Identity Assurance Emory University Security Conference March 26, 2008.

Slides:



Advertisements
Similar presentations
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Advertisements

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Security Controls – What Works
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Delivering Information-centric Security Carol Clark Senior Manager, EMEA Market Development.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Security Governance Technology Executive Club
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.
Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
Unify and Simplify: Security Management
HIPAA COMPLIANCE WITH DELL
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.
Dell Connected Security Solutions Simplify & unify.
Copyright 2006 IDC Reproduction is forbidden unless authorized. All rights reserved. Information Security Trends.
THE CIO ROLE ON THE NEW FINANCIAL ENVIRONMENT Gustavo de Souza Fosse Banco do Brasil Board of Technology Organized by:
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Grow with Cisco’s Made-for-Midmarket Portfolio Inspire Growth, Productivity,
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2005 IBM Corporation IBM Business-Centric SOA Event SOA on your terms and our expertise Operational Efficiency Achieved through People and SOA Martin.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Enterprise Cybersecurity Strategy
Building a Fully Trusted Authentication Environment
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
IS3220 Information Technology Infrastructure Security
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Sponsored by: 1 The State of Corporate A Survey of IT Professionals October 2013.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Identity and Access Management
CIM Modeling for E&U - (Short Version)
Do you know who your employees are sharing their credentials with
BOMGAR REMOTE SUPPORT Karl Lankford
Transforming IT Management
Company Overview & Strategy
Understanding IDENTITY Assurance
Securing the Threats of Tomorrow, Today.
© 2018 VynZ Research All rights reserved Get in Touch: Mobile Virtual Private Network (VPN) Market.
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Data Insights Summit
In the attack index…what number is your Company?
NetIQ Access Manager v4.3 Sales Enablement
Presentation transcript:

Identity Assurance Emory University Security Conference March 26, 2008

RSA Company Confidential Revenue GrowthComplianceCost ReductionBusiness ContinuityCustomer RetentionNetworkEndpoint App / DB StorageFS/CMS Risk Security Incidents Sensitive Information What information is important to the business? How do we mitigate risks associated with accessing the organization’s information and IT resources? Identity Assurance - A Key Element of Information Risk Management

RSA Company Confidential What is Identity Assurance? The set of capabilities and methodology that minimizes business risk associated with identity impersonation and inappropriate account use Extends user authentication from a single security measure to a continuous trust model Allows trusted identities to freely and securely interact with systems and access information Provides enterprises new ways to generate revenue, satisfy customers, and control costs

RSA Company Confidential Identity Assurance Enables Ubiquitous Security Higher Risk Lower Risk Employees More Control over PCs Partners Consumers Less Control over PCs Network Login Workgroup solutions Collaborative Forums Social Networks Information Portals More weight on Authentication Strength Early Adopters of Strong Authentication Greater Weight on TCO and Ease of Use Super User Accounts *Source: Gartner, Inc. “WWWW.Authentication: Why? When? What? Who?” by Ant Allan, November, 2007 System Administrators Remote Access (VPN) Online Business Banking Online Retail Banking

RSA Company Confidential Why Focus on Identity Assurance? Identity assurance is the essential foundation for trusted business process Establishes trust by proving identities of the participants in a transaction “On the Internet, nobody knows you’re a dog” Identity Assurance is the essential foundation for other critical services Access Management Audit Compliance Personalization

RSA Company Confidential The State of Identity Assurance Passwords still dominate, but continue to weaken The need for strong authentication continues to grow Increasing number of business processes moving online Employee mobility expanding – demand for anywhere anytime access to information Compliance and notification laws proliferate Phishing attacks have increased dramatically (see Amongst strong authentication solutions, Tokens continue to dominate in the enterprise Smart cards are getting more capable Biometrics are still getting press, and some large deployments Consumer-oriented strong authentication appears (e.g., E*Trade) Risk-based authentication emerges in consumer-facing markets New authenticators continue to appear

RSA Company Confidential Enabling Identity Assurance According to the value and criticality of the data, application, identity or transaction For enterprises’ Workforce, Customers and Partners While striking the right balance among Risk, Cost and Convenience

RSA Company Confidential Credential Management Identity Verification Positively identify and authenticate users before credential issuance Identity and Credential Policy Create and enforce policy for issuance, access and end user self-service Lifecycle management Comprehensively manage credentials throughout their entire lifecycle

RSA Company Confidential Identity Assurance A Range of Authentication Mechanisms Assures identities' access to systems, information or transactions, based on risk Choice of Different Form Factors Provides organizations choice to optimize across security, end user convenience while reducing total cost of ownership Delivery Platforms Delivered as on premise software, an appliance or as a service (SaaS)

RSA Company Confidential Contextual Authorization Access Control Enforces access to corporate resources based on role, risk and business context. Step-Up Authentication Enables “The right Authentication at the right time”, assuring security throughout the session. Federation Provides and shares trusted identities across applications and corporate boundaries.

RSA Company Confidential Intelligence Identity & Activity Verification Monitors Identities and activities Verifies credentials & prevents misuse Proactive Threat Protection Detects and prevents credential theft Alerts on emerging threats Real-time Information Sharing Facilitates intelligence sharing Enables enterprise collaboration

RSA Company Confidential The Business Drivers for Identity Assurance

RSA Company Confidential Enable Mobility Trends: Globalization and mobility of the workforce Rise in unmanaged devices and locations for remote access Passwords alone have limited effectiveness Solution: Secure and simplify remote access to network resources Authenticate authorized mobile users to corporate resources Enable business continuity in outage situations

RSA Company Confidential Secure Access Trends: Employees, partners, contractors & customers requiring access to sensitive corporate information Proliferation of new information portals Careless or negligent insiders put sensitive data at risk Solution: Authenticate authorized users to access critical information on the network Provide secure access for the right people to the right applications to the right level of information through role-based authorization

RSA Company Confidential Prevent Fraud Trends Identity theft and financial fraud are growing Enterprises need to inspire user confidence and encourage remote channel usage Solutions External Threat and Identity Theft Mitigation Multi factor Authentication and Fraud Detection Identity and transaction Verification

RSA Company Confidential Compliance Trends Global compliance and regulatory environment is becoming increasingly complex Regulations are driving adoption of additional security measures Penalties for non-compliance are being enforced Solutions Multi factor Authentication and Fraud Detection Transaction Monitoring and Access enforcement Reporting and auditing

RSA Company Confidential Ease of Use

RSA Company Confidential Secure Enterprise Access Technology Solutions It’s not one size fits all

RSA Company Confidential On Demand Authentication Support for Short Messaging Service (SMS) / delivered OTP Minimal impact on end user

RSA Company Confidential Information Risk Management protecting your most critical assets Information-centric Clarifies business context and reveals potential vulnerabilities Risk-based Establishes a clear priority for making security investments Repeatable Based on foundation of broadly applicable best practices and standard frameworks EndpointNetworkApps/DBFS/CMSStorage Risk Reveals where to invest, why to invest, and how security investments map to critical business objectives

RSA Company Confidential Summary There will be continued pressure on organizations to put business processes online Hackers and thieves will continue to exploit vulnerable systems The emphasis on information security will increase as will regulations and laws Identity assurance should be considered as a piece of the overall security strategy No single authentication method is a perfect solution for all situations

RSA Company Confidential Information-centric Security