Transcript EMEA Divisional Messaging

Identity Assurance
Emory University Security Conference
March 26, 2008
Identity Assurance A Key Element of Information Risk Management
Revenue Growth
Cost Reduction
Customer Retention
Business Continuity
Compliance
Sensitive Information
What
information is
important to
the business?
How do we mitigate
risks associated with
accessing the
organization’s
information and IT
resources?
Risk
Security Incidents
Endpoint
Network
App / DB
RSA Company
Confidential
FS/CMS
Storage
What is Identity Assurance?
The set of capabilities and methodology that
minimizes business risk associated with
identity impersonation and inappropriate
account use
Allows trusted identities to freely and securely interact
with systems and access information
Extends user authentication from a single security
measure to a continuous trust model
Provides enterprises new ways to generate revenue,
satisfy customers, and control costs
RSA Company Confidential
Identity Assurance Enables Ubiquitous Security
Higher Risk
More weight
on Authentication
Strength
Online Business Banking
Super User Accounts
Early Adopters
of Strong
Authentication
System Administrators
Online Retail Banking
Remote Access (VPN)
Consumers
Partners
Less Control over PCs
More Control over PCs
Collaborative Forums
Greater Weight
on TCO
and Ease of Use
Employees
Network Login
Social Networks
Workgroup solutions
Information Portals
Lower Risk
*Source: Gartner, Inc. “WWWW.Authentication: Why? When? What?
Who?”
by Ant Allan, November,
2007
RSA
Company
Confidential
Why Focus on Identity Assurance?
Identity assurance is the essential foundation
for trusted business process
•
•
Establishes trust by proving identities
of the participants in a transaction
“On the Internet, nobody knows
you’re a dog”
Identity Assurance is the essential
foundation for other critical services
•
•
•
•
Access Management
Audit
Compliance
Personalization
RSA Company Confidential
The State of Identity Assurance
Passwords still dominate, but continue to weaken
The need for strong authentication continues to grow
•
•
•
•
Increasing number of business processes moving online
Employee mobility expanding – demand for anywhere anytime access to
information
Compliance and notification laws proliferate
Phishing attacks have increased dramatically
(see www.antiphishing.org)
Amongst strong authentication solutions,
•
•
•
•
•
•
Tokens continue to dominate in the enterprise
Smart cards are getting more capable
Biometrics are still getting press, and some large deployments
Consumer-oriented strong authentication appears (e.g., E*Trade)
Risk-based authentication emerges in consumer-facing markets
New authenticators continue to appear
RSA Company Confidential
Enabling Identity Assurance
According to the value and
criticality of the data,
application, identity or
transaction
For enterprises’ Workforce,
Customers and Partners
While striking the right
balance among Risk, Cost
and Convenience
RSA Company Confidential
Credential Management
Identity Verification
•
Positively identify and authenticate users
before credential issuance
Identity and Credential Policy
•
Create and enforce policy for issuance,
access and end user self-service
Lifecycle management
•
Comprehensively manage credentials
throughout their entire lifecycle
RSA Company Confidential
Identity Assurance
A Range of Authentication Mechanisms
•
Assures identities' access to systems,
information or transactions, based on risk
Choice of Different Form Factors
•
Provides organizations choice to optimize
across security, end user convenience while
reducing total cost of ownership
Delivery Platforms
•
Delivered as on premise software, an
appliance or as a service (SaaS)
RSA Company Confidential
Contextual Authorization
Access Control
•
Enforces access to corporate resources based on role, risk and
business context.
Step-Up Authentication
•
Enables “The right Authentication at the right time”, assuring security
throughout the session.
Federation
•
Provides and shares trusted identities across applications and
corporate boundaries.
RSA Company Confidential
Intelligence
Identity & Activity Verification
•
•
Monitors Identities and activities
Verifies credentials & prevents misuse
Proactive Threat Protection
•
•
Detects and prevents credential theft
Alerts on emerging threats
Real-time Information Sharing
•
•
Facilitates intelligence sharing
Enables enterprise collaboration
RSA Company Confidential
The Business Drivers for Identity Assurance
RSA Company Confidential
Enable Mobility
Trends:
•
•
•
Globalization and mobility of the workforce
Rise in unmanaged devices and locations for remote
access
Passwords alone have limited effectiveness
Solution:
•
•
•
Secure and simplify remote access to network
resources
Authenticate authorized mobile users to corporate
resources
Enable business continuity in outage situations
RSA Company Confidential
Secure Access
Trends:
•
•
•
Employees, partners, contractors & customers requiring access
to sensitive corporate information
Proliferation of new information portals
Careless or negligent insiders put sensitive data at risk
Solution:
•
•
Authenticate authorized users to access critical information on
the network
Provide secure access for the right people to the right
applications to the right level of information through role-based
authorization
RSA Company Confidential
Prevent Fraud
Trends
•
•
Identity theft and financial fraud are growing
Enterprises need to inspire user confidence and encourage
remote channel usage
Solutions
•
•
•
External Threat and Identity Theft Mitigation
Multi factor Authentication and Fraud Detection
Identity and transaction Verification
RSA Company Confidential
Compliance
Trends
•
•
•
Global compliance and regulatory environment is becoming
increasingly complex
Regulations are driving adoption of additional security
measures
Penalties for non-compliance are being enforced
Solutions
•
•
•
Multi factor Authentication and Fraud Detection
Transaction Monitoring and Access enforcement
Reporting and auditing
RSA Company Confidential
Ease of Use
RSA Company Confidential
Secure Enterprise Access Technology Solutions
It’s not one size fits all
RSA Company Confidential
On Demand Authentication
Support for Short Messaging
Service (SMS) /Email
delivered OTP
Minimal impact on end user
RSA Company Confidential
Information Risk Management
protecting your most critical assets
Information-centric
Clarifies business context and
reveals potential vulnerabilities
Risk-based
Establishes a clear priority for
making security investments
Risk
Repeatable
Endpoint
Network
Apps/DB
FS/CMS
Storage
Based on foundation of broadly
applicable best practices and
standard frameworks
Reveals where to invest, why to invest, and how security
investments map to critical business objectives
RSA Company Confidential
Summary
There will be continued pressure on organizations to put
business processes online
Hackers and thieves will continue to exploit vulnerable
systems
The emphasis on information security will increase as will
regulations and laws
Identity assurance should be considered as a piece of the
overall security strategy
No single authentication method is a perfect solution for
all situations
RSA Company Confidential
Information-centric Security
RSA Company Confidential