SlideShare uma empresa Scribd logo

You Are the Target

E
EMC

This Frost & Sullivan analyst report reveals how the legal and threat environment, combined with BYOD and cost factors, make multi-factor, risk-based authentication the logical approach to solving the security challenges posed by threat actors.

TecnologiaNegócios
1 de 16
Baixar para ler offline
You Are the Target – But You Don’t Have To Be with Effective Authentication www.frost.com An Executive Brief Sponsored by RSA August 2013
2 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan YOU ARE THE TARGET – BUT YOU DON’T HAVE TO BE WITH EFFECTIVE AUTHENTICATION INTRODUCTION Any size organization can be a target, generally because of weak authentication. Password- only protection is simply too risky. In addition, stolen passwords were responsible for major thefts of records from Best Buy and Twitter. With the adoption of cloud-based IT infrastructures, and the pervasive use of mobile devices and mobile applications, IT organizations are being asked to secure what they don’t own, manage or control. For more on how to reduce the risk and the consequences of weak authentication, read on. This paper will show why any size organization can be a target; and how the legal and threat environment—combined with BYOD and cost factors—make multi-factor, risk- based authentication the logical approach to solving the problem. Case studies are used to illustrate. Robust, multi-factor authentication, which can increase the validation steps required if something seems out of the ordinary or if highly sensitive information is to be accessed, is a necessary and cost-effective way to reduce your vulnerability as a target. Relying on the leading vendor, RSA, is a proven strategy. In gauging threats, intelligence professionals start with the nature of the threat. We start with the most likely threat. Generally, this has meant that the target has employed poor authentication products and practices. We then move on to asking: who are they? What motivates them? What kinds of resources do they have at their disposal? Today’s adversaries cover a wide range of possibilities. At the top of the list are nation-states interested in learning defense secrets and gathering valuable data and trade secrets that can give them an edge in the global economy. Next in threat capabilities would be multi-national, non-state actors—such as organized crime—who target electronically stored information (ESI) that can either be resold or monetized in other ways. High on the list of their targets are databases of Personally Identifiable Information (PII), which would allow them or their customers to steal the identities of their victims; and then systematically loot their digital assets; establish false accounts to steal goods and services; while destroying the reputations and credit worthiness of their victims. Robust, multi-factor authentication, which can increase the validation steps required if something seems out of the ordinary or if highly sensitive information is to be accessed, is a necessary and cost- effective way to reduce your vulnerability as a target.
3© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Today’s competitive world means that organizations are keeping tabs on their competition in legal and illegal ways. Using social media, such as Facebook and LinkedIn, to learn about a competitor’s employees and plans is emerging as a common means of competitive intelligence gathering and industrial espionage. Hijacking Twitter Handles and other acts could have been prevented with robust authentication. Other threats include individuals and groups who are moved to correct social conditions they perceive as wrong. Dubbed “hacktivists,” these people have attacked a variety of organizations. Many of these groups are loosely organized, with no formal leadership; e.g., “Anonymous.” These groups can be especially dangerous because their very nature changes day to day, and their lack of a formal organization makes it difficult to track down individuals. Lastly, the threat can be a single individual. Aggrieved former employees and contractors are often unhappy about the circumstances of the termination of the relationship with their former employer or client. BAD THINGS HAPPEN TO GOOD PA$$WORDS—EVEN SECURE PASSWORDS AREN’T ENOUGH PROTECTION IN TODAY’S ENVIRONMENT All too often, organizations of all sizes rely on passwords as the way to confirm the identity of individuals who wish to access their electronic assets, as well as to guard access to their information technology (IT) infrastructure. Yet, passwords, even the most elaborate passwords, are not secure unless they are supplemented by other factors associated with the individual. This was not always the case. In the early days of computing, a user ID plus password was sufficient protection. This might have been fine when mainframes were the only IT resources, and were kept behind locked doors in special rooms. However, as Intel CEO Paul Otellini noted in his keynote speech at the 2012 Consumer Electronics Show, “Today your smartphone has more computing than existed in all of NASA in 1969.”1 This means that organizations need authentication security measures that provide appropriate security, can adapt to the dynamic threat environment, are easy for users to adopt, scalable across various sizes of organizations, and that can be easily integrated into complex and heterogeneous IT infrastructures. SIZE DOESN’T MATTER—ANY ORGANIZATION CAN BE A TARGET The adversary determines the target, and size does not matter; small sized organizations can be just as important to the attacker’s plans as the large ones. The following examples illustrate this point. 1 http://www.guardian.co.uk/technology/blog/2012/jan/11/ces-2012-intel-keynote-otellini Passwords, even the most elaborate passwords, are not secure unless they are supplemented by other factors associated with the individual.
4 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Small Company Small companies face increased risks on a global scale. According to David Willetts, British Minister of State for Universities and Science, “Companies are more at risk than ever of having their cyber security compromised—in particular small businesses—and no sector is immune from attack . . . But there are simple steps that can be taken to prevent the majority of incidents.”2 According to the 2013 Information Security Breaches Survey, released 23 April 2013, 87 percent of all small businesses in the United Kingdom experienced a breach in the last year. The survey indicated that breaches of small companies increased in the past year, and that the cost associated with these breaches could range up to 6 percent of company revenues.3 Small businesses can be targeted because they do business with larger businesses, such as defense contractors, major banks, etc. Their role as gateways for attackers has been shown in several major campaigns attributed to nation-states. Statistics for small businesses in the United States also show that they are major targets. According to Representative Chris Collins (R) of New York, himself a successful small business owner, “Although attacks on small businesses don’t make the headlines, a recent report shows nearly 20 percent of cyber-attacks are on small firms with less than 250 employees. Unlike a large company, small businesses may not be able to survive a cyber attack. Washington has begun to realize the importance and immediacy of this threat, but more must be done to help protect this vital segment of our economy from these increasingly complex attacks.”4 A typical small company situation could be a supplier to a large company. The large company is the real target; but it employs a layered security defense, including multi- factor authentication. The attacker has determined that the small company doesn’t employ any sort of security, other than passwords. Through diligent research on LinkedIn, the attacker has come up with several names of employees of the small company. The attacker employs a password cracker that he downloaded for free from the Internet—one like Password Cracker 3.97, available from Tucows.5 In short order, a suitable password is found. The attacker has gained access to the small company’s IT infrastructure, and is now free to rummage about to download data or to alter data, or even to destroy data essential to running the business. Essentially, small businesses are often targeted because they are perceived as gateways to larger businesses, in part, because they have weaker authentication mechanisms. 2 http://www.infosecurity-magazine.com/view/31999/infosecurity-europe-2013-technology-strategy-board-offers-money-to- small-businesses/ 3 http://www.infosecurity-magazine.com/view/31999/infosecurity-europe-2013-technology-strategy-board-offers-money-to- small-businesses/ 4 http://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=325034 5 http://www.tucows.com/preview/520041 Small businesses can be targeted because they do business with larger businesses, such as defense contractors, major banks, etc. Their role as gateways for attackers has been shown in several major campaigns attributed to nation-states.
5© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Midsize Business A midsized company manufactures equipment used in the testing of radar systems to be installed on fighter jets. The company competes with much larger companies, and has had to become innovative by developing unique processes to design its test algorithms. Unfortunately, the company has not upgraded its security to multi-factor authentication. Adding to the company’s vulnerabilities is its headquarters location—near popular coffee shops and eateries that offer free Wi-Fi. While convenient for the company’s employees to access IT resources, public Wi-Fi hotspots are also subject to sniffing attacks; attacks that require little technical skill. For example, as explained in “How Logging On From Starbucks Can Compromise Your Corporate Security,”6 packet sniffing can easily vacuum up sensitive data such as passwords. Once compromised, the passwords authorize access as if the attacker was a legitimate end user. Enterprises While enterprises with 1,000 or more employees have more resources than their smaller counterparts, it doesn’t necessarily follow that they are more secure. For instance, many large enterprises have grown by acquisitions; often, integrating the new company into the mainstream IT infrastructure of the acquiring company is not instantaneous. This contributes to uneven authentication approaches; e.g., strong (multi-factor) for some employees, but weak (e.g., password only) for others—yet both sets of employees can access similar sensitive resources. THE CHANGING ENVIRONMENT This section addresses four key areas that are impacting the operating environment: Legal, BYOD, Evolving Threats, and Cost Factors. One of the best ways that an organization can insulate itself, its people, and its assets in the face of these dynamic environmental factors is by employing robust authentication. Legal & Regulatory Data Privacy Laws Currently, there are approximately 50 countries that have data privacy laws of various types. The European Union, for example, is in the process of dramatically revising the breach disclosure and other aspects of its data privacy regulations.7 According to the Financial Times of London, EU-based firms could be fined up to 2 percent of a company’s global revenue for data breaches. International law generally recognizes three main classes of personal data that require special attention because they are legally regulated or scrutinized by an industry 6 http://www.securityweek.com/how-logging-starbucks-can-compromise-your-corporate-security 7 http://news.cnet.com/8301-1009_3-57573051-83/eu-feeling-pressure-to-tweak-data-privacy-legislation/#! One of the best ways that an organization can insulate itself, its people, and its assets in the face of these dynamic environmental factors is by employing robust authentication.
6 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan authority. Personal Health Information (PHI)8 is almost universally considered among the most sensitive types of data. This information concerns the health of specific individuals. Specific relevant US laws include the Health Information Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). Personally Identifiable Information (PII) is information that, if stolen, allows the thief to masquerade as the individual. PII is protected by a number of United States state and federal laws. Japan is also taking measures to strengthen data privacy for its citizens, such as by requiring strong authentication for online access.9 A third class of protected data is information that is regulated by the Payment Card Industry (PCI). This data is defined in PCI Data Security Standard 2.0,10 and covers the data used in digital payment and credit transactions. Confirming the identity of authorized users must be a prerequisite to giving them access to the organization’s IT resources. In Singapore, the Monetary Authority of Singapore (MAS) requires financial institutions to implement IT controls to protect customer information from unauthorized access and disclosure. Moreover, with the growing use of mobile banking, the risk of unauthorized access and disclosure is growing. Multi-factor authentication is one of the important and proven security technologies that elevate the protection of sensitive data stored and used by financial institutions, and that also contributes to building trust among mobile banking users. Breach Notification Laws The EU is taking stronger action on data breaches, as noted above. Readers should be aware that, as of August 2012, 46 states and the District of Colombia have enacted laws requiring organizations to notify individuals if their PII has been breached, or if the data controller (holder of the data) suspects there has been a breach.11 These notifications can be expensive, and they certainly raise questions of the organization’s trustworthiness in the minds of the customers, employees, patients, and others who may receive the notifications. Preventing such breaches can save organizations significant exposure. A basic step such as requiring multi-factor authentication is sensible to ensure that only properly authorized individuals are granted access. Industry Specific Laws A number of industries have specific laws that govern data security. The section on PHI, above, includes two laws in the healthcare industry. Other industries with their own regulations include, for example: the banking industry with its Gramm Leach Bliley Act 8 http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/underhipaa.html 9 http://www.infoworld.com/d/security-central/japan-tightens-personal-data-protection-356 10 https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0 11 http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx
7© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication and Federal Financial Institutions Examination Council (FFIEC); the North American energy industry, which is regulated by North American Electric Reliability Corporation (NERC);12 and the United States energy industry, governed by the Federal Energy Regulatory Commission (FERC).13 The point is simple—more regulations are likely to be enacted that will require enhanced information security measures. Bring Your Own Device (BYOD) In order to attract a new and vibrant workforce, and as a means to enhance productivity, organizations are allowing their employees and contractors to access the IT infrastructure with their personal smartphones, tablets, and laptops. Multi-factor authentication is necessary to ensure that authorized end users can access their IT resources from any device, while protecting the integrity of the IT infrastructure. Security solutions addressing BYOD need to work seamlessly, as software is embedded with applications. Furthermore, the use of a Software Development Kit (SDK) to integrate with a variety of applications that are core to the business is critical. A rich ecosystem of partners, such as that offered by RSA, is a major strong point. Many organizations have not considered the security aspects of this move, and have not suitably protected access to their information resources with enhanced security measures such as multi-factor authentication. Security principles hold that information is to be protected according to its value, not its location. Consequently, organizations are well advised to implement robust authentication across all means of entry into their IT and network infrastructure. Evolving Threats While threats in the past were mostly static and slow to develop, today’s threat environment is dynamic and unpredictable. Vulnerabilities are known to exist in today’s complex software and Web applications. Attackers exploit known and unknown vulnerabilities in several ways. One instance of quickly evolving threats is Advanced Persistent Threats (APT). This type of attack is highly targeted, adaptable, and designed to clandestinely yield long term results. Often these sophisticated threats include the use of social engineering, to compromise passwords, to gain access to networks as entry points for more robust attacks. Another threat is to attack vulnerabilities that even the product’s developers are unaware of. These attacks are called “Zero Day Attacks” because attackers exploit software code vulnerabilities before the vulnerabilities are known. These are just a sampling of the dynamic and unpredictable nature of today’s threat environment. The 12 http://www.nerc.com/Pages/default.aspx 13 https://www.ferc.gov/ Security solutions addressing BYOD need to work seamlessly.
8 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Stuxnet attack on the Iranian nuclear program is cited as a good example of this type of attack, as were the cyber-attacks on the Saudi government in May 2013. Organizations need to set policies based on risk, and implement those policies in a way that, when the end-user activity seems out of the ordinary, they are challenged with additional identity confirmation requirements, such as answers to security questions. Self- learning risk engines are proving to be efficient at uncovering anomalous activity. The ability to employ device and behavior characteristics, as well as identity authentication factors, strengthens assurances that end users are who they say they are. Cost Factors Successful attacks can result in significant direct and indirect costs, including: ▪ Loss of Intellectual Property – Trends indicate that attacks are becoming more focused. Organizations are often targeted because they have unique advantages in trade secrets, patent development, or both. Attackers, ranging from competitors to nation-states, seek access to intellectual property (IP). This IP can give attackers economic or efficiency advantages, in addition to saving them significant research and development (R&D) time and expense. ▪ Reputational Costs – Many businesses are based on trust. Organizations that handle sensitive data, such as PHI, PII, and PCI, are in a critical position of responsibility to safeguard this information. Breaches and unauthorized access to this information can result in wide ranging publicity that will negatively impact the public perception of the company. Lack of trust can lead not only to lost business, but legal action. ▪ Legal Costs – Organizations entrusted with sensitive data have a legal duty to protect that data. Failure to adequately protect can subject the company to lawsuits on a variety of grounds. These lawsuits can result in financial damages including retribution and fines. Failure to exercise due care, and adhere to the standard of care within the industry, such as multi-factor authentication, can strengthen plaintiff’s claims. ▪ Lost Employee Productivity – Considerable time can be spent in remediating breaches and unauthorized access. This is employee time that would have been better spent on other aspects of the business. It is also fair to say that employees have a certain level of trust in their employers. Employers, after all, store quite a bit of PII about their employees (e.g., salary information and performance reviews). Yet, the effort to recover from a breach of employee sensitive information can be just as taxing as a breach involving sensitive customer information. Organizations need to set policies based on risk, and implement those policies in a way that, when the end-user activity seems out of the ordinary, they are challenged with additional identity confirmation requirements, such as answers to security questions.
9© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication SOLVING THE PROBLEM Classically, organizations address security shortfalls with a combination of people, process, and technology. Multi-factor authentication snugly fits into this trifecta, and has proven to be a measure that can address a variety of security gaps across a wide range of organizations and industries. Applicable to Different Size Organizations – Scale A hallmark of leading edge technology is that it can be applied across organizations of varying size. This is because the key is not so much the size of the organization, but the ability of end users to conduct their work and access the resources they need in a secure and efficient manner. Security processes that consume end-user time or that are inconvenient are often ignored by end users. Moreover, end users develop work-arounds that circumvent the very processes and technologies that are designed to improve security. In addition, the move to Web-based applications and cloud services means that organizations must adopt security measures that can be operational as quickly as cloud services, and in a cost effective manner. Scalability costs are also important considerations, and include startup costs and ongoing maintenance. Assessing both classes of costs is especially important to organizations that are growing by acquisition. Risk-Based Authentication – Adapting the Protection to the Threat Security principles dictate that security measures should be applied based on the value of the data to be protected and the likely risks. Risk-Based Authentication (RBA) is a logical and proven technique for matching the level of protection with the risk. Key to success of a Risk-Based Authentication schema is the ability to process information during the log -in process, and to evaluate the level of risk of the particular end user seeking to be granted access. Conventional Risk-Based Authentication involves several steps: ▪ Device Validation – Devices can be identified by secure first-party cookies and Flash Shared Objects (sometimes referred to as Flash cookies). When these two components are used in tandem, there is a double layer of validation. Alternatively, device characteristics can be analyzed to develop a unique ‘fingerprint’ to establish its identity and its users. ▪ Behavior Profiling – In this phase, the context of the log-in is compared to known behavior and other factors, such as the sensitivity of the data. As the context risk and data sensitivity increase, the identity validation steps required of the end user to gain access are likewise increased. A hallmark of leading edge technology is that it can be applied across organizations of varying size. Security principles dictate that security measures should be applied based on the value of the data to be protected and the likely risks.
10 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Risk-Based Authentication can provide end users with some very solid benefits. RSA’s Risk-Based Authentication can lower the authentication cost per user by up to 40 percent, when compared to traditional hardware authenticators. RBA can also considerably speed up deployment time in large organizations, typically reducing implementation across enterprise organizations from days to weeks.14 Risk-Based Authentication is particularly relevant in situations where the organization has privacy concerns, because this method of authentication is robust, yet does not infringe on end-user privacy. RSA, the dominant player in the market, employs Risk-Based Authentication which looks for anomalies based on historical patterns. Since it only tracks the authentication process, there are no privacy issues with this proven approach. Platform Agnostic Another key aspect of authentication technology today is that it must be platform- agnostic, meaning that the same level of authentication, and essentially the same process of authentication, must be facilitated across the platforms favored by end users. Also, some end users may be most comfortable with software on their desktop or laptop computers. This is a staple of many organizations and many industries. However, as industries evolve, so do their computing platforms. The authentication technology must also be available, in a consistent form factor, to function on mobile phones and tablets, so as to facilitate remote access 24x7 by authorized end users. Interestingly enough, many end users still prefer the comfort of hardware tokens. In fact, many large banks brand RSA hardware tokens for their large portfolio customers, to control access to their accounts. RSA’s software tokens are used for similar purpose, and add to choice and flexibility in strong authentication. RSA’s ability to enhance the security based on the cumulative learning of the sum of the authentication processes increases security—and is transparent to the user. The ubiquity of smartphones, exacerbated by the growing popularity of BYOD, mandates that authentication via SMS is another platform that must be part of the offering. Considering the ever-present and on-person nature of smartphones, these devices, when used with SMS, become an effective something-you-have authentication factor. Easy to Integrate Into Existing Operations End users do not want to be interrupted in their work; consequently, authentication technology must be easily integrated into their routines. Ideally, this integration would be at the lowest possible level in the technology stack, with native support being ideal. Embedding the authentication is a proven way of enhancing security while facilitating operations. Many organizations are taking advantage of the recently released SecurID platform version RSA® Authentication Manager 8.0. In particular, this release is optimized and 14 RSA Analysis Another key aspect of authentication technology today is that it must be platform- agnostic, meaning that the same level of authentication, and essentially the same process of authentication, must be facilitated across the platforms favored by end users. End users do not want to be interrupted in their work; consequently, authentication technology must be easily integrated into their routines.
11© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication certified as a VMware® Ready Virtual Appliance for use with popular VMware tools such as snapshots, VMotion and high availability. Examples of embedded authentication include SanDisk integration of RSA authentication into its flash drives; Privaris’s implementation with its biometric devices; and Juniper Networks working with RSA to enable mobile security services that unite strong authentication with secure remote access, to extend the security model and streamline the mobile user experience when accessing both corporate and cloud-based resources. RSA continues to revolutionize its multi-factor authentication portfolio, both organically and through acquisitions—such as PassBan, a visionary leader in mobile and cloud-based multi-factor authentication. There are also over 400 partners that have established RSA interoperability with their products and services, including Check Point, Cisco, Citrix, and IBM. Collectively, these examples illustrate that an authentication technology must be embraced by a robust ecosystem of interoperable products in order to drive widespread adoption. HOW SUCCESSFUL COMPANIES ARE MEETING THE AUTHENTICATION CHALLENGE This section provides highlights of how organizations of various sizes have solved their authentication challenges by employing RSA products. Grupo Bancolombia ▪ The Business – One of the largest banks in Latin America, founded nearly 70 years ago—and the largest in Colombia—the bank provides banking services to approximately 60,000 organizations and over 1.5 million retail customers. One of the bank’s key initiatives was to leverage the competitive advantages of its online banking portal. The portal is used by approximately 90,000 people in the organizational sector, and about two-thirds of its retail customers.15 ▪ The Security Challenge – A number of years ago, the bank noticed a significant increase in fraudulent access attempts to the online portal. According to Carlos Rodriques, Internet Manager of Bancolombia, “We knew we needed to respond quickly and effectively, both for the sake of our customers and to preserve the integrity of our offerings. Until that point, we had relied on applications we had developed in-house to prevent attacks. However, the severity of the fraud activity we were starting to see highlighted the need to strengthen our defenses with dedicated security solutions.” ▪ The Solution – The company wanted to be able to offer software-based authenticators to its retail customers, and hardware authenticators to its corporate clientele. The availability of both approaches was critical because retail customers want the convenience of not installing special software or having a hardware token; 15 http://www.grupobancolombia.com/webcorporativa/
12 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan while corporate clients want the security, durability, reliability, and standardization that comes with hardware tokens. ▪ The Impact – Subsequent to installing the solution, the bank saw a marked decrease in fraudulent activity targeting its online platform. According to Rodriguez, “Fraud fell by around 90 percent after we added the technology, and has remained constant ever since.” Banco Popular De Puerto Rico ▪ The Business – This largest commercial bank in Puerto Rico has 174 branches, almost 600 ATMs, and more than 27,000 Point of Sale (POS) terminals. The bank also provides a variety of Internet banking services, including: Internet Banking, e- Commercial Statement, and WebCash Manager.16 ▪ The Security Challenge – The bank had developed its own version of a three-step password process. Requirements of the Federal Financial Institutions Examination Council (FFIEC) mandated the use of multi-factor authentication as a prerequisite to enter online banking systems. ▪ The Solution – After performing a risk assessment, the bank decided that the combination of a Risk-Based Authentication system for its customers and a hardware- based authentication system for its internal network would be the optimal solution. RSA was chosen, after a vendor qualification process. The bank felt that the powerful nature of the RSA Risk Engine—tracking over 100 fraud indicators—would be the most effective way to manage security at the individual log-in level, with minimal interruptions and inconvenience to customers. According to Miguel Mercado Torres, CISO and VP Operational Risk management at the Bank, “We were keen to upgrade our solution, in light of the increase of cyber threats and cyber fraud activity. By adding an extra layer of security for access into the corporate Intranet, RSA SecurID authentication enables us to increase the number of people who are able to work from home, and also enables the sales team to complete more transactions while out in the field.” ▪ The Impact – The Bank has noticed a significant reduction in attacks on their customers’ accounts, and a corresponding increase in customer confidence and satisfaction with the bank. Lazio Innovazione Technologica (LAit) ▪ The Business – LAit is the IT development arm charged with working with Regione Lazio17 in Italy, to help the government in automating services and to stimulate adoption of digital services. These services include: healthcare, e-mail, and data transfers. One example was the Farmarecup project. This project provides consumers choice in pharmaceutical products from 170 pharmacies in Lazio, and 16 http://www.popular.com/en/business-online-services#GA=Online_Services__Business_Services__LP 17 http://www.regione.lazio.it/rl_sanita/?vw=contenutidettaglio&id=43
13© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication provides patient online scheduling of medical appointments through a self-service, Web-based appointment system. ▪ The Security Challenge – LAit needed an authentication mechanism that would integrate with existing systems, improve security, be patient-friendly, and that would be cost effective. ▪ The Solution – The company opted for a two-factor authentication system from RSA, because of its ease of use and management capabilities. The Technical Director of LAit, Vittorio Gallinella, explained, “We evaluated the performance of the systems in real-life scenarios. This was necessary to verify the compatibility and integration with LAit’s systems, as well as ease of installation.” ▪ The Impact – According to Regino Brachetti, President of LAit S.P.A., “Secure remote access and collaboration has enabled us to accelerate the process for booking medical appointments and exams, providing more efficient public services to Regione Lazio’s citizens. What’s more, thanks to two-factor authentication, we have reduced management costs by 70 percent.” The government found that the authentication system created the means to expand the range of services it offered. Separately, as noted by Mr. Gallinella, “We, above all, recognize the versatility of RSA SecurID—besides the simplicity of installation, management and use. Because of these characteristics, we have adopted this solution for other purposes too; in particular, providing remote access to a number of services for some Directorates and Departments, for system management and to give access to some resources. The solution enables us to unify password management and consolidate authentication management with a unique tool.” NTT Com Asia ▪ The Company – NTT Com Asia Limited is a wholly owned subsidiary of NTT Communications, which is the international and long distance arm of NTT (Nippon Telegraph and Telephone Company). NTT Com Asia serves as the regional headquarters of East Asia, covering Hong Kong, Macao, Taiwan, and Korea. The company provides multinational companies with end-to-end network and IT solutions. These solutions include cloud hosting, managed services, integrated solutions IP connectivity, and data center support. The company also provides local connectivity and services for small and midsize businesses.18 ▪ The Security Challenge – The company needed a strong authentication system to protect sensitive customer information, while ensuring compliance with local financial regulations. Due to its role as a communications provider, the company needed a security solution that would offer high availability and dependability on a 24x7 basis. According to Jonathan Wong of NTT Com Asia, “The goal of the project was to provide a system that enabled mobile workers at our customer sites to access sensitive information stored on their internal servers, from a remote location, 18 http://www.hk.ntt.com/en/index.html
14 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan whenever they needed it. The process had to be secure, but also needed to be simple enough to implement to a potential workforce of hundreds of thousands.” ▪ The Solution – NTT Com Asia selected the RSA SecurID solution to implement a two-step authentication process. ▪ The Impact – the company found that the implementation of the robust authentication system gave its customers a higher level of customer confidence and trust. Mr. Wong felt that the system was responsible for strengthening customer relationships. He noted, “Since we deployed RSA SecurID, the feedback has been very positive. The key theme coming through is reliability. Our customers trust the solution to deliver against their security requirements.” Red Bull Racing ▪ The Company – The Red Bull Racing team, based in United Kingdom’s Milton Keynes, is a double Formula 1 World Champion. ▪ The Security Challenge – The Red Bull Racing team regularly competes in Grand Prix events all over the world, and many employees are often traveling. Indeed, individuals frequently need to access the Red Bull corporate network from challenging locations and under significant time pressure—particularly those based in the pit lane on race day. In a fiercely competitive field like F1 racing, however, providing employees with fast and reliable access to critical applications and e-mail is just half the story. At the same time, Red Bull must ensure that any unauthorized attempts to access its network are effectively prevented, to keep team secrets from being leaked. ▪ The Solution – Hardware tokens were issued to around 400 employees, who adopted the new technology enthusiastically, thanks to the user-friendly easy-to-read design. In addition to the robust and reliable hardware element, Red Bull Racing was impressed by the fact that the RSA Authentication Manager integrated smoothly with its existing IT environment. ▪ The Impact – The new authentication system integrated well into the existing infrastructure. Neil Bailey, Red Bull Racing IT Infrastructure Manager, commented, “We were pleasantly surprised by how well the solution integrated with our Citrix Access Gateway VPN. It also works very well with our Cisco Secure Remote Access solution, enabling smooth delivery of applications. This effortless interoperability meant that migrating our user base to the RSA platform was quick and hassle-free.” Where new tokens needed to be allocated—for example to new employees—the process is now much simpler and more efficient. Previously, a skilled security expert would need to spend about 30 minutes in the authentication management console, setting up a new user and allocating them a new token. Using the RSA Authentication Manager console, new users can now be set up in just a few minutes.
15© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Frost & Sullivan The Last Word This paper has explained why any size organization can be a target for hackers and at risk of data breaches due to weak authentication. We have also shared how the legal and threat environment, combined with new operating necessities, such as BYOD, make multi-factor, Risk-Based Authentication a logical approach to reducing these risks. We included five RSA customer case studies showing the various ways that organizations are meeting their security challenges with RSA’s SecurID authentication platform. RSA’s SecurID is the most widely deployed one-time password platform, with over 25,000 customers worldwide and 40+ million tokens actively in use. Currently, over 350 million online identities are protected with Risk-Based Authentication by RSA. Robust authentication that is intuitive for users and available across multiple platforms is critical to effective utilization of today’s networks. Characteristics such as adaptability across a range of organizations, with a common interface and an over- arching management system are vital to insuring optimal security in today’s dynamic threat environment. Robust authentication that is intuitive for users and available across multiple platforms is critical to effective utilization of today’s networks.
877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the Discussion For information regarding permission, write: Frost & Sullivan 331 E. Evelyn Ave. Suite 100 Mountain View, CA 94041 Silicon Valley 331 E. Evelyn Ave., Suite 100 Mountain View, CA 94041 Tel 650.475.4500 Fax 650.475.1570 London 4, Grosvenor Gardens, London SWIW ODH,UK Tel 44(0)20 7730 3438 Fax 44(0)20 7730 3343 San Antonio 7550 West Interstate 10, Suite 400 San Antonio, Texas 78229-5616 Tel 210.348.1000 Fax 210.348.1003 Auckland Bahrain Bangkok Beijing Bengaluru Bogotá Buenos Aires Cape Town Chennai Colombo Delhi / NCR Detroit Dhaka Dubai Frankfurt Hong Kong Iskander Malaysia/Johor Bahru Istanbul Jakarta Kolkata Kuala Lumpur London Manhattan Mexico City Miami Milan Moscow Mumbai Oxford Paris Rockville Centre San Antonio São Paulo Seoul Shanghai Shenzhen Silicon Valley Singapore Sophia Antipolis Sydney Taipei Tel Aviv Tokyo Toronto Warsaw Washington, DC

Recomendados

Risky Business
Risky BusinessRisky Business
Risky BusinessSamantha Park
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 

Recomendados

Risky Business
Risky BusinessRisky Business
Risky BusinessSamantha Park
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017Insights success media and technology pvt ltd
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016thinkASG
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Creus Moreira Carlos
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)Julie Bridgen
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015James Sheehan
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Linux kursu-samsun
Linux kursu-samsunLinux kursu-samsun
Linux kursu-samsunsersld67
 
White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary EMC
 

Mais conteúdo relacionado

Mais procurados

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016thinkASG
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Creus Moreira Carlos
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)Julie Bridgen
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015James Sheehan
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 

Mais procurados (20)

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking Havoc
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
 
ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)ESR_cyberSecurity_issue-1-1 (1)
ESR_cyberSecurity_issue-1-1 (1)
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 

Destaque

Linux kursu-samsun
Linux kursu-samsunLinux kursu-samsun
Linux kursu-samsunsersld67
 
White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary EMC
 
Scala un lenguaje para multiprocesador
Scala un lenguaje para multiprocesadorScala un lenguaje para multiprocesador
Scala un lenguaje para multiprocesadorOctavio Luna Bernal
 
Fed's monetary policy quesitons
Fed's monetary policy quesitonsFed's monetary policy quesitons
Fed's monetary policy quesitonsTravis Klein
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Linux kursu-silivri
Linux kursu-silivriLinux kursu-silivri
Linux kursu-silivrisersld67
 
Ceps task force on copyright in the eu digital single market 14 nov 2012
Ceps task force on copyright in the eu digital single market 14 nov 2012Ceps task force on copyright in the eu digital single market 14 nov 2012
Ceps task force on copyright in the eu digital single market 14 nov 2012Rene Summer
 
Linux kursu-gaziosmanpasa
Linux kursu-gaziosmanpasaLinux kursu-gaziosmanpasa
Linux kursu-gaziosmanpasasersld67
 
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....dealhangat
 
Israeli palestine problems thur fri
Israeli palestine problems thur friIsraeli palestine problems thur fri
Israeli palestine problems thur friTravis Klein
 
EMC FAST VP for Unified Storage Systems
EMC FAST VP for Unified Storage Systems EMC FAST VP for Unified Storage Systems
EMC FAST VP for Unified Storage Systems EMC
 

Destaque (20)

Linux kursu-samsun
Linux kursu-samsunLinux kursu-samsun
Linux kursu-samsun
 
White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary White Paper: xDesign Online Editor & API Performance Benchmark Summary
White Paper: xDesign Online Editor & API Performance Benchmark Summary
 
Scala un lenguaje para multiprocesador
Scala un lenguaje para multiprocesadorScala un lenguaje para multiprocesador
Scala un lenguaje para multiprocesador
 
Fed's monetary policy quesitons
Fed's monetary policy quesitonsFed's monetary policy quesitons
Fed's monetary policy quesitons
 
Круглый стол по мотивации
Круглый стол по мотивацииКруглый стол по мотивации
Круглый стол по мотивации
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Napolean thurs
Napolean thursNapolean thurs
Napolean thurs
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
A guiding light for the processes in your private cloud
A guiding light for the processes in your private cloudA guiding light for the processes in your private cloud
A guiding light for the processes in your private cloud
 
Ppt toy3
Ppt toy3Ppt toy3
Ppt toy3
 
Linux kursu-silivri
Linux kursu-silivriLinux kursu-silivri
Linux kursu-silivri
 
Sixth element
Sixth elementSixth element
Sixth element
 
Ceps task force on copyright in the eu digital single market 14 nov 2012
Ceps task force on copyright in the eu digital single market 14 nov 2012Ceps task force on copyright in the eu digital single market 14 nov 2012
Ceps task force on copyright in the eu digital single market 14 nov 2012
 
Part 4
Part 4Part 4
Part 4
 
Linux kursu-gaziosmanpasa
Linux kursu-gaziosmanpasaLinux kursu-gaziosmanpasa
Linux kursu-gaziosmanpasa
 
12 reasons to love sql server 2012
12 reasons to love sql server 201212 reasons to love sql server 2012
12 reasons to love sql server 2012
 
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....
Bagaimana Untuk Membuat Tawaran Belian Berkumpulan Anda Sendiri @ DealHangat....
 
Jn wp wyt2012
Jn wp wyt2012Jn wp wyt2012
Jn wp wyt2012
 
Israeli palestine problems thur fri
Israeli palestine problems thur friIsraeli palestine problems thur fri
Israeli palestine problems thur fri
 
EMC FAST VP for Unified Storage Systems
EMC FAST VP for Unified Storage Systems EMC FAST VP for Unified Storage Systems
EMC FAST VP for Unified Storage Systems
 

Semelhante a You Are the Target

We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secureMeg Weber
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Financial Institutions, Merchants, and the Race Against Cyberthreats
Financial Institutions, Merchants, and the Race Against CyberthreatsFinancial Institutions, Merchants, and the Race Against Cyberthreats
Financial Institutions, Merchants, and the Race Against CyberthreatsEMC
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelCristian Garcia G.
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 

Semelhante a You Are the Target (20)

We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secure
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Financial Institutions, Merchants, and the Race Against Cyberthreats
Financial Institutions, Merchants, and the Race Against CyberthreatsFinancial Institutions, Merchants, and the Race Against Cyberthreats
Financial Institutions, Merchants, and the Race Against Cyberthreats
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 

Mais de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 

Mais de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach
 

Último

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

You Are the Target

  • 1. You Are the Target – But You Don’t Have To Be with Effective Authentication www.frost.com An Executive Brief Sponsored by RSA August 2013
  • 2. 2 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan YOU ARE THE TARGET – BUT YOU DON’T HAVE TO BE WITH EFFECTIVE AUTHENTICATION INTRODUCTION Any size organization can be a target, generally because of weak authentication. Password- only protection is simply too risky. In addition, stolen passwords were responsible for major thefts of records from Best Buy and Twitter. With the adoption of cloud-based IT infrastructures, and the pervasive use of mobile devices and mobile applications, IT organizations are being asked to secure what they don’t own, manage or control. For more on how to reduce the risk and the consequences of weak authentication, read on. This paper will show why any size organization can be a target; and how the legal and threat environment—combined with BYOD and cost factors—make multi-factor, risk- based authentication the logical approach to solving the problem. Case studies are used to illustrate. Robust, multi-factor authentication, which can increase the validation steps required if something seems out of the ordinary or if highly sensitive information is to be accessed, is a necessary and cost-effective way to reduce your vulnerability as a target. Relying on the leading vendor, RSA, is a proven strategy. In gauging threats, intelligence professionals start with the nature of the threat. We start with the most likely threat. Generally, this has meant that the target has employed poor authentication products and practices. We then move on to asking: who are they? What motivates them? What kinds of resources do they have at their disposal? Today’s adversaries cover a wide range of possibilities. At the top of the list are nation-states interested in learning defense secrets and gathering valuable data and trade secrets that can give them an edge in the global economy. Next in threat capabilities would be multi-national, non-state actors—such as organized crime—who target electronically stored information (ESI) that can either be resold or monetized in other ways. High on the list of their targets are databases of Personally Identifiable Information (PII), which would allow them or their customers to steal the identities of their victims; and then systematically loot their digital assets; establish false accounts to steal goods and services; while destroying the reputations and credit worthiness of their victims. Robust, multi-factor authentication, which can increase the validation steps required if something seems out of the ordinary or if highly sensitive information is to be accessed, is a necessary and cost- effective way to reduce your vulnerability as a target.
  • 3. 3© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Today’s competitive world means that organizations are keeping tabs on their competition in legal and illegal ways. Using social media, such as Facebook and LinkedIn, to learn about a competitor’s employees and plans is emerging as a common means of competitive intelligence gathering and industrial espionage. Hijacking Twitter Handles and other acts could have been prevented with robust authentication. Other threats include individuals and groups who are moved to correct social conditions they perceive as wrong. Dubbed “hacktivists,” these people have attacked a variety of organizations. Many of these groups are loosely organized, with no formal leadership; e.g., “Anonymous.” These groups can be especially dangerous because their very nature changes day to day, and their lack of a formal organization makes it difficult to track down individuals. Lastly, the threat can be a single individual. Aggrieved former employees and contractors are often unhappy about the circumstances of the termination of the relationship with their former employer or client. BAD THINGS HAPPEN TO GOOD PA$$WORDS—EVEN SECURE PASSWORDS AREN’T ENOUGH PROTECTION IN TODAY’S ENVIRONMENT All too often, organizations of all sizes rely on passwords as the way to confirm the identity of individuals who wish to access their electronic assets, as well as to guard access to their information technology (IT) infrastructure. Yet, passwords, even the most elaborate passwords, are not secure unless they are supplemented by other factors associated with the individual. This was not always the case. In the early days of computing, a user ID plus password was sufficient protection. This might have been fine when mainframes were the only IT resources, and were kept behind locked doors in special rooms. However, as Intel CEO Paul Otellini noted in his keynote speech at the 2012 Consumer Electronics Show, “Today your smartphone has more computing than existed in all of NASA in 1969.”1 This means that organizations need authentication security measures that provide appropriate security, can adapt to the dynamic threat environment, are easy for users to adopt, scalable across various sizes of organizations, and that can be easily integrated into complex and heterogeneous IT infrastructures. SIZE DOESN’T MATTER—ANY ORGANIZATION CAN BE A TARGET The adversary determines the target, and size does not matter; small sized organizations can be just as important to the attacker’s plans as the large ones. The following examples illustrate this point. 1 http://www.guardian.co.uk/technology/blog/2012/jan/11/ces-2012-intel-keynote-otellini Passwords, even the most elaborate passwords, are not secure unless they are supplemented by other factors associated with the individual.
  • 4. 4 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Small Company Small companies face increased risks on a global scale. According to David Willetts, British Minister of State for Universities and Science, “Companies are more at risk than ever of having their cyber security compromised—in particular small businesses—and no sector is immune from attack . . . But there are simple steps that can be taken to prevent the majority of incidents.”2 According to the 2013 Information Security Breaches Survey, released 23 April 2013, 87 percent of all small businesses in the United Kingdom experienced a breach in the last year. The survey indicated that breaches of small companies increased in the past year, and that the cost associated with these breaches could range up to 6 percent of company revenues.3 Small businesses can be targeted because they do business with larger businesses, such as defense contractors, major banks, etc. Their role as gateways for attackers has been shown in several major campaigns attributed to nation-states. Statistics for small businesses in the United States also show that they are major targets. According to Representative Chris Collins (R) of New York, himself a successful small business owner, “Although attacks on small businesses don’t make the headlines, a recent report shows nearly 20 percent of cyber-attacks are on small firms with less than 250 employees. Unlike a large company, small businesses may not be able to survive a cyber attack. Washington has begun to realize the importance and immediacy of this threat, but more must be done to help protect this vital segment of our economy from these increasingly complex attacks.”4 A typical small company situation could be a supplier to a large company. The large company is the real target; but it employs a layered security defense, including multi- factor authentication. The attacker has determined that the small company doesn’t employ any sort of security, other than passwords. Through diligent research on LinkedIn, the attacker has come up with several names of employees of the small company. The attacker employs a password cracker that he downloaded for free from the Internet—one like Password Cracker 3.97, available from Tucows.5 In short order, a suitable password is found. The attacker has gained access to the small company’s IT infrastructure, and is now free to rummage about to download data or to alter data, or even to destroy data essential to running the business. Essentially, small businesses are often targeted because they are perceived as gateways to larger businesses, in part, because they have weaker authentication mechanisms. 2 http://www.infosecurity-magazine.com/view/31999/infosecurity-europe-2013-technology-strategy-board-offers-money-to- small-businesses/ 3 http://www.infosecurity-magazine.com/view/31999/infosecurity-europe-2013-technology-strategy-board-offers-money-to- small-businesses/ 4 http://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=325034 5 http://www.tucows.com/preview/520041 Small businesses can be targeted because they do business with larger businesses, such as defense contractors, major banks, etc. Their role as gateways for attackers has been shown in several major campaigns attributed to nation-states.
  • 5. 5© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Midsize Business A midsized company manufactures equipment used in the testing of radar systems to be installed on fighter jets. The company competes with much larger companies, and has had to become innovative by developing unique processes to design its test algorithms. Unfortunately, the company has not upgraded its security to multi-factor authentication. Adding to the company’s vulnerabilities is its headquarters location—near popular coffee shops and eateries that offer free Wi-Fi. While convenient for the company’s employees to access IT resources, public Wi-Fi hotspots are also subject to sniffing attacks; attacks that require little technical skill. For example, as explained in “How Logging On From Starbucks Can Compromise Your Corporate Security,”6 packet sniffing can easily vacuum up sensitive data such as passwords. Once compromised, the passwords authorize access as if the attacker was a legitimate end user. Enterprises While enterprises with 1,000 or more employees have more resources than their smaller counterparts, it doesn’t necessarily follow that they are more secure. For instance, many large enterprises have grown by acquisitions; often, integrating the new company into the mainstream IT infrastructure of the acquiring company is not instantaneous. This contributes to uneven authentication approaches; e.g., strong (multi-factor) for some employees, but weak (e.g., password only) for others—yet both sets of employees can access similar sensitive resources. THE CHANGING ENVIRONMENT This section addresses four key areas that are impacting the operating environment: Legal, BYOD, Evolving Threats, and Cost Factors. One of the best ways that an organization can insulate itself, its people, and its assets in the face of these dynamic environmental factors is by employing robust authentication. Legal & Regulatory Data Privacy Laws Currently, there are approximately 50 countries that have data privacy laws of various types. The European Union, for example, is in the process of dramatically revising the breach disclosure and other aspects of its data privacy regulations.7 According to the Financial Times of London, EU-based firms could be fined up to 2 percent of a company’s global revenue for data breaches. International law generally recognizes three main classes of personal data that require special attention because they are legally regulated or scrutinized by an industry 6 http://www.securityweek.com/how-logging-starbucks-can-compromise-your-corporate-security 7 http://news.cnet.com/8301-1009_3-57573051-83/eu-feeling-pressure-to-tweak-data-privacy-legislation/#! One of the best ways that an organization can insulate itself, its people, and its assets in the face of these dynamic environmental factors is by employing robust authentication.
  • 6. 6 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan authority. Personal Health Information (PHI)8 is almost universally considered among the most sensitive types of data. This information concerns the health of specific individuals. Specific relevant US laws include the Health Information Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). Personally Identifiable Information (PII) is information that, if stolen, allows the thief to masquerade as the individual. PII is protected by a number of United States state and federal laws. Japan is also taking measures to strengthen data privacy for its citizens, such as by requiring strong authentication for online access.9 A third class of protected data is information that is regulated by the Payment Card Industry (PCI). This data is defined in PCI Data Security Standard 2.0,10 and covers the data used in digital payment and credit transactions. Confirming the identity of authorized users must be a prerequisite to giving them access to the organization’s IT resources. In Singapore, the Monetary Authority of Singapore (MAS) requires financial institutions to implement IT controls to protect customer information from unauthorized access and disclosure. Moreover, with the growing use of mobile banking, the risk of unauthorized access and disclosure is growing. Multi-factor authentication is one of the important and proven security technologies that elevate the protection of sensitive data stored and used by financial institutions, and that also contributes to building trust among mobile banking users. Breach Notification Laws The EU is taking stronger action on data breaches, as noted above. Readers should be aware that, as of August 2012, 46 states and the District of Colombia have enacted laws requiring organizations to notify individuals if their PII has been breached, or if the data controller (holder of the data) suspects there has been a breach.11 These notifications can be expensive, and they certainly raise questions of the organization’s trustworthiness in the minds of the customers, employees, patients, and others who may receive the notifications. Preventing such breaches can save organizations significant exposure. A basic step such as requiring multi-factor authentication is sensible to ensure that only properly authorized individuals are granted access. Industry Specific Laws A number of industries have specific laws that govern data security. The section on PHI, above, includes two laws in the healthcare industry. Other industries with their own regulations include, for example: the banking industry with its Gramm Leach Bliley Act 8 http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/underhipaa.html 9 http://www.infoworld.com/d/security-central/japan-tightens-personal-data-protection-356 10 https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0 11 http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx
  • 7. 7© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication and Federal Financial Institutions Examination Council (FFIEC); the North American energy industry, which is regulated by North American Electric Reliability Corporation (NERC);12 and the United States energy industry, governed by the Federal Energy Regulatory Commission (FERC).13 The point is simple—more regulations are likely to be enacted that will require enhanced information security measures. Bring Your Own Device (BYOD) In order to attract a new and vibrant workforce, and as a means to enhance productivity, organizations are allowing their employees and contractors to access the IT infrastructure with their personal smartphones, tablets, and laptops. Multi-factor authentication is necessary to ensure that authorized end users can access their IT resources from any device, while protecting the integrity of the IT infrastructure. Security solutions addressing BYOD need to work seamlessly, as software is embedded with applications. Furthermore, the use of a Software Development Kit (SDK) to integrate with a variety of applications that are core to the business is critical. A rich ecosystem of partners, such as that offered by RSA, is a major strong point. Many organizations have not considered the security aspects of this move, and have not suitably protected access to their information resources with enhanced security measures such as multi-factor authentication. Security principles hold that information is to be protected according to its value, not its location. Consequently, organizations are well advised to implement robust authentication across all means of entry into their IT and network infrastructure. Evolving Threats While threats in the past were mostly static and slow to develop, today’s threat environment is dynamic and unpredictable. Vulnerabilities are known to exist in today’s complex software and Web applications. Attackers exploit known and unknown vulnerabilities in several ways. One instance of quickly evolving threats is Advanced Persistent Threats (APT). This type of attack is highly targeted, adaptable, and designed to clandestinely yield long term results. Often these sophisticated threats include the use of social engineering, to compromise passwords, to gain access to networks as entry points for more robust attacks. Another threat is to attack vulnerabilities that even the product’s developers are unaware of. These attacks are called “Zero Day Attacks” because attackers exploit software code vulnerabilities before the vulnerabilities are known. These are just a sampling of the dynamic and unpredictable nature of today’s threat environment. The 12 http://www.nerc.com/Pages/default.aspx 13 https://www.ferc.gov/ Security solutions addressing BYOD need to work seamlessly.
  • 8. 8 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Stuxnet attack on the Iranian nuclear program is cited as a good example of this type of attack, as were the cyber-attacks on the Saudi government in May 2013. Organizations need to set policies based on risk, and implement those policies in a way that, when the end-user activity seems out of the ordinary, they are challenged with additional identity confirmation requirements, such as answers to security questions. Self- learning risk engines are proving to be efficient at uncovering anomalous activity. The ability to employ device and behavior characteristics, as well as identity authentication factors, strengthens assurances that end users are who they say they are. Cost Factors Successful attacks can result in significant direct and indirect costs, including: ▪ Loss of Intellectual Property – Trends indicate that attacks are becoming more focused. Organizations are often targeted because they have unique advantages in trade secrets, patent development, or both. Attackers, ranging from competitors to nation-states, seek access to intellectual property (IP). This IP can give attackers economic or efficiency advantages, in addition to saving them significant research and development (R&D) time and expense. ▪ Reputational Costs – Many businesses are based on trust. Organizations that handle sensitive data, such as PHI, PII, and PCI, are in a critical position of responsibility to safeguard this information. Breaches and unauthorized access to this information can result in wide ranging publicity that will negatively impact the public perception of the company. Lack of trust can lead not only to lost business, but legal action. ▪ Legal Costs – Organizations entrusted with sensitive data have a legal duty to protect that data. Failure to adequately protect can subject the company to lawsuits on a variety of grounds. These lawsuits can result in financial damages including retribution and fines. Failure to exercise due care, and adhere to the standard of care within the industry, such as multi-factor authentication, can strengthen plaintiff’s claims. ▪ Lost Employee Productivity – Considerable time can be spent in remediating breaches and unauthorized access. This is employee time that would have been better spent on other aspects of the business. It is also fair to say that employees have a certain level of trust in their employers. Employers, after all, store quite a bit of PII about their employees (e.g., salary information and performance reviews). Yet, the effort to recover from a breach of employee sensitive information can be just as taxing as a breach involving sensitive customer information. Organizations need to set policies based on risk, and implement those policies in a way that, when the end-user activity seems out of the ordinary, they are challenged with additional identity confirmation requirements, such as answers to security questions.
  • 9. 9© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication SOLVING THE PROBLEM Classically, organizations address security shortfalls with a combination of people, process, and technology. Multi-factor authentication snugly fits into this trifecta, and has proven to be a measure that can address a variety of security gaps across a wide range of organizations and industries. Applicable to Different Size Organizations – Scale A hallmark of leading edge technology is that it can be applied across organizations of varying size. This is because the key is not so much the size of the organization, but the ability of end users to conduct their work and access the resources they need in a secure and efficient manner. Security processes that consume end-user time or that are inconvenient are often ignored by end users. Moreover, end users develop work-arounds that circumvent the very processes and technologies that are designed to improve security. In addition, the move to Web-based applications and cloud services means that organizations must adopt security measures that can be operational as quickly as cloud services, and in a cost effective manner. Scalability costs are also important considerations, and include startup costs and ongoing maintenance. Assessing both classes of costs is especially important to organizations that are growing by acquisition. Risk-Based Authentication – Adapting the Protection to the Threat Security principles dictate that security measures should be applied based on the value of the data to be protected and the likely risks. Risk-Based Authentication (RBA) is a logical and proven technique for matching the level of protection with the risk. Key to success of a Risk-Based Authentication schema is the ability to process information during the log -in process, and to evaluate the level of risk of the particular end user seeking to be granted access. Conventional Risk-Based Authentication involves several steps: ▪ Device Validation – Devices can be identified by secure first-party cookies and Flash Shared Objects (sometimes referred to as Flash cookies). When these two components are used in tandem, there is a double layer of validation. Alternatively, device characteristics can be analyzed to develop a unique ‘fingerprint’ to establish its identity and its users. ▪ Behavior Profiling – In this phase, the context of the log-in is compared to known behavior and other factors, such as the sensitivity of the data. As the context risk and data sensitivity increase, the identity validation steps required of the end user to gain access are likewise increased. A hallmark of leading edge technology is that it can be applied across organizations of varying size. Security principles dictate that security measures should be applied based on the value of the data to be protected and the likely risks.
  • 10. 10 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan Risk-Based Authentication can provide end users with some very solid benefits. RSA’s Risk-Based Authentication can lower the authentication cost per user by up to 40 percent, when compared to traditional hardware authenticators. RBA can also considerably speed up deployment time in large organizations, typically reducing implementation across enterprise organizations from days to weeks.14 Risk-Based Authentication is particularly relevant in situations where the organization has privacy concerns, because this method of authentication is robust, yet does not infringe on end-user privacy. RSA, the dominant player in the market, employs Risk-Based Authentication which looks for anomalies based on historical patterns. Since it only tracks the authentication process, there are no privacy issues with this proven approach. Platform Agnostic Another key aspect of authentication technology today is that it must be platform- agnostic, meaning that the same level of authentication, and essentially the same process of authentication, must be facilitated across the platforms favored by end users. Also, some end users may be most comfortable with software on their desktop or laptop computers. This is a staple of many organizations and many industries. However, as industries evolve, so do their computing platforms. The authentication technology must also be available, in a consistent form factor, to function on mobile phones and tablets, so as to facilitate remote access 24x7 by authorized end users. Interestingly enough, many end users still prefer the comfort of hardware tokens. In fact, many large banks brand RSA hardware tokens for their large portfolio customers, to control access to their accounts. RSA’s software tokens are used for similar purpose, and add to choice and flexibility in strong authentication. RSA’s ability to enhance the security based on the cumulative learning of the sum of the authentication processes increases security—and is transparent to the user. The ubiquity of smartphones, exacerbated by the growing popularity of BYOD, mandates that authentication via SMS is another platform that must be part of the offering. Considering the ever-present and on-person nature of smartphones, these devices, when used with SMS, become an effective something-you-have authentication factor. Easy to Integrate Into Existing Operations End users do not want to be interrupted in their work; consequently, authentication technology must be easily integrated into their routines. Ideally, this integration would be at the lowest possible level in the technology stack, with native support being ideal. Embedding the authentication is a proven way of enhancing security while facilitating operations. Many organizations are taking advantage of the recently released SecurID platform version RSA® Authentication Manager 8.0. In particular, this release is optimized and 14 RSA Analysis Another key aspect of authentication technology today is that it must be platform- agnostic, meaning that the same level of authentication, and essentially the same process of authentication, must be facilitated across the platforms favored by end users. End users do not want to be interrupted in their work; consequently, authentication technology must be easily integrated into their routines.
  • 11. 11© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication certified as a VMware® Ready Virtual Appliance for use with popular VMware tools such as snapshots, VMotion and high availability. Examples of embedded authentication include SanDisk integration of RSA authentication into its flash drives; Privaris’s implementation with its biometric devices; and Juniper Networks working with RSA to enable mobile security services that unite strong authentication with secure remote access, to extend the security model and streamline the mobile user experience when accessing both corporate and cloud-based resources. RSA continues to revolutionize its multi-factor authentication portfolio, both organically and through acquisitions—such as PassBan, a visionary leader in mobile and cloud-based multi-factor authentication. There are also over 400 partners that have established RSA interoperability with their products and services, including Check Point, Cisco, Citrix, and IBM. Collectively, these examples illustrate that an authentication technology must be embraced by a robust ecosystem of interoperable products in order to drive widespread adoption. HOW SUCCESSFUL COMPANIES ARE MEETING THE AUTHENTICATION CHALLENGE This section provides highlights of how organizations of various sizes have solved their authentication challenges by employing RSA products. Grupo Bancolombia ▪ The Business – One of the largest banks in Latin America, founded nearly 70 years ago—and the largest in Colombia—the bank provides banking services to approximately 60,000 organizations and over 1.5 million retail customers. One of the bank’s key initiatives was to leverage the competitive advantages of its online banking portal. The portal is used by approximately 90,000 people in the organizational sector, and about two-thirds of its retail customers.15 ▪ The Security Challenge – A number of years ago, the bank noticed a significant increase in fraudulent access attempts to the online portal. According to Carlos Rodriques, Internet Manager of Bancolombia, “We knew we needed to respond quickly and effectively, both for the sake of our customers and to preserve the integrity of our offerings. Until that point, we had relied on applications we had developed in-house to prevent attacks. However, the severity of the fraud activity we were starting to see highlighted the need to strengthen our defenses with dedicated security solutions.” ▪ The Solution – The company wanted to be able to offer software-based authenticators to its retail customers, and hardware authenticators to its corporate clientele. The availability of both approaches was critical because retail customers want the convenience of not installing special software or having a hardware token; 15 http://www.grupobancolombia.com/webcorporativa/
  • 12. 12 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan while corporate clients want the security, durability, reliability, and standardization that comes with hardware tokens. ▪ The Impact – Subsequent to installing the solution, the bank saw a marked decrease in fraudulent activity targeting its online platform. According to Rodriguez, “Fraud fell by around 90 percent after we added the technology, and has remained constant ever since.” Banco Popular De Puerto Rico ▪ The Business – This largest commercial bank in Puerto Rico has 174 branches, almost 600 ATMs, and more than 27,000 Point of Sale (POS) terminals. The bank also provides a variety of Internet banking services, including: Internet Banking, e- Commercial Statement, and WebCash Manager.16 ▪ The Security Challenge – The bank had developed its own version of a three-step password process. Requirements of the Federal Financial Institutions Examination Council (FFIEC) mandated the use of multi-factor authentication as a prerequisite to enter online banking systems. ▪ The Solution – After performing a risk assessment, the bank decided that the combination of a Risk-Based Authentication system for its customers and a hardware- based authentication system for its internal network would be the optimal solution. RSA was chosen, after a vendor qualification process. The bank felt that the powerful nature of the RSA Risk Engine—tracking over 100 fraud indicators—would be the most effective way to manage security at the individual log-in level, with minimal interruptions and inconvenience to customers. According to Miguel Mercado Torres, CISO and VP Operational Risk management at the Bank, “We were keen to upgrade our solution, in light of the increase of cyber threats and cyber fraud activity. By adding an extra layer of security for access into the corporate Intranet, RSA SecurID authentication enables us to increase the number of people who are able to work from home, and also enables the sales team to complete more transactions while out in the field.” ▪ The Impact – The Bank has noticed a significant reduction in attacks on their customers’ accounts, and a corresponding increase in customer confidence and satisfaction with the bank. Lazio Innovazione Technologica (LAit) ▪ The Business – LAit is the IT development arm charged with working with Regione Lazio17 in Italy, to help the government in automating services and to stimulate adoption of digital services. These services include: healthcare, e-mail, and data transfers. One example was the Farmarecup project. This project provides consumers choice in pharmaceutical products from 170 pharmacies in Lazio, and 16 http://www.popular.com/en/business-online-services#GA=Online_Services__Business_Services__LP 17 http://www.regione.lazio.it/rl_sanita/?vw=contenutidettaglio&id=43
  • 13. 13© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication provides patient online scheduling of medical appointments through a self-service, Web-based appointment system. ▪ The Security Challenge – LAit needed an authentication mechanism that would integrate with existing systems, improve security, be patient-friendly, and that would be cost effective. ▪ The Solution – The company opted for a two-factor authentication system from RSA, because of its ease of use and management capabilities. The Technical Director of LAit, Vittorio Gallinella, explained, “We evaluated the performance of the systems in real-life scenarios. This was necessary to verify the compatibility and integration with LAit’s systems, as well as ease of installation.” ▪ The Impact – According to Regino Brachetti, President of LAit S.P.A., “Secure remote access and collaboration has enabled us to accelerate the process for booking medical appointments and exams, providing more efficient public services to Regione Lazio’s citizens. What’s more, thanks to two-factor authentication, we have reduced management costs by 70 percent.” The government found that the authentication system created the means to expand the range of services it offered. Separately, as noted by Mr. Gallinella, “We, above all, recognize the versatility of RSA SecurID—besides the simplicity of installation, management and use. Because of these characteristics, we have adopted this solution for other purposes too; in particular, providing remote access to a number of services for some Directorates and Departments, for system management and to give access to some resources. The solution enables us to unify password management and consolidate authentication management with a unique tool.” NTT Com Asia ▪ The Company – NTT Com Asia Limited is a wholly owned subsidiary of NTT Communications, which is the international and long distance arm of NTT (Nippon Telegraph and Telephone Company). NTT Com Asia serves as the regional headquarters of East Asia, covering Hong Kong, Macao, Taiwan, and Korea. The company provides multinational companies with end-to-end network and IT solutions. These solutions include cloud hosting, managed services, integrated solutions IP connectivity, and data center support. The company also provides local connectivity and services for small and midsize businesses.18 ▪ The Security Challenge – The company needed a strong authentication system to protect sensitive customer information, while ensuring compliance with local financial regulations. Due to its role as a communications provider, the company needed a security solution that would offer high availability and dependability on a 24x7 basis. According to Jonathan Wong of NTT Com Asia, “The goal of the project was to provide a system that enabled mobile workers at our customer sites to access sensitive information stored on their internal servers, from a remote location, 18 http://www.hk.ntt.com/en/index.html
  • 14. 14 © 2013 Frost & Sullivan. All Rights Reserved.August 2013 Frost & Sullivan whenever they needed it. The process had to be secure, but also needed to be simple enough to implement to a potential workforce of hundreds of thousands.” ▪ The Solution – NTT Com Asia selected the RSA SecurID solution to implement a two-step authentication process. ▪ The Impact – the company found that the implementation of the robust authentication system gave its customers a higher level of customer confidence and trust. Mr. Wong felt that the system was responsible for strengthening customer relationships. He noted, “Since we deployed RSA SecurID, the feedback has been very positive. The key theme coming through is reliability. Our customers trust the solution to deliver against their security requirements.” Red Bull Racing ▪ The Company – The Red Bull Racing team, based in United Kingdom’s Milton Keynes, is a double Formula 1 World Champion. ▪ The Security Challenge – The Red Bull Racing team regularly competes in Grand Prix events all over the world, and many employees are often traveling. Indeed, individuals frequently need to access the Red Bull corporate network from challenging locations and under significant time pressure—particularly those based in the pit lane on race day. In a fiercely competitive field like F1 racing, however, providing employees with fast and reliable access to critical applications and e-mail is just half the story. At the same time, Red Bull must ensure that any unauthorized attempts to access its network are effectively prevented, to keep team secrets from being leaked. ▪ The Solution – Hardware tokens were issued to around 400 employees, who adopted the new technology enthusiastically, thanks to the user-friendly easy-to-read design. In addition to the robust and reliable hardware element, Red Bull Racing was impressed by the fact that the RSA Authentication Manager integrated smoothly with its existing IT environment. ▪ The Impact – The new authentication system integrated well into the existing infrastructure. Neil Bailey, Red Bull Racing IT Infrastructure Manager, commented, “We were pleasantly surprised by how well the solution integrated with our Citrix Access Gateway VPN. It also works very well with our Cisco Secure Remote Access solution, enabling smooth delivery of applications. This effortless interoperability meant that migrating our user base to the RSA platform was quick and hassle-free.” Where new tokens needed to be allocated—for example to new employees—the process is now much simpler and more efficient. Previously, a skilled security expert would need to spend about 30 minutes in the authentication management console, setting up a new user and allocating them a new token. Using the RSA Authentication Manager console, new users can now be set up in just a few minutes.
  • 15. 15© 2013 Frost & Sullivan. All Rights Reserved. August 2013 You Are the Target – But You Don’t Have To Be with Effective Authentication Frost & Sullivan The Last Word This paper has explained why any size organization can be a target for hackers and at risk of data breaches due to weak authentication. We have also shared how the legal and threat environment, combined with new operating necessities, such as BYOD, make multi-factor, Risk-Based Authentication a logical approach to reducing these risks. We included five RSA customer case studies showing the various ways that organizations are meeting their security challenges with RSA’s SecurID authentication platform. RSA’s SecurID is the most widely deployed one-time password platform, with over 25,000 customers worldwide and 40+ million tokens actively in use. Currently, over 350 million online identities are protected with Risk-Based Authentication by RSA. Robust authentication that is intuitive for users and available across multiple platforms is critical to effective utilization of today’s networks. Characteristics such as adaptability across a range of organizations, with a common interface and an over- arching management system are vital to insuring optimal security in today’s dynamic threat environment. Robust authentication that is intuitive for users and available across multiple platforms is critical to effective utilization of today’s networks.
  • 16. 877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the Discussion For information regarding permission, write: Frost & Sullivan 331 E. Evelyn Ave. Suite 100 Mountain View, CA 94041 Silicon Valley 331 E. Evelyn Ave., Suite 100 Mountain View, CA 94041 Tel 650.475.4500 Fax 650.475.1570 London 4, Grosvenor Gardens, London SWIW ODH,UK Tel 44(0)20 7730 3438 Fax 44(0)20 7730 3343 San Antonio 7550 West Interstate 10, Suite 400 San Antonio, Texas 78229-5616 Tel 210.348.1000 Fax 210.348.1003 Auckland Bahrain Bangkok Beijing Bengaluru Bogotá Buenos Aires Cape Town Chennai Colombo Delhi / NCR Detroit Dhaka Dubai Frankfurt Hong Kong Iskander Malaysia/Johor Bahru Istanbul Jakarta Kolkata Kuala Lumpur London Manhattan Mexico City Miami Milan Moscow Mumbai Oxford Paris Rockville Centre San Antonio São Paulo Seoul Shanghai Shenzhen Silicon Valley Singapore Sophia Antipolis Sydney Taipei Tel Aviv Tokyo Toronto Warsaw Washington, DC