The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
-
Upload
portalguard-dba-pistolstar-inc -
Category
Documents
-
view
1.097 -
download
1
Transcript of The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of NOT Using Single Sign-On with Two Factor Authentication
Presented by
Here to provide you with food for thought
Setting expectations
Managing your corporation’s password systems
Housekeeping
Enhance the user experience and improve productivity
Improve security
Simplify auditing and compliance
Reduce cost
Contact details will be provided at the end of the presentation. We welcome questions and comments.
Run time of approximately 15 minutes
According to a recent Gartner1 study….
• 30% of help desk calls are password related
• Average employee calls 1-2 times per month
• Each call costs ~$30
$630,000x 30% password related
1000 users x 21 calls per user per year
$189,000 per year on password resets
21000 calls per yearx $30 per call
1-Password Reset: Self-Service That You Will Love (Gartner Research Note T-15-6454)
2012 Security Breaches
Network gets hacked millions of users and passwords compromised
Lets take it to a more personal place….
• Hacker wanted to take control of Mat’s Twitter account• Mat’s Gmail and home address were located on his Twitter profile• From the Gmail password recovery screen, the hacker discovered
Mat’s backup email address – a .me account• To access Mat’s Amazon account, they did a simple hack and added
a credit card number by calling and giving Mat’s email and billing address
• The hackers called back to Amazon and added another email address to the account
• Next they did a password reset on the account via the new email address and now owned Mat’s account and last 4 digits of his original credit card on the account
• The hacker next called Apple and was able to have his Apple ID given to him using his billing address and the last 4 digits of his credit card – which he knew from his Amazon account
• The hacker used the Apple ID to login to Mat’s .me account and reset the password
• The hacker now has full control of Mat’s .me account as well as Mat’s iCloud
• The hacker leverage the forgotten password on Gmail and had a new password sent to his .me account.
• The hacker was then able to access Mat’s Gmail account and effectively his entire digital identity
• The hacker was now able to take over his Twitter account• Having access to Mat’s Apple ID, the hacker was able to remotely
wipe his iPhone and MackBook
The LOSS:
Single Sign-On using Strong Authentication
Two-factor authentication
Contextual-based authentication
Self-service password management
Reduce cost associated with multiple passwords
Enhancing the user experience while increasing productivity
Increasing security around a single point of access
Simplifying auditing and compliance
Passwords are expensive
30% of help desk calls are password related
Reducing the number of passwords reduces the number of help desk calls
Implementing SSO and self-service password reset will result in ROI in months…not years!
Passwords for:• Email• CRM• ERP• Marketing automation
• Accounting• Project management• Payroll• Many many more…
Of those passwords, how many are scribbled on sticky notes?
SSO eliminates the need for multiple passwords allowing users to maintain a single password
Fewer password related help desk calls and lost productivity while IT comes to the rescue
Average downtime for a user waiting for a password reset: 20 minutes! Lost time that can never be recovered.
Take advantage of self-service password reset options to further enhance the user experience and take burden off of help desk staff
Strong Authentication:When you have a single point of access… it better be secure!!
Strong authentication + SSO = Secure Network
Two-factor authentication increases security by some thing you know – a password and leverages something you have – mobile phone, laptop
Example: • User logs in with user name/password• User receives SMS with one time password (OTP)• User is prompted to enter OTP on screen• System verifies user identity and grants access
Secure roaming or remote employees with contextual authentication. Gauge risk based on where user is logging in from, basing the level of authentication accordingly.
Example:• Network detects user is logging in via LAN connection, authentication method =
password • Network detects user is logging in from remote location during off hours,
authentication requires password and OTP
Benefit from configurable password policies – you set the requirements for passwords or pass phrases along with how often password expire; how frequently users can change the password
Should security be compromised, IT will have a cleaner log of accounts to research and identify the rogue account.
Gartner is predicting the number of regulatory requirements directly affecting IT will double over the next few years.
SSO helps alleviate some of the challenges of regulatory compliance such as SOX, HIPAA, GLB and FFIEC.
Implementing SSO creates a centralization of authentication
Forces you to think about and document the logging and auditing of your systems
Centralized authentication and documentation boosts your compliance efforts
Fewer password records means reducing the manpower spent each year on compliance.
SAML SSO
Security Assertion Markup Language – the predominate identity federation standard that enables SSO
OASIS approved standard: version 2.0 ratified in March 2005
In a nutshell – SAML SSO eliminates multiple passwords and streamlines access for the user
SAML is:
Platform neutral – workstations, tablets and mobile devices
Improves online experience for end users
Increases security
Supported by many SaaS applications with strong commercial and open source support
Can we go with a ‘homegrown’ approach?
Higher upfront costs in development and testing consuming resources
Additional lead-time is required – pushing out deployment schedule
You get to work out all of the bugs!
Workforce and expertise attrition
Ongoing maintenance demands and cost
PortalGuard Product Offerings
Single Sign-On
Two-Factor Authentication
Contextual Authentication
Self-Service Password Reset
Password Management
Password Synchronization
Professional Services
Thank you!
Check out videos, tutorials and tech briefs at
www.portalguard.com
Email Mark Cochran