Copyright © 2015 Centrify Corporation. All Rights Reserved. 1

7 Challenges of Deploying Multi-factor Authentication (MFA)

Copyright © 2016 Centrify Corporation. All Rights Reserved. 2

Every Organization Needs MFA

Weak passwords

Increasingly sophisticated attacks

Growth of the cloud and its inherent security risks

Increased use of mobile devices, spreading risk everywhere

Copyright © 2016 Centrify Corporation. All Rights Reserved. 3

But Deploying MFA Can Be Challenging

Complexity

Usability

Flexibility

AdaptabilityCompatibility

Ubiquity

Visibility

7MFA Challenges

Copyright © 2016 Centrify Corporation. All Rights Reserved. 4

Complexity

Why is legacy MFA complex?

• Hardware tokens are costly to replace

• Legacy systems require IT resources for management and upkeep

• Legacy MFA systems are closed/not extensible to modern apps

• Select an MFA solution with a cloud-based architecture, eliminating the need for dedicated on-premises infrastructure and hard tokens

Copyright © 2016 Centrify Corporation. All Rights Reserved. 5

Is there a balance between security and user experience with MFA?

• IT must set the right balance

Usability

• It’s always a give and take• Using single factor will please the users

but be too risky• Keeping MFA on all the time will not be

adopted by users

Copyright © 2016 Centrify Corporation. All Rights Reserved. 6

Flexibility

Can MFA be offered with a choice of authentication factors?

• Good MFA solutions offer multiple authentication factors, which vary by situation

• Mobile-based MFA must be able to provide OTP, even without cell coverage

Copyright © 2016 Centrify Corporation. All Rights Reserved. 7

Adaptability

Can MFA be context aware?

• ‘Always on’ approach isn’t the best user experience when it comes to MFA

• Forrester recommendation: Challenge the users only as needed

• Use a second factor only if the context is different – e.g., user location, time or device

Copyright © 2016 Centrify Corporation. All Rights Reserved. 8

Compatibility

Is MFA compatible with other technologies and standards?• Integrating with other security

technologies such as SSO will further mitigate security risk

• MFA should comply with standards such as RADIUS and OATH

Copyright © 2016 Centrify Corporation. All Rights Reserved. 9

Ubiquity

Where is MFA needed?

• ‘Half Protected is Half Not’ – deploying MFA in silos leaves companies exposed to attacks

• MFA must protect all access points: cloud and on-premises apps and resources; network access via VPN; end users and privileged users

• MFA must offer cloud-based deployment for ubiquitous policy management

Copyright © 2016 Centrify Corporation. All Rights Reserved. 10

Visibility

How is MFA compliance measured?

• Best-in-class MFA solutions offer visibility and reporting across every user and device throughout your entire environment, including SaaS, IaaS, VPN and on-premises resources

Copyright © 2016 Centrify Corporation. All Rights Reserved. 11

MFA for On-premises Applications

MFA for Server Logins and Privilege

Elevation

MFA for Cloud Apps

MFA for VPNMFA for Cloud Infrastructure (IaaS)

MFA for SharedResources

Centrify Identity Platform

Centrify Addresses These ChallengesEvery User. Every IT Resource. Across Your Enterprise.

Copyright © 2016 Centrify Corporation. All Rights Reserved. 12

Thank YouDownload Best Practices for Multi-factor Authentication

See how Centrify can simplify your MFA deployment challenges