Upload
truongdien
View
221
Download
0
Embed Size (px)
Citation preview
SESSION ID:
#RSAC
Chris Taylor
How Next Generation Trusted Identities Can Help Transform Your Business
SPO-W09B
Senior Product ManagerEntrust Datacard@Ctaylor_Entrust
#RSAC
Identity underpins our PERSONAL life
2
#RSAC
Identity underpins our WORK life
3
#RSAC
So, what’s the problem?
4
TOO MANY IDENTITIES, TOO MANY PASSWORDS
#RSAC
Mega-breaches target password weaknesses
5
#RSAC
Solving the core issue
6
BUILDING A TRUSTED DIGITAL IDENTITY & EMPOWERING MOBILITY
#RSAC
Achieving Usability & Security
7
#RSACSO HOW DO WE MOVE
TOWARDS TRUSTED
IDENTITES?8
#RSAC
9
#RSAC
Benefits of a Mobile-Based Trusted Identity
10
Protect the business & our customers
Improve productivity & UX
New Services / better processes
Reduce IT cost and complexity
#RSAC
Powerful Native Features Enhance Security
11
TEE & Secure Element
Biometrics Crypto
“Out of Band” Channel
Application Sandbox
Device & Location Attributes
#RSACTransparent/Low friction security that adapts to risk
12
RISK VECTORS
Jail broken phonesLost/stolen phonesRogue applicationsBreached credentialsImpersonating devicesBanking trojans/malwareCNP fraud
SECURITY LAYERS
USER
OPERATING SYSTEM
CHANNEL
TRANSACTION
DEVICE
Jailbreak detectionSandboxingMalware detectionTrusted execution environment (TEE)
Device fingerprintingGeo-locationDevice IDProtected application access
Mutual SSL authentication
Adaptive authenticationEmbedded digital IDPush authentication
Push transaction signingTransaction signing tokens
#RSAC
MOVING TOWARDS
THE PASSWORD-LESS
ENTERPRISE
13
#RSAC
APPROVALS & SIGNING
TRANSACTIONVERIFICATION
FEDERATE TO SAAS
PHYSICALACCESS
VPN
LOGICAL ACCESS
Use Cases
#RSAC
VPN Authentication
15
PROBLEM:
Hardware tokens are secure but not user friendly
IT provisioning and logistics is complex
Expensive, limited use technology
SOLUTION:
Mobile Push Authentication simplifies 2FA for users and IT
#RSAC
Mobile Push for VPN authentication
16
No hardware tokens to carry
Better user experience
Easy user provisioning
Certificate approach is password-less
xxxxx
xxxxx
xxxxx
#RSAC
Physical / logical access
17
PROBLEM:
Passwords are painful to use and insecure
Smart cards are expensive and complex to deploy
Building access cards are insecure
SOLUTION:
Transform mobile devices into multi-purpose virtual smart cards
#RSAC
Windows SCLO
18
Traditional Smart Card
#RSAC
Windows SCLO
19
Traditional Smart Card
Virtual smart card reader
Mobile Virtual Smart Card
Convenient “auto-detect”
Secure “auto-logout”
#RSAC
Physical access
20
NFC-based communication to PACs
Convenient / always in hand
Strong Authentication
Can’t be “skimmed”
PKI certificate-based
Biometrics
PIV / Derived Credential compliant
#RSAC
On-the-go approvals
21
PROBLEM:
Constant need to improve business process (employees and customers)
Many processes require formal approvals / signatures
Traditional digital signing is complex to deploy and have a poor UX
SOLUTION:
Use mobile for anywhere, anytime digital signing
#RSAC
Digital Signature Using Mobile
22
Enable Business Transformation
Convenient / user friendly process
Improve internal efficiency
Improve consumer experience
2. Transaction approval
1. Transaction origination• Doctor writing a prescription • Banker offering a loan• Employee submitting a requisition
#RSAC
Summary
23
Identity is critical to today’s connected enterprise
Dated authentication methods fall short
Security Usability Cost / IT management
Mobile trusted identities transform business and the password-less enterprise
More secure More convenient Truly multi-purpose
#RSAC
Apply what you have learned today
Next week you should: Identify opportunities and use cases in your organization whereby
trusted identities on mobile devices can be leveraged
In the first three months following this presentation you should: Assess the critical qualities that would be used in the vendor
qualification process Begin vendor selection
Within size months you should: Select a vendor’s solution and conduct a pilot with your first use case Plan the implementation for supporting all use cases
24
#RSAC
BACK UP
25
#RSAC
All industries are at risk
26
EMPLOYEE IDENTITIES ARE BECOMING A WEAK LINK
#RSAC
Mitigating the risk of fraud
27
PROBLEM:
Fraud attacks are increasing in scope and sophistication
Customer data, enterprise systems, intellectual property & money are at risk
Malware can “ride” on authenticated user sessions
SOLUTION:
Use mobile to verify transactions “out of band” defeating account takeovers
3USE CASE
#RSAC
Mitigating the risk of fraud
28
3USE CASE
Let’s say you want to execute a $5000 bank transfer…
How can you be sure your PC is not infected with malware?
Compromised with desktop Malware?
#RSAC
Mobile for Transaction Verification
29
3USE CASE
Compromised with desktop Malware?
Transaction details retrieved over secure connection
QR Code
Offline TransactionVerification
#RSAC
• Not portable• Secure location• Work only
• Portable• Less Secure Locations• Work & some personal
• Highly portable• Anywhere anytime access• BYOD
Mobile will become the New Enterprise Desktop
#RSAC
Mobile as the New Desktop
31
DIGITAL IDENTITY
#RSAC
Entrust Datacard Corporate Overview
32
Trusted Identities | Secure Transactions
Privately held, headquartered in Minneapolis, MN, USA
Founded in 1969
Approximately $650M in annual revenue
2,000+ employees
34 worldwide locations
Sales, service and support covering 150+ countries
#RSAC
So what’s the problem?
33
Too many identities
Too many passwords
Too many password rules / changes
Lost / forgotten cards / hardware tokens
More regulatory laws around identities
#RSAC
Mobile- A unique blend of security and usability
34
Users want to carry them
• Always in hand• Always connected• Convenient• Support work / personal balance
Smart phones are becoming ubiquitous
• Both enterprise and consumer segments
Technology and security allows them to be used for multi-purpose trusted identities
#RSAC
Adaptive Authentication Platform
35
FRICTIONLESS EXPERIENCENo passwordsIdentify with a simple swipeFamiliar for smartphone usersHighly secure
ENABLING SOLUTIONAdaptive authentication — identifies risksLayered security — device, identity & behavior analyticsSupport for Apple, Samsung & Windows devicesTransaction signing for CNP transaction
RELEASE 11
#RSAC
Security for Every Vulnerability
36
AUTHENTICATION
USERPhone Jailbreak or
Root Detection
MOBILE SECURITY ONLINE SECURITY
App Access Control —PIN, Biometrics
Device Authentication —Device Fingerprinting
Adaptive Authentication — External Risk Engines & Contextual Data
User Authentication — Transparent OTP or Certificate-Based
Transaction Authentication —Mobile Push Notifications
Strong Identity Protection —TEE Storage
DEVICE
CHANNEL
TRANSACTION
APPLICATION
#RSAC
Stronger controls are not always betterSome offer better security but… Costly Logistics to issues / replace User have to carry them User experience frustrating Not multi-purpose Can you issue them to customers and partners?
More complex passwords?
Hardware tokens for the masses?
USB security keys?
Smart cards?