Best Practices for Multi-Factor Authentication: Delivering Stronger Security Against Threats

Best Practices for Multi-Factor Authentication: Delivering Stronger Security Against Threats

• 1.
  BEST PRACTICES FORMFA DELIVERING STRONGER SECURITY AGAINST THREATS
• 2.
  MEET THE EXPERTS CHRIS HOKE ManagingDirector, Sirius Security Solutions SLY GITTENS Senior Technical Product Marketing Manager, RSA Security
• 4.
  In 2017, theimpacts of the WannaCry, NotPetya, and Equifax cyber attacks were closely followed by the stunning disclosure of the Meltdown and Spectre vulnerabilities. Drove spending; Gartner forecasts worldwide security spending will reach $96 billion in 2018, up 8 percent from 2017 Affected individuals, businesses and countries; increased the sense of urgency around cybersecurity
• 5.
  . FUNDING DOESN’T ENSURESECURITY Money is often spent implementing practices that fail to protect against sophisticated threats, and continue to prop up password security. Complex passwords are hard to remember. Users write them down, and blend common words with easily discoverable information. According to Verizon’s 2017 DBIR, 81% of hacking-related breaches leveraged stolen and/or weak passwords. Users are just trying to get their jobs done with the least amount of hassle, but these shortcuts increase risk factors for the organization.
• 6.
  Multi-factor authentication (MFA) providesan additional layer of security, and can streamline access HOW CAN WE MAKE ACCESS HARD FOR HACKERS, BUT EASY FOR USERS?
• 7.
  Multi-factor authentication (MFA)is a method of access control in which a user is granted access only after successfully presenting at least two separate pieces of evidence to an authentication mechanism within the following categories: Knowledge Factor Something only the user knows, such as a username, PIN, password, or the answer to a security question Possession Factor Something only the user has, such as a hardware or software token that generates an authentication code Inherence Factor Something they are, such as biometric information from fingerprints, voice recognition, or retina scans
• 8.
  Ask yourself: HOW AREYOU PROTECTING YOUR ORGANIZATION’S SENSITIVE APPLICATIONS? a) Username and password b) Username, password and MFA c) MFA only
• 9.
  Solutions vary widely,and it is frequently deployed in a way that leaves users feeling harassed NOT ALL MFA IS CREATED EQUAL
• 10.
  Risk-based, adaptive MFA improvesuser experience while also improving security MAKE MFA ADAPT, NOT YOUR USERS
• 11.
  BEST PRACTICES FOR SUCCESS
• 12.
  ONE UNDERSTAND REQUIREMENTS Define your needs,uses cases and deployment strategy
• 13.
  Choose the rightsolution for your environment TWO EVALUATE SOLUTIONS
• 14.
  Ask yourself: WHAT ISMOST IMPORTANT TO YOUR ORGANIZATION WHEN CONSIDERING AN MFA SOLUTION? a) Integration with SSO b) Improving user experience c) Flexibility in distribution channels
• 15.
  Does the solutionprovide a range of options for all of your uses?1 Does it offer the flexibility to add new authentication methods?2 Are you able to use risk-and context-based identity assurance?3 Does it enable you to support flexibility, user choice and emergency access requirements? 4 QUESTIONS TO ASK
• 16.
  KEY ATTRIBUTES Easy toDeploy Easy to Use Easy to Manage
• 17.
  Deploying across allusers and applications limits exposure and improves user experience THREE ASSESS YOUR USERS & APPLICATIONS
• 18.
  FOUR CHOOSE FACTORS & DISTRIBUTION TACTICS Considerwhat works best for your user population
• 19.
  FIVE TAKE MOBILE SECURITY MEASURES Validate deviceswith direct access to systems and data
• 20.
  Adopt a risk-based,user-friendly approach to MFA Prevent attacks that leverage stolen passwords Strike the right balance between ease of use and protection DELIVER STRONGER SECURITY AGAINST THREATS
• 21.
  NEXT STEPS Consider anIAM Workshop or Security Architecture Review
• 22.
  CHRIS HOKE [email protected] Or contactyour Sirius Account Manager QUESTIONS