Two-Factor Authentication Evaluation Guide

Similar documents
Two-Factor Authentication Evaluation Guide

Securing your Juniper SSL VPN with two-factor authentication.

STRONGER AUTHENTICATION for CA SiteMinder

ADDING STRONGER AUTHENTICATION for VPN Access Control

Modern two-factor authentication: Easy. Affordable. Secure.

Guide to Evaluating Multi-Factor Authentication Solutions

Why SMS for 2FA? MessageMedia Industry Intelligence

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Facebook s Security Philosophy, and how Duo helps.

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Vulnerability Management

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Optimizing Service Levels in Public Cloud Deployments

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA SecurID Two-factor Authentication

Microsoft Enterprise Mobility Suite

ADAPTIVE USER AUTHENTICATION

Using Entrust certificates with VPN

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

WHITE PAPER. HyperOffice Solutions for Mobile Operators, ISPs and Service Providers

How Managed Services Has Changed Remote Infrastructure Management. Presented by: Bill Whitney March 26, 2008

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Simplify SSL Certificate Management Across the Enterprise

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Securing Virtual Desktop Infrastructures with Strong Authentication

Password Management Evaluation Guide for Businesses

Company Overview. Enterprise Cloud Solutions

White paper Contents

Application Monitoring for SAP

2012 European Cloud-Based Authentication Services New Product Innovation Award

System Walkthrough & Test Cases

Building Secure Multi-Factor Authentication

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Two-Factor Authentication

Build Your Mobile Strategy Not Just Your Mobile Apps

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Seven Things To Consider When Evaluating Privileged Account Security Solutions

CompleteCare+ Enterprise Voice

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

Cloud Computing - Benefits and Barriers for Retail Adoption

White Paper. What is an Identity Provider, and Why Should My Organization Become One?


Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

WHITE PAPER: Egenera Cloud Suite

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Entering the cloud fray

Teradata and Protegrity High-Value Protection for High-Value Data

8 REASONS MORE COMPANIES ARE MOVING THEIR BUSINESS PHONES TO THE CLOUD

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Identity & Access Management in the Cloud: Fewer passwords, more productivity

People-Focused Access Management. Software Consulting Support Services

Move your business into the Cloud with one single, easy step.

how can I provide strong authentication for VPN access in a user convenient and cost effective manner?

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

How cloud computing can transform your business landscape

The CIO s Guide to HIPAA Compliant Text Messaging

INTRODUCING isheriff CLOUD SECURITY

The Partnership. You Can Count On. Seth Pomeroy, Partner NDH Group, Ltd May, 2015

Modern Manufacturing in the Cloud

Things You Need to Know About Cloud Backup

Authentication Strategy: Balancing Security and Convenience

5 Critical Considerations for. Enterprise Cloud Backup

IBM EXAM QUESTIONS & ANSWERS

Enhancing productivity, enabling. Success. Sage CRM

About the white paper: The pressure to demonstrate compliance with standards and regulations such as Sarbanes Oxley, HIPAA, PCI DSS and Basel II,

Hosting services. Managed hosting delivering your applications anywhere, 24x7 Ensuring the right experience, security and availability.

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Key Authentication Considerations for Your Mobile Strategy

Enhancing productivity. Enabling success. Sage CRM

Multi- factor Authentication Initiative

WHITE PAPER: Egenera Cloud Suite

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Securing your Mobile Workforce with Okta and Espion

WHY COACHING SOFTWARE?

Meraki: Introduction to Cloud Networking

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

Moving Beyond User Names & Passwords

Aurora Hosted Services Hosted AD, Identity Management & ADFS

The Software-as-a Service (SaaS) Delivery Stack

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Administrative Systems

An Evaluation Framework for Selecting an Enterprise Cloud Provider

APIs The Next Hacker Target Or a Business and Security Opportunity?

10 Threats to Successful. Enterprise Endpoint Backup

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Cisco Cloud Web Security

Balancing risk, cost and user experience with SMS for 2FA

Transcription:

???? 22700 Two-Factor Authentication Evaluation Guide Learn what to look for when assessing and comparing two-factor authentication solutions. A helpful guide from

Two-Factor Authentication Evaluation Guide In the physical world, we don t consider it odd when we re asked to confirm our identities before accessing facilities, funds, or high-value services. It s common to be asked to show a photo ID to enter a building, a passport to visit a country, or a driver s license when using a credit card. Many online systems and services require that added layer of protection, too. One of the most foolproof ways for an online system to confirm, Is it really you? is by adding twofactor authentication. This provides a second identity check preferably through a separate channel before allowing access to an online system. Sounds simple enough, right? Of course, the devil is in the details, and not all two-factor authentication solutions are created equal. This guide walks through some of the key area of differentiation between two-factor authentication solutions and provides some concrete criteria for evaluating technologies and vendors. The primary areas of differentiation are: Security. Can the solution protect your users accounts from takeover? Ease of Implementation. How easy/difficult is it to install, integrate with your existing systems, and deploy to your users? Ease of Use. Is it easy, convenient, and flexible enough that your users will adopt it successfully and use it consistently? Ease of Administration. Is it architected to reduce ongoing administration tasks? Is it powerful enough to detect and allow you to react to any security issues in real time? Total Cost of Ownership. What is the total cost when you fully account for acquisition, implementation, support, and operational costs over time?

Security & Reliability The most critical aspect of an authentication solution is its underlying security and reliability. If a service can t do the job then it s not worth implementing (at any cost!). Assess the security, availability, and ultimate scalability of the options. Security Reliability Scalability Does the service protect against advanced attacks such as Man-in-the- Middle (MITM) attacks? Does the service securely manage keys and exchange data? Two-factor authentication effectively defends against remote credential theft and man-in-the-middle attacks. Make sure your vendor s service is secure by design with strong security for the service itself stored by the vendor. Does the service have carrier-grade uptime? Is that uptime backed by an SLA? Does the service offer 24/7 operational coverage? Ensure that the vendor s cloud-based service uses multiple, independent PCI DSS Level 1 and ISO 27001- certified, SAS 70 Type II-audited service providers and is split across multiple geographic regions, service providers, and power grids for seamless failover. Reliable vendors demonstrate 99.995% uptimes and should be backed by strong service level agreements (SLA). Can the solution grow with your organization to support a future number of users and authentications you may need? Can you add new users to the service at anytime? Can it handle your expected volumes in 3 years? The vendor s infrastructure should be fully scalable and elastic in order to accommodate any number of your users. The vendor s subscription model should let you add users as you need them.

Ease of Implementation Many two-factor authentication products require lengthy implementation phases, requiring special skills and consultants. Assess this area carefully and have your vendors walk through likely implementation scenarios with you. Cloud-based services tend to provide the fastest implementation times, while on-premises solutions tend to be the slowest. Also look into the time and cost associated with rolling out the solution to your user base. Installation Integration Deployment Can you use the service without installing a server? Does the service provide documentation and live support to help with installation? Installation and deployment of on-premises solutions can be a major headache. Cloud-based authentication services are easy. They tend not to require installation of hardware or software. Does the service work natively with the types of access points in your environment? Does the service provide RADIUS-based integration? Does the service provide APIs that allow you to integrate to your custom systems or applications? Most security people don t want to write their own integration code. Select a vendor with drop-in integrations for all major VPNs, Unix, and MS remote access points; as well as a web SDK and APIs. Does the solution require hardware or software be deployed to each user? Can users enroll themselves? Does the solution require extensive user training? The best two-factor authentication services leverage something users already have, like their cell phones. Make sure that the service also works with landlines and tokens. Evaluate a vendor s enrollment process. This could be a major time sink for an IT administrator. In some companies, managing tokens requires a dedicated resource. Easy self enrollment eliminates need to manually provision tokens, making it simple for everyone. Look for a vendor with a subscription model that lets you add users as you need them.

Ease of Use In the end, even the best security solutions can be defeated by grumpy users. The most effective solution will be the one your users actually use. The key here is to find a solution that doesn t get in the way of them doing their jobs one that doesn t require lots of extra gizmos or steps in their login path. Usability, convenience, and flexibility are the key criteria that drive user adoption and impact productivity. Usability Convenience Flexibility Can users learn and use it without confusion? Is the authentication process at the remote access points clear and easy? Is the second factor itself easy to use? Can users bring their own devices to use? Can users quickly authenticate in one tap to reduce interference with normal work activities? Will it work in all situations the user encounters? (e.g., with and without cell coverage)? Does it provide users with options (authentication methods) to match their circumstances? Users should be able to enroll themselves and set their preferred devices to use for authentication. The authentication process should be part of their regular login process. Look for live status text to make it clear and easy to follow. Test each vendors end-user experience for ease and speed. If it s hard for your users they might revolt. Choose a solution that leverages something users already have: their mobile phones. Make sure it also works with landlines and tokens - for that added flexibility in deployment models. Most importantly ensure that the authentication process is fast and easy for users. Make sure your vendor supports a range of authentication methods, including push (to a mobile app), passcodes (generated by a mobile app without Web access, a token, or sent via SMS), and phone callback. Make sure you can give your users a choice. Allow them to flexibly choose the best authentication method to match their circumstances and preferences.

Ease of Administration Like any good business tool, your two-factor authentication solution should give you the power you need to get the job done with a minimum of hassle. In particular, assess how well it will allow you to detect and react to threats, and whether it provides the necessary visibility and audit tools. In addition, be sure your chosen solution won t need its own babysitter. You may not want to set-it-and-forget-it, but you should be able to set-itand-trust-it. Detection Reporting Maintenance Does the solution allow you to detect and react to security issues in real time? Does the solution allow you to set security policy at the level of granularity that ties to your business needs? Does it allow you to revoke and bypass credentials quickly and easily? Does the solution give you visibility and actionable insight into user access of your network? Does the solution produce logs and audit trails you can work with? Are the ongoing maintenance tasks with the service minimal? Can you use existing staff to deploy and maintain this solution? Does the software/hardware itself need ongoing monitoring or tuning? Choose a solution that flags fraudulent behavior in real-time. Ideally your own users can help flag this behavior. Make sure that the vendor s admin interface allows you to set your security policy, create and deactivate users and devices, and monitor all remote access. The solution should provide real-time visibility into remote access and produce authentication logs for auditing and reporting. If you want to keep your costs down, make sure that your solution requires minimal ongoing maintenance and management. Cloud-hosted solutions tend to have the lowest costs and hassles since the vendor maintains the infrastructure and handles all upgrades and maintenance. Make sure you assess the ease of user management (adding and revoking credentials). Ideally you want a system that doesn t force you to manage or provision physical tokens. Look for a system that provides a centralized admin interface to provide a unified, consolidated view of your two-factor deployments.

Total Cost of Ownership Different pricing models often make it hard to quickly compare the costs of two-factor authentication solutions. Factor in your acquisition, implementation, and operating costs over a 1, 3, and 5 year window for each to get a sense of what your total cost of ownership for each will be. Acquisition Implementation Operating Does the service require additional hardware? Do I have to pay per device per user? Do I have to pay per integration? Does it require dedicated end-user devices? At what cost? Will it cost extra to integrate the service with each of your systems? Can it get up and deployed using inhouse resources? What will it cost to roll the solution out to your end-users in terms of setup and training? Is the service monitored for free as part of the subscription cost? Are routine tasks like adding new users, revoking credentials and replacing tokens simple enough to be negligible? Is support included in the subscription cost? Consider all of a vendor s costs in your analysis. Build a cost model that takes into account a worst-case scenario in which all of your applications and users require two-factor authentication. Look for vendors with a simple subscription model. Watch out for setup fees, licensing fees, and hidden costs. Vendors that leverage your users phones as their authenticators will save you money. There s no need to acquire and provision separate tokens (unless you want to!). Make sure that your vendor has drop-in integrations for all the major VPNs, Unix, MS and web apps, in addition to easy-to-use APIs for your custom systems. Do an objective comparison to see how long it take to be up and running with a vendor s solution. Simple integrations should take no longer than 15 minutes. One of the benefits of cloud-hosted services is that monitoring and maintenance is done by the service s network and security engineers. Routine tasks, like managing users, should be simple. Be sure to take it for a test run to see for sure. Live support via email, chat, and/or phone should all be part of the vendor s service.

The Duo Advantage Duo Security makes two-factor authentication radically easy to deploy, manage and use. Duo empowers any network or web administrator to easily protect user accounts by leveraging your users' mobile phones for secondary authentication. Security Duo s two-factor authentication effectively defends against remote credential theft and manin-the-middle attacks. Duo is secure in both design and implementation. From modern exploit mitigation and defensive programming techniques, to time-honored least-privilege, data classification, and compartmentalization strategies, every component of our technology and infrastructure is the result of a careful, considered, approach to secure systems design and engineering. In addition, Duo s cloud-based service uses multiple, independent PCI DSS Level 1 and ISO 27001-certified, SAS 70 Type II-audited service providers and is split across multiple geographic regions, service providers, and power grids for seamless failover and scalability. Duo has had 99.995% uptime since 2010 and is backed by the best SLA in the industry. Implementing Duo is a cloud-based authentication service and requires no installation of hardware or software. Our dropin integrations for all major VPNs, Unix and Microsoft remote access points, as well as our web SDK and APIs makes integrating Duo with your environment fast and easy. Many customers can get a remote access point integrated and live in 15 minutes. Duo uses something your users already have their phones for authentication, so there s no need to acquire and provision separate tokens. We also provide an easy user self-enrollment process so that you don t have to provision each user manually. And our clear enrollment and authentication steps reduce the need for ongoing training or support. Ease of Use With Duo, authentication is fast and easy for users. Duo supports a range of authentication methods, including one-tap Push authentication, passcodes (generated by Duo Mobile, a token, or sent via SMS), and phone callback. Users can flexibly choose from among them when they log in to match their circumstances and preferences. The authentication process is part of their regular login process and live status text makes it clear and easy to follow and Duo Mobile and Duo Push provide unparalleled usability. Administration Duo s web-based admin interface allows you to set your security policy, create and deactivate users and devices, and monitor all remote access. The admin interface provides real-time visibility into remote access and well as authentication logs for auditing and reporting. Plus any login attempts your users flag as potentially fraudulent initiate real-time alerts to you. Duo requires minimal ongoing maintenance and management. As a cloud-hosted solution, our network and security engineers maintain the infrastructure and handle upgrades and maintenance so you don t have to. Cost Duo is a cloud-based authentication service with a simple subscription model and no setup fees, hardware costs, licensing fees, or hidden costs. In addition, because Duo uses something your users already have their phones for authentication, you don t have to incur the cost of acquiring and managing tokens (unless you want to!) Routine tasks, like managing users, are also simple using Duo s web-based admin interface and our cloud-hosted service is monitored and maintained by our network and security engineers. Live support via email, chat, or phone is all part of the Duo service as well.

About Duo Security Duo Security is a cloud-based access security provider protecting the world s fastest-growing companies and thousands of organizations worldwide, including Zillow, Etsy, NASA, Facebook, Paramount Pictures, Random House, Toyota, Twitter, Yelp, TripAdvisor, The Men s Wearhouse, Dresser-Rand Group, K-Swiss, SuddenLink, and more. Duo Security s innovative and easy-to-use two-factor authentication technology can be quickly deployed to protect users, data, and applications from breaches, credential theft and account takeover. Duo Security is backed by Benchmark, Google Ventures, Radar Partners, Redpoint Ventures and True Ventures. CONTACT DUO 123 N. Ashley, Ste. 200 Ann Arbor, MI 48104 (855) 386-2884 info@duosecurity.com FREE ACCOUNT Visit www.duosecurity.com to get yours. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information