Software Authenticators: Showcasing Convenience with Security

Software Authenticators: Showcasing
Convenience with Security and Future
Concepts
RSA Global Summit 2014
RSA SecurID Software Token Library
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
2
“I’m kind of a big deal”
RSA SecurID
Token Record
1010100010101010
1011101011101010
1010100010010101
00110101010
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
3
Security
DISCONNECTED, one-time
passcode generation reduces
the attack surface
DEVICE BINDING allows the
token record to only be
imported to the device you
specify
COPY PROTECTION prevents
the token record from being
copied to another device
PINPAD STYLE combines the
something you know with the
something you always have your mobile device.
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
4
Administration
MULTIPLE TOKEN support
allows up to 10 tokens per
device.
TOKEN RECOVERY allows the
admin to re-provision the
token record from one device
to another, reducing the
replacement token costs.
DYNAMIC SEED provisioning
ensures the token record is
not transferred across the
wire, preventing interception
by attackers.
QR Code import allows the
end user to simply scan a QR
image to import the token
record.
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
5
Usability
REDESIGNED USER
INTERFACE across all OS
platforms – iOS, Android,
BlackBerry 10 and Windows
Phone
EXPIRATION NOTIFICATIONS
displayed to the end user 30
days prior to the token
expiration date.
IMPORT AUDIT LOG allows
customer support to better
understand token record
provisioning errors
MULTIPLE LANGUAGE
SUPPORT enables faster
cross-geo adoption.
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
6
Benefits of Software Token Adoption
 ‘Something you have’ becomes
‘something you always have’
 Realize cost savings
– No mailing costs
– Streamlined administration
– 100% Token Record Recovery and
Repurpose
 Software Tokens are on average about
20% less than hardware tokens
© Copyright 2014 EMC Corporation. All rights reserved.
#RSAsummit
7
RSA SecurID Mobile SDK
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
8
How does AM Prime Work?
 AM Integration Services
 AM Prime Self Service Portal
 AM Prime Help Desk Admin Portal
 AM Bulk Admin
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
9
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
10
Demo
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
11
Fast, Secure Token Provisioning
ACTIVATION CODE can be
delivered out-of-band to
authenticate the end user and
expires after 7 days.
DEVICE BINDING allows the
token record to only be
imported to the device you
specify.
DYNAMIC SEED provisioning
ensures one-time use only.
No old token records floating
around in email inboxes.
QR Code import ensures that
an attacker cannot intercept
the token record in transit.
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
12
McKesson
Challenge
 9,000 software tokens expiring within 4 months
 Support call volume is significant enough to be tracked at an
executive level
 User population can range from a technologist to a relatively
nascent computer user
Solution
 Built redundant infrastructure with multiple
internal and external access
 Construct, test and replicate the image
 Build the message and communicate users
PATRICK ENYART
Senior Director – Security Operations
“RSA and McKesson Security Operations worked
together to migrate almost 10,000 users to new
tokens in 8 weeks while not increasing support
call volumes.”
© Copyright 2014 EMC Corporation. All rights reserved.
Applications
 Remote Access
Authentication
Results
 All users were migrated except 200 who did not call for support
 Monitoring trending of support calls which are steadily trending
downward as of now
 Building a report for monitoring the volume of site usage
#RSAsummit
13
Q&A
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
14
Don’t miss these sessions…
 Wednesday 2:45 PM – 3:30 PM
Leveraging Your SecurID Investment: Increase Protection without Increasing
Costs with Scott Atchue and Rachael Stockton (RSA)
 Wednesday 3:45 PM – 4:30 PM
Taking Authentication into the 3rd Platform – Cloud and Mobile with Ayelet
Biger-Levin
 Thursday 10:45 AM – 12:30 PM
RSA Authentication Manager 6.1 Data Migration Hands-On-Lab with Bill Burdzel
(RSA)
 Thursday 11:45 AM – 12:30 PM
Under the Hood: Streamlining and Automating RSA Authenticator Lifecycle
Management with Sean Doyle (RSA) and Patrick Enyart (McKesson)
#RSAsummit
© Copyright 2014 EMC Corporation. All rights reserved.
15
THANK YOU