individual s identity and the sensitive data in applications without placing an undue burden on end users Extend authentication capabilities to both cloud-based and on-premise applications Safeguard transactions against new threats, such as man-in-the-middle attacks 06

Advanced Authentication Methods That Scale and Provide a Unique Combination of Security and User Convenience The complexity of today s authentication requirements and the evolving threat landscape may leave IT feeling as if there is no way to effectively secure the enterprise. Fortunately, there are two emerging authentication methods that promise to help organizations protect sensitive information and minimize the risk of breaches and other attacks while providing a streamlined experience to users of all types: software tokens and risk-based authentication. Strong Authentication What it Does Protects employees and customers with user-convenient, two-factor authentication. Advantages Helps reduce the risk of inappropriate risks and attacks Offers some of the strongest two-factor authentication software credentials on the market Secures data without burdening legitimate end users Scales with your organization s needs Risk-based Authentication What it Does Reduces the risk of improper access and fraud without burdening valid users. Advantages Reduces the risk of data breaches and fraud Requires step-up authentication for suspicious activities Helps meet compliance guidelines such as FFIEC, HIPAA, PCI, and SOX 07

Advanced Authentication in Action: Remote Employee Access (VPNs) A common challenge facing many IT organizations today is the process of confirming the legitimacy of the growing population of employees who need to access internal, cloud and partner sites from remote locations via a virtual private network (VPN). Because the typical user ID-password combination is insufficient, and may increase the risk of inappropriate access or fraud, organizations should complement this approach with a two-factor software token. This provides an additional layer of protection against inappropriate access one that can be implemented in a variety of user-friendly ways. EMPLOYEE USER ID/PASSWORD + TWO-FACTOR SOFTWARE CREDENTIAL VPN EMPLOYEE PORTAL SALESFORCE SAP 08

Advanced Authentication in Action: Remote Employee Access (VPNs) continued But if user convenience is a major concern, risk-based authentication provides a transparent and effective way to further validate an employee s identity without any additional, inconvenient steps. This gives IT the flexibility to permit low-risk activities, require additional authentication for medium-risk scenarios and either deny access or send an alert to an administrator in the event of a high-risk attempt. In this way, risk-based authentication enables a justin-time strategy that immediately grants access to the vast majority of users, while requiring additional authentication only when the risk level warrants it. EMPLOYEE USER ID/PASSWORD RISK-BASED EVALUATION LOW RISK: ALLOW MEDIUM RISK: STEP-UP AUTH. HIGH RISK: DENY/ALERT EMPLOYEE PORTAL SALESFORCE SAP ADMINISTRATOR POLICIES AUDIT LOGS RISK-BASED EVALUATION EMPLOYEE USER ID/PASSWORD + TWO-FACTOR SOFTWARE CREDENTIAL LOW RISK: ALLOW MEDIUM RISK: STEP-UP AUTH. HIGH RISK: DENY/ALERT EMPLOYEE PORTAL SALESFORCE SAP ADMINISTRATOR POLICIES AUDIT LOGS What s more, risk-based authentication can be combined with two-factor software tokens to create a powerful, layered approach that maximizes security and minimizes the impact on the user experience. 09

Advanced Authentication in Action: Customer Access Simplicity is the key when it comes to authenticating and, by extension, attracting and retaining customers. Because almost every individual owns at least one online identity if not several more eliminating the requirement to create yet another set of credentials is critical to driving the adoption of webbased services and applications. Therefore, implementing authentication measures that integrate with widely recognized standards such as OpenID or OAuth will allow organizations to seamlessly grant immediate access to consumers who have existing, established credentials. This can dramatically simplify the process of building an initial identity for new users. CUSTOMER PORTAL CUSTOMER 10 STORE

Advanced Authentication in Action: Customer Access continued And when a critical activity must be executed, further identity validation, risk-based authentication and/or software tokens can be leveraged to provide the added, just-in-time assurance about the individual s identity without inconveniencing the end user. Moreover, risk evaluations can be performed multiple times per user session and independent rules and thresholds can be set up for specific activities, providing IT with an ongoing assurance about the validity of consumer transactions. RISK-BASED EVALUATION LOW RISK: ALLOW CUSTOMER USER ID/ PASSWORD MEDIUM RISK: STEP-UP AUTH. HIGH RISK: DENY/ALERT CUSTOMER PORTAL RISK-BASED EVALUATION STORE ADMINISTRATOR POLICIES AUDIT LOGS 11

Where Do You Stand? The first step in adopting a security strategy built on advanced authentication techniques is to evaluate the ways you re currently managing user access. Gaining a full understanding of the types of individuals attempting to interact with the business each day as well as the transactions they typically execute will help you pinpoint the advanced authentication methods that are right for your organization. Keep in mind that the evolving security landscape and growing number of user profiles and devices emphasize the importance of a robust, integrated solution capable of supporting a wide array of use cases. This type of strategy eliminates fragmented practices, enables greater control over access management, reduces costs and provides a streamlined, high-quality user experience. 12

About the Solutions from CA Technologies CA Technologies understands the importance of effectively balancing security and the user experience. Our solutions provide the advanced authentication measures needed to secure and enable employee, customer and partner access to resources residing in on-premise and cloud environments. CA Advanced Authentication is a flexible and scalable solution that incorporates both risk-based authentication methods like device identification, geolocation and user activity, as well as, a wide variety of multi-factor, strong authentication credentials. This solution can allow the organization to create the appropriate authentication process for each application or transaction. It can be delivered as on-premise software or as a cloud service and it can protect application access from a wide range of endpoints including all of the popular mobile devices. This comprehensive solution can enable your organization to cost effectively enforce the appropriate method of strong authentication across environments without burdening end users. CA Advanced Authentication SaaS is a versatile authentication service that includes multifactor credentials and risk evaluation to help avoid inappropriate access and fraud. It can help you easily deploy and manage a variety of authentication methods to protect your users without the traditional implementation, infrastructure and maintenance costs. 13

CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only, and does not form any type of warranty. Actual screen shots and performance results of product may vary. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. Some information and results illustrated here are based upon CA or customer experiences with the referenced software product in a variety of environments, which may include production and nonproduction environments. Past performance of the software products in such environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments. CA does not provide legal advice. Neither this document nor any CA software product referenced herein shall serve as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, policy, standard, guideline, measure, requirement, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. You should consult with competent legal counsel regarding any Laws referenced herein. CS200-78909

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information