Despite new security risks posed by a rapidly evolving technology environment, most companies continue to rely on the traditional username and password sign-on to verify a user’s identity. A study by Forrester Consulting demonstrates that organizations are unnecessarily leaving themselves open to unauthorized access by hackers and e-criminals.
Enhancing Authentication to Secure the Open Enterprise
1. Enhancing Authentication to Secure the
Open Enterprise
Findings: Forrester Consulting Commissioned Study
Enhancing Authentication to Secure the Open Enterprise 1
2. SAFE INITIATIVE
1 About The Study
2 Myths and Misconceptions
3 Essential Steps and Key Recommendations
4 How Symantec can help
Enhancing Authentication to Secure the Open Enterprise 2
3. Basics of the Study….
• Who did Forrester talk to?
– 306 enterprises in North America
– Companies ranged from 1,000+ employees to 20,000+ employees
– Industries ranged from Manufacturing to Media and Entertainment (20%
Mfg; 18% Fin Svc; 17% Business Svc; 12% Retail; 9% Healthcare)
– Job role ranged from IT manager to CIO/CTO (39% IT Mgr; 24% Director of
IT security; 26% CIO/CTO/CISO)
• When did the study take place?
– Between September and November 2010 with final results published in
December, 2010
• Why did we do it?
– To understand the changes in corporate IT environments over the last few
years and how this relates to their authentication strategy
4. Key Finding #1: IT Environments are Expanding Beyond
Traditional Corporate Boundaries Introducing Risk
• Widespread use of Web 2.0 and
cloud based applications
• Lots of remote workers accessing
the corporate network
• Employee owned personal
computers & devices on the
corporate network
• Number of security breaches have
gone up
Enhancing Authentication to Secure the Open Enterprise 4
5. Key Finding #1: IT Environments are Expanding Beyond
Traditional Corporate Boundaries Introducing Risk
• 76% of enterprises using SaaS based applications; 54% of
enterprises using two or more SaaS applications
• External collaboration and communication outside corporate
systems very popular
– Web conferencing: 77%
– Personal email: 70%
– IM: 44%
– Social Networking: 40%
• 25% Have full access to corporate LAN with personal computer
• Over 50% have remote access to corporate LAN from personal
computer
• 58% have had data breach in last year
6. Key Finding #2: Password Issues are The Top Access Problem
• Policies on password composition getting more and more
complex
• Password expiration and lock out to mitigate risk have become
a major burden
• Password related issues generating in-ordinate number of help
desk calls costing companies dearly
• Use of strong authentication technologies is lagging
7. Key Finding #2: Password Issues are The Top Access Problem
• 66% of companies have at least 6 different password policies
• 87% of companies require users to remember at least 2
passwords and 27% require users to remember 6 or more
passwords
• 81% of companies report complex password policies to be
single biggest user complaint
8. Key Finding #3: Outdated perception of cost and value inhibit
adoption of Strong Authentication
• Many companies have not implemented any form of strong
authentication
• Majority of companies who have implemented strong
authentication have only done so for a subset of users accessing
their network
• Incorrect perception of cost of ownership of strong
authentication solutions are top reasons for not implementing
technology
9. Key Finding #3: Outdated perception of cost and value inhibit
adoption of Strong Authentication
• Only 30% of companies require strong auth as primary
authentication system for access to corporate network
• 67% of companies have no strong auth requirement for
partners
• 57% of companies sighted cost of ownership as main
impediment to adopting strong auth
• Growing use of mobile token or token-less authentication
among adopters of strong auth
10. 1 About The Study
2 Myths and Misconceptions
3 Essential Steps and Key Recommendations
4 How Symantec can help
Enhancing Authentication to Secure the Open Enterprise 10
11. Common Myths and Misconceptions
MYTHS RESPONSES
Inherent improvements to the technology, new
Implementation of strong models for its delivery, and broader applicability of
the technology from a risk perspective, given the
authentication is expensive. opening up of the enterprise to SaaS have
dramatically reduced TCO of strong authentication.
Adequately protecting a single gateway, such as a
Protecting a single gateway channel VPN, while employing antiquated protection to other
is sufficient. avenues essentially means you are locking doors and
opening windows.
Data is stored everywhere, access is everything. The
Password-based protection is perimeters must come down to support business
enough. needs. Antiquated password policies no longer
suffice.
Enhancing Authentication to Secure the Open Enterprise 11
12. 1 The Study
2 Myths and Misconceptions
3 Essential Steps and Key Recommendations
4 How Symantec can help (Atri)
Enhancing Authentication to Secure the Open Enterprise 12
13. Recommendations
• Take action on strong authentication to counter growing risk
in the threat landscape.
• Expand strong authentication from selective use to
standardized practice
• Reassess use of the technology given that industry innovation
has conquered major cost and usability concerns
• Align strong authentication with open enterprise initiatives
Enhancing Authentication to Secure the Open Enterprise 13
14. 1 The Study
2 Myths and Misconceptions
3 Essential Steps and Key Recommendations
4 How Symantec can help
Enhancing Authentication to Secure the Open Enterprise 14
15. User Authentication Product Family
Public Key Infrastructure VeriSign Identity Protection Fraud Detection Service
Rules Eng. Behavior Eng.
RISK SCORE
PKI service issues certificates Shared cloud-based two-factor
for strong authentication, authentication solution offering Risk-Based authentication and
encryption and digital signing multiple credential choices software-based fraud detection
Government Enterprise
eCommerce Financial Services
Enhancing Authentication to Secure the Open Enterprise 15
16. For more information on this study, or to find more information,
please go to
www.verisign.com/safe
Enhancing Authentication to Secure the Open Enterprise 16