QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION

QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION

Who are SecurEnvoy? As the original inventors of tokenless authentication, our goal is to continue to design innovative solutions that take advantage of users mobile phones, or other personal devices, as the something you own part of two factor authentication. We have eliminated the barriers to 2FA adoption, such as SMS delays, poor phone signal or soft token synchronisation problems. With more than 1000 customers, our innovative approach to the Tokenless market sees millions of users connecting across the world with SecurEnvoy. What is SecurAccess? Mobile phone-based, Tokenless Two Factor Authentication for VPN, SSL, Remote Desktop, WiFi, Web Portals, Laptop Encryption and other solutions - the modern alternative to physical fobs/tokens. Who is using SecurEnvoy SecurAccess? IT Directors, IT Managers, Security Managers, Network Managers and Infrastructure Managers from a wide range of public and private sector organisations are already benefiting from SecurEnvoy s Tokenless Two-Factor Authentication. Key target markets for SecurEnvoy include: BENEFITS FEATURES > Strong, affordable, convenient two-factor authentication > Enhanced security > Reduced helpdesk costs > No password reset or PIN management issues > No token/smartcard deployment, renewal or replacement costs > No need to carry additional devices > No software required on the mobile phone > No delays waiting for a passcode > Passcode always available even if temporarily out of communication > Any GSM mobile phone can be transformed into an authentication token > No additional hardware token required > No end-user hardware deployment costs > No end-user hardware failure problems > Supports any system that includes a Radius client, such as all known VPN servers > Direct integration to your existing user directory, no additional database is required with no schema changes > Protects applications that run on Microsoft IIS, no integration or code changes required > Simple six-digit SMS authentication code > Single-use passcodes prevent all known password attacks > Soft tokens available on IPhone, Android, Blackberry, Windows7 RETAIL MANUFACTURING BLUE-LIGHT SERVICES EDUCATION GOVERNMENT LEGAL & PROFESSIONAL NB: The latest version of the Government Connect Code of Connection requires all users accessing the GCSx network remotely to use two-factor authentication. Discounts are available for public sector & charity organisations. HOSPITALITY CHARITIES CONSTRUCTION UTILITIES HEALTCARE FINANCIAL SERVICES > Migration tool

Key to the successful use of SMS for delivering passcodes is resolving intermittent network coverage and SMS delivery delays. SecurAccess patented methods resolve these issues by offering the user a choice: Do you currently use 2FA for remote access? > Pre-loaded one time passcodes > Three pre-loaded one time passcodes within each message > Reusable passcodes that change each day or multiple days Other Delivery Options > Real Time SMS Passcodes sent on-demand and session locked > Passcodes can be sent via secure email > Soft Token Apps > Voice Call with passcodes entered in the phone s keypad to session lock the voice network with the Internet Key Sales Questions If your prospect is currently using two-factor authentication, here are some key questions to ask: > What type of 2FA technology are you using? (Tokens, mobile phones: soft-tokens or SMS) > How many users are currently deployed? > Is there anything you would like to change or add to your current 2FA solution? > When will you be looking to review your two-factor authentication provider? > Would you be interested in learning about a state-of-the-art solution via a short (40 minute) demonstration? YES BENEFITS OVER LEGACY 2FA > Use your phone or device as the authenticator > Easiest 2FA logon experience in the industry > Automatically deploy users via LDAP group membership > Deployment can scale to 100,000 users per hour > Fixed yearly cost, pay per user, with no hidden extras > Instant fraud alerts > Put the user in control, migrate your own phones/devices > Halve your cost of tradition hardware token alternatives > Re-utilise existing AD (LDAP) database > Widest variety of tokenless types > On premise software or hosted via managed provider > 100% successful SMS Passcode delivery DRAWBACKS OF USING STATIC PASSWORDS > If you have spent money deploying a VPN, you have an encrypted tunnel but you cannot know 100% who is logging in > Not having two-factor authentication would mean failing to meet regulations such as PCI Compliance, CESG Government Code of Connection (CoCo), Sarbanes Oxley, etc. > Using static passwords means you are at risk of: > Social engineering > Users writing down passwords > Use of easily guessed passwords such as date of birth, favourite team etc. > Shoulder surfing > Keystroke logging NO > Brute force password crackers such as L0phtcrack

Objection handling OBJECTION SHORT ANSWER DETAILED ANSWER Not all my users have access to a mobile phone. SecurEnvoy offers a voice call service to landlines, PC tokens, Mac tokens and can turn any laptop device into a token. What if the end user loses their mobile phone? What if they lose their plastic token? It is the same situation. Both plastic tokens and Tokenless require a PIN/Password along with 2nd factor to successfully login. As with RSA SecurID, SecurEnvoy SecurAccess allows the administrator to provide users with a static password while they are without their phone or token. However, SecurEnvoy can automate the change back to one-time mode after a number of days, whereas an RSA administrator may have to chase the user to find out if they have another token. Users tend to pay more attention to personal security of their mobile phone than they do a plastic token provided by the company. Users are also more likely to know that their mobile is missing, and a lot quicker, than their token. Users may not realise their hardware token is missing until they next try to log in, this could take days, or even weeks. Users are more likely to feel a moral obligation to report their mobile phone missing compared to a token which they are most likely going to report missing when it is convenient for them. Where I live has bad/no GSM coverage. How do you manage this? SecurEnvoy SecurAccess has pre-loaded SMS options as well as Soft Tokens on Smartphone, PC & MAC along with Voice Call authentication. We have recently renewed our support/maintenance. When do your tokens expire? SecurEnvoy s licensing is per-user, per-year with no extra support costs. Migration is seamless and a Secure Access trial can be installed free of charge to illustrate the true meaning of tokenless 2FA. This is good news; you obviously understand the benefits of soft tokens. We are in the process of moving to soft tokens. Have you considered managing the lifecycle of the devices hosting the tokens? For example, users moving from IPhone 4 to IPhone 5? SecurEnvoy empowers users with self-management; allowing them to control their tokens without helpdesk costs. Enrolment is the simplest in the industry - just click and scan using a QR code. We are moving to the cloud or outsourcing our IT. Who is the outsourcer? Who is the account manager? Are you governed by PCI compliance? Under PCI obligations, 2FA is not allowed as a shared service. It s more effective to host your security in-house. We use Virtual Servers. SecurEnvoy Security Server can be installed on virtual servers such as VMware. SecurEnvoy supports VMware open view. A detailed integration guide can be found here: www.securenvoy.com/integration.

OBJECTION SHORT ANSWER How is the product licensed? SecurEnvoy SecurAccess is licensed per enabled user and NOT concurrent. The license is an annually renewable subscription model, with discounts available for multiple year subscriptions. What VPN vendors does SecurAccess integrate with? SecurEnvoy SecurAccess integrates with all VPN manufacture who support RADIUS authentication. Integrations can be found at: www.securenvoy.com/support/integration-guides.shtm How are the SMS sent? There are two main options for sending SMS; either via GSM Modem hosted onsite or via a 3rd Party SMS Gateway Aggregator. The product comes with 25 built-in gateways to choose from, additional gateway templates can be added if required, although may require professional services. How much is it send an SMS? SMS costs can range from free of charge, using an existing GSM contracted SIM in an onsite modem, to 3.9p per SMS with an SMS Gateway Aggregator. Can you work alongside existing two factor authentication solutions? YES - SecurEnvoy SecurAccess has a Migration configuration option that allows SecurEnvoy to work seamlessly alongside an existing authentication solution. Can the SecurEnvoy Server be installed on a Virtual Server Environment? SecurEnvoy Security Server is fully supported on Virtual Server Environments, including among others, VMware and Hyper-V. How well can the solution scale? SecurEnvoy SecurAccess is extremely scalable as it scales directly with the existing LDAP repository, which in most cases is Active Directory. Microsoft have spent a lot of time and money perfecting the replication between domain controller servers. SecurEnvoy benefits from this replication as it directly integrates with AD or other LDAP servers such as edirectory. What accreditations does the product have? SecurEnvoy uses a FIPS140-2 accredited algorithm to randomly generate passcodes or seeding records for soft tokens. SecurEnvoy are a member of OATH and OATH compliant. SecurEnvoy also intend to be the first vendor to be accredited for the CESG CPA for two factor authentication. Our current remote access VPN has inbuilt two factor authentication. Is there anything that it doesn t do that you would like it to do, or could do better? Can you deploy users automatically via LDAP Group membership? Does it store user information directly within the existing LDAP (Active Directory)? If not, how scalable is it? Does it only work with the existing VPN, what about other access points? What authentication methods does it support and can users change their own authentication method? Other vendors you may come across: RSA VASCO SAFENET ACTIVIDENTITY ENTRUST SWIVEL PHONEFACTOR

About SecurEnvoy SecurEnvoy are the inventors of tokenless authentication and provide two-factor authentication via mobile phones. Passcodes are sent to the user s mobile device in order to access corporate internal networks, cloud based services or private emails. SecurEnvoy s products have been adopted worldwide. SecurAccess SecurPassword SecurIce SecurMail There is no requirement for additional database management, no need for users to remember additional passwords or PINs and no physical token distribution; dramatically reducing the costs and management time associated with two-factor authentication. SecurEnvoy delivers a zero footprint solution that enables thousands of users to be deployed in a matter of minutes. SecurEnvoy distributes through the channel; providing customers the value-added benefits of working with local partners. It has built up a technical and sales infrastructure that supports most languages and cultures around the world. Partners include: Juniper, Citrix, Fortinet, Sonic Aventail, Cisco, Checkpoint, Celestix, Microsoft & F5. SecurEnvoy s customers include: T-Mobile, Symantec, John Lewis, NHS and Save The Children. SecurEnvoy was founded by Andrew Kemshall and Stephen Watts in 2003. The UK headquarters are based in Theale, Berkshire; with regional offices in Frankfurt, San Diego and New York. For further information, please visit: www.securenvoy.com Global HQ Merlin House Brunel Road Theale Reading RG7 4AB T: +44 (0) 845 2600010 E: info@securenvoy.com