Security

1

• Secure
• User
• Access
• Wayne Price
• Sr. Channel Sales Manager
• RSA Security, Inc.
• October 18, 2005

2
Agenda

• What is strong authentication
• Why strong authentication is critical to your
  business
• Call to action

3

• What is strong authentication?

4
Identification vs. Authentication

• Identification
• Who are you?
• Authentication
• Prove it

5
Two-Factor User Authentication
PIN
6
AuthenticationThe Cornerstone to E-security

• Authentication is the essential foundation for
  e-business
• Establishes trust by proving identities of the
  participants in a transaction
• Without knowing with a high level of certainty
  who you are dealing with
• Not possible to properly assign access control
  other rights
• Not possible to trust a digital signature
• It makes no sense to encrypt data if you dont
  know whos on the other end of the line

7
Two-Factor AuthenticationThe Advantages

• Ensures greater security than the traditional
  static password that is easily guessed or
  compromised
• Positively identifies users by combining
  something they know and something they have
• Two-Factor authentication is virtually hack
  proof
• Offers a wide selection of form factors

8
Two-Factor AuthenticationThe Advantages

• Solves the age old problem with static passwords
• IF I KNOW YOUR PASSWORD, AND
• YOU DONT KNOW THAT I KNOW YOUR PASSWORD
• THEN YOU DONT EVEN KNOW THAT YOU HAVE A
  PROBLEMOUCH !

9
AuthenticationThe Basics
Something you know Something
unique about you - Fingerprint -
Face Recognition - Iris

• Password
• Pin
• Mothers maiden name
• Something you have
• - Key
• - Token
• Smart Card
• Digital Certificate

10
Authentication ChoicesRelative Strength
PIN
PIN
PIN







No PasswordPolicy
PasswordPolicy
Password
11
AuthenticationConsidering Your Choices

• Information at Stake
• gt Mission-critical
• gt High- value
• gt Privacy issues
• Corporate Infrastructure
• gt Investment protection
• gt Technology preferences
• Deployment Admin Expectations
• gt Deployment gt Zero Footprint? gt Touch all
  desktops? Can deployment be accomplished in
  phasessupport passwords to start as users are
  migrated to authentication devices over time?
• gt Training support (helpdesk)
• User Acceptance
• gt Multiple authentication device form factors
• Budget Constraints
• gt Cost per user?

12
Authentication Form Factors
13

• Why strong authentication is critical to your
  business

14
Why Strong Authentication is Critical to Your
BusinessUnlocking Financial Returns

• 1--Lower Costs
• Cost savings
• Cost avoidance
• Efficiency
• Effectiveness
• 2--Increase Revenues
• e-Business enablement
• Revenue enhancement
• Expanded markets
• Competitive advantage

• 3--Mitigate Risk
• High-value information
• High-value transactions
• 4--Increase Compliance
• Regulations
• Partners
• Customers
• Competitors

15
Lower CostsAutomate Business Processes Securely
and Confidently

• Cost Savings
• New process is less expensive
• Reduce help desk calls for password resets
• Cost Avoidance
• New process scales to higher levels than before
• E.g., avoid spending as many additional dollars
  in support of larger scale

• Efficiency
• Saves time
• E.g., e-business transactions are now processed
  in 3 hours, compared to 15 days
• Effectiveness
• Increases productivity
• Do more with what you have
• E.g., A higher of e-business transactions are
  closed

16
Increase RevenuesFully realize the potential of
conducting e-business

• Pursue new and additional sources of revenue
• Cross-sell, Up-sell
• More transactions per customer
• Reduced drop-off
• Expand markets
• New revenue streams

• Competitive advantage
• Positioning / Image
• Cost
• Convenience
• Speed

17
Mitigate RisksSecurity breaches are costly in
dollars and reputation

• Indirect loss
• Loss of potential sales and competitive advantage
• Negative publicity
• Loss of goodwill and trust
• Legal exposure
• Failure to meet contractual milestones or
  statutory regulations for the privacy of data
• Due to illegal user or intruder activity on
  company systems

• Productivity loss
• Disruption of internal processes and
  communications with customers
• Monetary loss
• Corruption of accounting system -- delays in
  shipping and billing
• Diversion of funds

18
Increase ComplianceAvoid loss of revenues and
legal fines

• Regulatory compliance
• Failure to implement could mean fines, loss of
  revenues, jail terms, etc.
• E.g., Sarbanes Oxley, HIPAA, Gramm-Leach-Bliley,
  FDA 21CFR11, EU Data Security Directives, etc.
• Partner compliance
• Failure to implement could mean losing our
  ability to participate with a key partner or
  group of partners
• E.g., Identrus, Federal Bridge CA, Healthcare
  Bridge CA, Canadian Payments Association, etc.

• Customer compliance
• Failure to implement could mean the loss of a
  business relationship with a key account
• E.g., All auto parts suppliers must implement by
  ...
• Competitive compliance
• Failure to implement could mean the loss of
  competitive advantage and likely revenue loss
• E.g., Catch up with competitive capabilities

19

Popular examples where strong authentication is
used today
20
AOL PassCodeAcquisition Keyword - Online
Registration Binding
21
E-TRADE Offering
22
Call to action

• Educate yourselves, your users, your customers,
  your partners, etc.
• Understand that handling user/customer
  information is a privilege, not necessarily a
  right.
• Identify your vulnerabilities and opportunities.
• Set and enforce security policies that protect
  personal identity data.
• Position security technology as a competitive
  advantage.
• Become a security advocate.