BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and Getting Started with Multi-factor Authentication Solutions

Similar documents
BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

BUYER S GUIDE: CUSTOMER IDENTITY & ACCESS MANAGEMENT (CIAM)

INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES

A UNIFIED APPROACH TO DELIVERING EXCEPTIONAL CUSTOMER EXPERIENCES

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

E-BOOK SECURITY BY DESIGN HOW IDENTITY HELPS YOU BALANCE SECURITY AND CUSTOMER EXPERIENCE

CUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON

EXECUTIVE SUMMARY CLOUD READINESS. Securing Access to Your Private Cloud

GETTING CUSTOMER IAM RIGHT

Your Guide to the Identity of Things

SECURE SSO TO OFFICE 365 & OTHER CLOUD APPLICATIONS WITH A CLOUD-BASED AUTHENTICATION SOLUTION

GETTING CUSTOMER IAM RIGHT

IDENTITY IS THE CENTER OF OMNICHANNEL SUCCESSFUL BRANDS KNOW THEIR CUSTOMERS AND OPTIMIZE THEIR EXPERIENCE. WHITE PAPER

Secure SoC Manufacturing: Foundation for a Connected World

SafeNet Authentication Service:

Securely Enabling the Enterprise of Things

Do More with Complete Mobile-Cloud Security from MobileIron Access

An Enterprise Architect s Guide to API Integration for ESB and SOA

Network Access Control (NAC) Market, Global, Forecast to 2022

THE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD

ARE YOU GOING DIGITAL WITHOUT A NET?

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

WHITEPAPER. Mobile SSO & the Rise of Mobile Authentication

CENTRALLY SUPPORTING YOUR DECENTRALIZED WORKFORCE.

BBM Enterprise SDK CPaaS (Communications Platform as a Service) Build Powerful Communications Experiences, Safely and Securely

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Managing Privileged Access Security In A Hybrid IT World The Case For Privileged Identity Management As-A-Service

SOLUTION BRIEF CA MANAGEMENT CLOUD FOR MOBILITY. Overview of CA Management Cloud for Mobility

SET THE STAGE FOR GREATER SUCCESS IN THE WORKPLACE DELIVERING CONSISTENT USER EXPERIENCES WITH DYNAMIC IT PLATFORMS

Making Leaders Successful Every Day

VMWARE WORKSPACE ONE + MICROSOFT OFFICE 365 : ENABLING MORE SECURE COLLABORATION. A Solution for Balancing Productivity with Protection

BOMGAR.COM BOMGAR VS BMC FOOTPRINTS UPDATED: 1/6/2018

CLOUD & HYBRID SERVICES AS BUSINESS DRIVERS FOR IT PROVIDERS

The IoT Value/Trust Paradox. Building Trust and Value in the Data Exchange Between People, Things and Providers

Modernize Your Device Management Practices Using The Cloud

THE NEW HYPER-CONNECTED ENTERPRISE. Improve collaboration. Enhance customer experiences. Streamline business processes.

VoIP Solution How to Make the Best Choice for Your Business

CLOUD & HYBRID SERVICES AS BUSINESS DRIVERS FOR IT PROVIDERS

WHITE PAPER. Mobile Identity. Catalyzing Digital Transformation, Increasing Productivity

Sean P. McDonough National Office 365 Solution Manager Cardinal Solutions Group

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

SOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK

AWS MSP Partner Program Validation Checklist v3.2 Mapping

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

GO BEYOND MOBILE DEVICE MANAGEMENT WITH A DIGITAL WORKSPACE WHITE PAPER

5 Tips for Improving Collaboration

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

CHOOSE THE RIGHT IDENTITY & ACCESS MANAGEMENT SOLUTION

Leveraging AI for Intelligent Customer Engagement

VULNERABILITY MANAGEMENT BUYER S GUIDE

The Apple and GE Partnership

Securing macos in the modern work era

5 Tips for Improving Collaboration

How APIs Fast-Track IoT Opportunities Across Industries

See the Latest CRM/Dynamics 365 Omnichannel Solution

Enterprise Mobility Native Mobile Apps that Transform Business Processes and Boost Productivity

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS

The Modern IT Experience

IBM United States Software Announcement , dated August 21, 2018

IDC MarketScape: Worldwide Security Solutions and Services Hardcopy 2017 Vendor Assessment

Building a Roadmap to Robust Identity and Access Management

Loading. Do s and Don ts of App Development. 15 tips for the business and development team when developing or improving mobile or web applications

BOMGAR.COM BOMGAR VS VNC UPDATED: 6/30/2015

Office 365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107

A crash course in Microsoft 365 Business. Achieve more in your business with an integrated security, management and productivity solution all in one.

TOP 6 SECURITY USE CASES

Loading. Do s and Don ts of App Development. 15 tips for the business and development team when developing or improving mobile or web applications

Product. DigitalAccess A Single Digital Solution for Online Banking, Mobile and Tablet

INTEGRATING HORIZON AND CITRIX APPS IN A DIGITAL WORKSPACE

AUGMENTED REALITY COLLABORATION SOLUTION FOR ENTERPRISE FIELD SERVICES

A Digital Workplace Defined

Embracing the Digital Workplace with Unified Endpoint Management (UEM)

VULNERABILITY MANAGEMENT BUYER S GUIDE

Tough Math for Desktop TCO

Mobility at a Crossroads

Quantifying the Value of Software Asset Management

Keep All of Your Business-Critical Jobs On Track. CA Workload Automation idash Helps You Reduce Missed SLAs and Lower Costs

The Guide to Securely Boosting In-App Engagement: Enabling powerful real-time communications between your users, machines, and IoT.

We re not just good on paper.

TRUSTED IDENTITIES TRUSTED DEVICES TRUSTED TRANSACTIONS. Investor Presentation - December 2017

Usher. Security, analytics & productivity all in a single solution

Third-Party Enterprise Software Support: Key Risks and Questions to Ask

George Lawrie Vice President & Principal Analyst at Forrester Research Ltd

A Guide for Application Providers: Choosing the Right Integration Partner

Pivotal Ready Architecture by Dell EMC

Whitepaper: Benefits of an open-source approach to IoT Application Enablement

Microsoft Enterprise Services. Modernizing IT to enable the Digital Workplace

The all-in-one Unified Communications solution for SMBs.

Network Optimization Handbook. Your Guide to a Better Network

Identity as a Critical Next Step in Security

Top 10 Must-Have Hotel Technologies in 2018

Executive Summary. Office 365 Adoption Accelerating Through the Roof. White paper

Streamline Physical Identity and Access Management

Accelerating Business Agility with Boomi

CONTACT CENTERS OF THE FUTURE

Transcription:

BUYER S GUIDE: MFA BUYER S GUIDE Evaluating and Getting Started with Multi-factor Authentication Solutions

NEW CAPABILITIES One-size-fits-all authentication is a relic of the past, and the days of hard tokens as the default strong authentication method are behind us. While stolen credentials remain the most important factor in rolling out a multi-factor authentication (MFA) solution, the methods of deployment, endpoint visibility, authentication methods, supported applications and administrative capabilities have changed dramatically. The expanding use cases for MFA are driving innovation in this highly critical corner of security. Modern MFA expands beyond the traditional what you know, have or are protocol to include location and other contextual factors. This allows you to apply the right type and level of authentication for any given user at any given time. NEW EXPECTATIONS Your applications are migrating outside the firewall, and your security demands including providing access to customers and partners are growing more complex. To meet these demands and protect your enterprise, you need to expand beyond single-factor and two-factor authentication. Modern MFA solutions allows you to contextually step up your security and mitigate the costly risk of stolen credentials, while providing a frictionless user experience. When deploying MFA for partners and customers, there are dozens of new requirements and considerations. Make the authentication process too inconvenient, difficult or insecure, and users might opt-out entirely. Making the best choice for your enterprise can feel overwhelming. Use this guide to help you make the right decisions for your organization and users. BUYER S GUIDE 2

NEW OBJECTIVES ACCELERATE DIGITAL TRANSFORMATION. According to a recently completed survey of 200 IT decision makers, mobile usage of employee apps is the most widely implemented of all digital transformation initiatives that are fully deployed and in progress. The right MFA solution can give your users a seamless, frictionless experience and the mobile access they expect to all of their cloud and on-premises applications. Giving users secure access to the information and insights they need, when and where they need it, allows your companies to operate smarter, create value and strengthen its competitive advantage. REDUCE RISK OF BREACH. Stolen credentials and brute force attacks remain the most common MFA conversation starter. Given the magnitude of costs associated with a typical breach not to mention the lost revenue and residual damage to your company s reputation reducing your risk has tangible business benefits. With customers and partners trusting organizations with an increasing amount of personal data, employee credentials are no longer the singular focus for breaches. BALANCE CONVENIENCE AND SECURITY. Modern MFA solutions can help balance convenience and security. This is particularly important for customers. Customers are not always willing to go out of their way to download a third party MFA application, but still need the security that MFA provides. To strike this balance it s important to implement MFA into a medium your customers are already familiar with, such providing MFA within your own mobile application. Additionally, customer devices may change as they upgrade and replace their phones. For that reason, it s also important to give customers a convenient way to add or remove trusted devices from their account. LOWER COSTS. If MFA is deemed necessary or required by policy, modern solutions have a much lower cost than legacy, hardware-based token solutions. Plus, some MFA solutions allow you to contextually step requirements up or down depending upon the associated risk of the activity. This can reduce the expense of one-time SMS passcodes, voice calls and other push methods by only employing those controls when the risk is warranted. Finally, investing in an MFA solution is usually offset through significant cost reduction in helpdesk overhead, as well as end user productivity improvement. BUYER S GUIDE 3

SELECTING THE RIGHT VENDOR & SOLUTION To identify vendors for consideration, you can consult industry organizations, trade publications and peers. You ll also gain third-party expert insights from leading analysts like Gartner, Forrester and KuppingerCole. Each regularly reports on MFA trends, technologies and solution providers. Once you ve identified a shortlist of vendors, invite each of them to respond to your requirements. You ll want to request presentations, demonstrations and other support materials, like white papers, ebooks, datasheets and so on. This can be as formal (or informal) as fits your organization, but clearly communicating your objectives and requirements is imperative. New capabilities, expectations and objectives are raising the bar for MFA vendors. The requirements below do not represent an exhaustive list of key capabilities, but are a good starting point to decide which vendors get a seat at the table. BUYER S GUIDE 4

USER REQUIREMENTS EVALUATION CRITERIA IMPORTANCE Does the vendor offer a desktop application and other fault escalation processes? Offering multiple fault escalation processes facilitates authentication when a user cannot authenticate under their normal process. Does the vendor support registration of multiple devices per user? Supporting more than one authentication device allows users to authenticate even when they don t have their primary device. Does the vendor offer self-service enrollment and registration mechanisms? Self-service enrollment and registration mechanisms lighten the IT team s administrative load and accelerate user adoption. Does the vendor support multiple language and locale settings? Global enterprises wanting to protect applications and data for users on a global scale must support a localized user experience to enable MFA adoption. Does the vendor support authentication methods such as OOB push, fingerprint and OTP soft tokens? Supporting multiple authentication methods allows the enterprise to choose authentication methods to achieve the appropriate level of security, and supports the disuse of methods recently deprecated by NIST such as out of band PSTN (SMS or voice) authentication. Does the vendor support Android, ios and Windows Phone? Supporting multiple mobile platforms aligns with BYOD initiatives gaining traction in the enterprise. BUYER S GUIDE 5

IT REQUIREMENTS EVALUATION CRITERIA IMPORTANCE Does the vendor support use cases such as Windows RDP, Linux/Unix SSH integration? Providing MFA for remote and privileged users promotes protecting the enterprise s most critical assets whoever and wherever the user is. Does the vendor allow for web-based administrative access and role-based entitlements? Varied levels of trust support varied levels of access and permissions. Support for role-based entitlements and web-based access for subsets of users is important to scale access based on administrative permissions. Does the vendor support administrative bypass codes? In the rare case where a user can t authenticate through a variety of fault escalation processes, administrative intervention is key. Does the vendor support contextual factors such as geolocation and IP address? Utilizing passive user information like geolocation, IP address, time of day and device identifiers provides better security and a better user experience. Does the vendor support cryptographically strong session maintenance? Secure communication between the mobile application, MFA service and third party applications is vital to protecting your applications and sensitive data. Does the vendor support endpoint visibility and basic remediation capabilities? Endpoint visibility and remediation are generally served by enterprise mobility management and anti-virus vendors. However, basic capabilities within an MFA solution provide an extra layer of protection against vulnerable managed and unmanaged devices. BUYER S GUIDE 6

ENTERPRISE REQUIREMENTS EVALUATION CRITERIA IMPORTANCE Does the vendor support co-branding of the application? Co-branding provides a consistent and familiar user experience, as well as another level of assurance for the user that they re authenticating within the corporate environment. Does the vendor s technology platform and pricing support a simple upgrade path to support additional use cases? Enterprises protecting access to applications and sensitive data are more frequently doing so on behalf of their partners and customers. Does the vendor have other capabilities across the identity and access management (IAM) spectrum? Full-service IAM solution providers with a singular focus on the IAM space tend to provide more up-to-date features, better knowledge and stronger support. Is the vendor considered a thought leader whose solution is built on open standards like OAuth2.0 and OpenID Connect? Thought leaders generally provide today s leading-edge solutions and drive technology advancements to meet tomorrow s challenges. Does the vendor and its solution receive high rankings with analysts such as Gartner, IDC, Forrester and KuppingerCole? Analysts can provide reliable third-party insight into how solutions stack up. BUYER S GUIDE 7

CUSTOMER MFA REQUIREMENTS EVALUATION CRITERIA IMPORTANCE Does the vendor have a mobile SDK to embed out-ofband MFA into your own mobile app? Customer MFA should be fully customizable. Adding an SDK to your own mobile application can help achieve this. Additionally, customers are not usually willing to download a third party MFA app for added security and using SMS as a second factor isn t as secure as previously thought.. Does the vendor allow customers to have self-managed networks of trusted devices? Customers may have several devices they trust that include a primary device, secondary additional trusted devices or devices with reduced permissions. Customers should have the ability to self-manage these devices from web or mobile applications. Does the vendor support MFA for transaction approvals? Requiring MFA specifically for high-value transactions can help balance security and convenience for customers. Information about the transaction that is being approved should also be able to be passed along in the MFA notification to customers. Does the vendor support strong mobile app authentication? Mobile app authentication should be strengthened by confirming that the user has marked the device as a trusted. This will prevent hackers from using stolen credentials in a mobile app installed on a device that isn t trusted by the customer. *use this section if you are deploying MFA for your customers BUYER S GUIDE 8

VENDOR EVALUATION & SELECTION After you ve defined all of your requirements, you ll want to organize them in a way that makes it easy to evaluate how each vendor stacks up. A Sheets or Excel spreadsheet works well. Create rows for each of your final criteria, organized by core stakeholder requirements as we ve done above. Next, add columns for each vendor you want to evaluate. Rate each vendor on how well they meet your criteria using a point-based rating system like this: 0 = Does not meet requirement 1 = Very limited support for requirement 2 = Partially meets requirement 3 = Meets or exceeds requirement Using this system, you rate each vendor from 0-3 on each of the criteria. Then tally each vendor s totals. The vendor with the highest total score is also the vendor that best meets your requirements. Want additional guidance on making the right MFA decision for your enterprise? Read our MFA best practices white paper. ABOUT PING IDENTITY: Ping Identity leads a new era of digital enterprise freedom, ensuring seamless, secure access for every user to all applications across the hyper-connected, open digital enterprise. Protecting over one billion identities worldwide, more than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. #3140 6.2017 v011

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback