Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Assurance Emory University Security Conference March 26, 2008.

Published byEleanor Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Assurance Emory University Security Conference March 26, 2008."— Presentation transcript:

1 Identity Assurance Emory University Security Conference March 26, 2008

2 RSA Company Confidential Revenue GrowthComplianceCost ReductionBusiness ContinuityCustomer RetentionNetworkEndpoint App / DB StorageFS/CMS Risk Security Incidents Sensitive Information What information is important to the business? How do we mitigate risks associated with accessing the organization’s information and IT resources? Identity Assurance - A Key Element of Information Risk Management

3 RSA Company Confidential What is Identity Assurance? The set of capabilities and methodology that minimizes business risk associated with identity impersonation and inappropriate account use Extends user authentication from a single security measure to a continuous trust model Allows trusted identities to freely and securely interact with systems and access information Provides enterprises new ways to generate revenue, satisfy customers, and control costs

4 RSA Company Confidential Identity Assurance Enables Ubiquitous Security Higher Risk Lower Risk Employees More Control over PCs Partners Consumers Less Control over PCs Network Login Workgroup solutions Collaborative Forums Social Networks Information Portals More weight on Authentication Strength Early Adopters of Strong Authentication Greater Weight on TCO and Ease of Use Super User Accounts *Source: Gartner, Inc. “WWWW.Authentication: Why? When? What? Who?” by Ant Allan, November, 2007 System Administrators Remote Access (VPN) Online Business Banking Online Retail Banking

5 RSA Company Confidential Why Focus on Identity Assurance? Identity assurance is the essential foundation for trusted business process Establishes trust by proving identities of the participants in a transaction “On the Internet, nobody knows you’re a dog” Identity Assurance is the essential foundation for other critical services Access Management Audit Compliance Personalization

6 RSA Company Confidential The State of Identity Assurance Passwords still dominate, but continue to weaken The need for strong authentication continues to grow Increasing number of business processes moving online Employee mobility expanding – demand for anywhere anytime access to information Compliance and notification laws proliferate Phishing attacks have increased dramatically (see www.antiphishing.org)www.antiphishing.org Amongst strong authentication solutions, Tokens continue to dominate in the enterprise Smart cards are getting more capable Biometrics are still getting press, and some large deployments Consumer-oriented strong authentication appears (e.g., E*Trade) Risk-based authentication emerges in consumer-facing markets New authenticators continue to appear

7 RSA Company Confidential Enabling Identity Assurance According to the value and criticality of the data, application, identity or transaction For enterprises’ Workforce, Customers and Partners While striking the right balance among Risk, Cost and Convenience

8 RSA Company Confidential Credential Management Identity Verification Positively identify and authenticate users before credential issuance Identity and Credential Policy Create and enforce policy for issuance, access and end user self-service Lifecycle management Comprehensively manage credentials throughout their entire lifecycle

9 RSA Company Confidential Identity Assurance A Range of Authentication Mechanisms Assures identities' access to systems, information or transactions, based on risk Choice of Different Form Factors Provides organizations choice to optimize across security, end user convenience while reducing total cost of ownership Delivery Platforms Delivered as on premise software, an appliance or as a service (SaaS)

10 RSA Company Confidential Contextual Authorization Access Control Enforces access to corporate resources based on role, risk and business context. Step-Up Authentication Enables “The right Authentication at the right time”, assuring security throughout the session. Federation Provides and shares trusted identities across applications and corporate boundaries.

11 RSA Company Confidential Intelligence Identity & Activity Verification Monitors Identities and activities Verifies credentials & prevents misuse Proactive Threat Protection Detects and prevents credential theft Alerts on emerging threats Real-time Information Sharing Facilitates intelligence sharing Enables enterprise collaboration

12 RSA Company Confidential The Business Drivers for Identity Assurance

13 RSA Company Confidential Enable Mobility Trends: Globalization and mobility of the workforce Rise in unmanaged devices and locations for remote access Passwords alone have limited effectiveness Solution: Secure and simplify remote access to network resources Authenticate authorized mobile users to corporate resources Enable business continuity in outage situations

14 RSA Company Confidential Secure Access Trends: Employees, partners, contractors & customers requiring access to sensitive corporate information Proliferation of new information portals Careless or negligent insiders put sensitive data at risk Solution: Authenticate authorized users to access critical information on the network Provide secure access for the right people to the right applications to the right level of information through role-based authorization

15 RSA Company Confidential Prevent Fraud Trends Identity theft and financial fraud are growing Enterprises need to inspire user confidence and encourage remote channel usage Solutions External Threat and Identity Theft Mitigation Multi factor Authentication and Fraud Detection Identity and transaction Verification

16 RSA Company Confidential Compliance Trends Global compliance and regulatory environment is becoming increasingly complex Regulations are driving adoption of additional security measures Penalties for non-compliance are being enforced Solutions Multi factor Authentication and Fraud Detection Transaction Monitoring and Access enforcement Reporting and auditing

17 RSA Company Confidential Ease of Use

18 RSA Company Confidential Secure Enterprise Access Technology Solutions It’s not one size fits all

19 RSA Company Confidential On Demand Authentication Support for Short Messaging Service (SMS) /Email delivered OTP Minimal impact on end user

20 RSA Company Confidential Information Risk Management protecting your most critical assets Information-centric Clarifies business context and reveals potential vulnerabilities Risk-based Establishes a clear priority for making security investments Repeatable Based on foundation of broadly applicable best practices and standard frameworks EndpointNetworkApps/DBFS/CMSStorage Risk Reveals where to invest, why to invest, and how security investments map to critical business objectives

21 RSA Company Confidential Summary There will be continued pressure on organizations to put business processes online Hackers and thieves will continue to exploit vulnerable systems The emphasis on information security will increase as will regulations and laws Identity assurance should be considered as a piece of the overall security strategy No single authentication method is a perfect solution for all situations

22 RSA Company Confidential Information-centric Security

Download ppt "Identity Assurance Emory University Security Conference March 26, 2008."

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Security Controls – What Works

Security Controls – What Works
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Delivering Information-centric Security Carol Clark Senior Manager, EMEA Market Development.

Delivering Information-centric Security Carol Clark Senior Manager, EMEA Market Development.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Security Governance Technology Executive Club

Security Governance Technology Executive Club
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.

StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Similar presentations

Ads by Google