Enhancing Authentication to Secure the Open Enterprise

Enhancing Authentication to Secure the Open Enterprise

• 1.
  Enhancing Authentication toSecure the Open Enterprise Findings: Forrester Consulting Commissioned Study Enhancing Authentication to Secure the Open Enterprise 1
• 2.
  SAFE INITIATIVE 1 About The Study 2 Myths and Misconceptions 3 Essential Steps and Key Recommendations 4 How Symantec can help Enhancing Authentication to Secure the Open Enterprise 2
• 3.
  Basics of theStudy…. • Who did Forrester talk to? – 306 enterprises in North America – Companies ranged from 1,000+ employees to 20,000+ employees – Industries ranged from Manufacturing to Media and Entertainment (20% Mfg; 18% Fin Svc; 17% Business Svc; 12% Retail; 9% Healthcare) – Job role ranged from IT manager to CIO/CTO (39% IT Mgr; 24% Director of IT security; 26% CIO/CTO/CISO) • When did the study take place? – Between September and November 2010 with final results published in December, 2010 • Why did we do it? – To understand the changes in corporate IT environments over the last few years and how this relates to their authentication strategy
• 4.
  Key Finding #1:IT Environments are Expanding Beyond Traditional Corporate Boundaries Introducing Risk • Widespread use of Web 2.0 and cloud based applications • Lots of remote workers accessing the corporate network • Employee owned personal computers & devices on the corporate network • Number of security breaches have gone up Enhancing Authentication to Secure the Open Enterprise 4
• 5.
  Key Finding #1:IT Environments are Expanding Beyond Traditional Corporate Boundaries Introducing Risk • 76% of enterprises using SaaS based applications; 54% of enterprises using two or more SaaS applications • External collaboration and communication outside corporate systems very popular – Web conferencing: 77% – Personal email: 70% – IM: 44% – Social Networking: 40% • 25% Have full access to corporate LAN with personal computer • Over 50% have remote access to corporate LAN from personal computer • 58% have had data breach in last year
• 6.
  Key Finding #2:Password Issues are The Top Access Problem • Policies on password composition getting more and more complex • Password expiration and lock out to mitigate risk have become a major burden • Password related issues generating in-ordinate number of help desk calls costing companies dearly • Use of strong authentication technologies is lagging
• 7.
  Key Finding #2:Password Issues are The Top Access Problem • 66% of companies have at least 6 different password policies • 87% of companies require users to remember at least 2 passwords and 27% require users to remember 6 or more passwords • 81% of companies report complex password policies to be single biggest user complaint
• 8.
  Key Finding #3:Outdated perception of cost and value inhibit adoption of Strong Authentication • Many companies have not implemented any form of strong authentication • Majority of companies who have implemented strong authentication have only done so for a subset of users accessing their network • Incorrect perception of cost of ownership of strong authentication solutions are top reasons for not implementing technology
• 9.
  Key Finding #3:Outdated perception of cost and value inhibit adoption of Strong Authentication • Only 30% of companies require strong auth as primary authentication system for access to corporate network • 67% of companies have no strong auth requirement for partners • 57% of companies sighted cost of ownership as main impediment to adopting strong auth • Growing use of mobile token or token-less authentication among adopters of strong auth
• 10.
  1 About The Study 2 Myths and Misconceptions 3 Essential Steps and Key Recommendations 4 How Symantec can help Enhancing Authentication to Secure the Open Enterprise 10
• 11.
  Common Myths andMisconceptions MYTHS RESPONSES Inherent improvements to the technology, new Implementation of strong models for its delivery, and broader applicability of the technology from a risk perspective, given the authentication is expensive. opening up of the enterprise to SaaS have dramatically reduced TCO of strong authentication. Adequately protecting a single gateway, such as a Protecting a single gateway channel VPN, while employing antiquated protection to other is sufficient. avenues essentially means you are locking doors and opening windows. Data is stored everywhere, access is everything. The Password-based protection is perimeters must come down to support business enough. needs. Antiquated password policies no longer suffice. Enhancing Authentication to Secure the Open Enterprise 11
• 12.
  1 The Study 2 Myths and Misconceptions 3 Essential Steps and Key Recommendations 4 How Symantec can help (Atri) Enhancing Authentication to Secure the Open Enterprise 12
• 13.
  Recommendations • Take actionon strong authentication to counter growing risk in the threat landscape. • Expand strong authentication from selective use to standardized practice • Reassess use of the technology given that industry innovation has conquered major cost and usability concerns • Align strong authentication with open enterprise initiatives Enhancing Authentication to Secure the Open Enterprise 13
• 14.
  1 The Study 2 Myths and Misconceptions 3 Essential Steps and Key Recommendations 4 How Symantec can help Enhancing Authentication to Secure the Open Enterprise 14
• 15.
  User Authentication ProductFamily Public Key Infrastructure VeriSign Identity Protection Fraud Detection Service Rules Eng. Behavior Eng. RISK SCORE PKI service issues certificates Shared cloud-based two-factor for strong authentication, authentication solution offering Risk-Based authentication and encryption and digital signing multiple credential choices software-based fraud detection Government Enterprise eCommerce Financial Services Enhancing Authentication to Secure the Open Enterprise 15
• 16.
  For more informationon this study, or to find more information, please go to www.verisign.com/safe Enhancing Authentication to Secure the Open Enterprise 16