Copyright © 2015 Centrify Corporation. All Rights Reserved. 1
7 Challenges of Deploying Multi-factor Authentication (MFA)
Copyright © 2016 Centrify Corporation. All Rights Reserved. 2
Every Organization Needs MFA
Weak passwords
Increasingly sophisticated attacks
Growth of the cloud and its inherent security risks
Increased use of mobile devices, spreading risk everywhere
Copyright © 2016 Centrify Corporation. All Rights Reserved. 3
But Deploying MFA Can Be Challenging
Complexity
Usability
Flexibility
AdaptabilityCompatibility
Ubiquity
Visibility
7MFA Challenges
Copyright © 2016 Centrify Corporation. All Rights Reserved. 4
Complexity
Why is legacy MFA complex?
• Hardware tokens are costly to replace
• Legacy systems require IT resources for management and upkeep
• Legacy MFA systems are closed/not extensible to modern apps
• Select an MFA solution with a cloud-based architecture, eliminating the need for dedicated on-premises infrastructure and hard tokens
Copyright © 2016 Centrify Corporation. All Rights Reserved. 5
Is there a balance between security and user experience with MFA?
• IT must set the right balance
Usability
• It’s always a give and take• Using single factor will please the users
but be too risky• Keeping MFA on all the time will not be
adopted by users
Copyright © 2016 Centrify Corporation. All Rights Reserved. 6
Flexibility
Can MFA be offered with a choice of authentication factors?
• Good MFA solutions offer multiple authentication factors, which vary by situation
• Mobile-based MFA must be able to provide OTP, even without cell coverage
Copyright © 2016 Centrify Corporation. All Rights Reserved. 7
Adaptability
Can MFA be context aware?
• ‘Always on’ approach isn’t the best user experience when it comes to MFA
• Forrester recommendation: Challenge the users only as needed
• Use a second factor only if the context is different – e.g., user location, time or device
Copyright © 2016 Centrify Corporation. All Rights Reserved. 8
Compatibility
Is MFA compatible with other technologies and standards?• Integrating with other security
technologies such as SSO will further mitigate security risk
• MFA should comply with standards such as RADIUS and OATH
Copyright © 2016 Centrify Corporation. All Rights Reserved. 9
Ubiquity
Where is MFA needed?
• ‘Half Protected is Half Not’ – deploying MFA in silos leaves companies exposed to attacks
• MFA must protect all access points: cloud and on-premises apps and resources; network access via VPN; end users and privileged users
• MFA must offer cloud-based deployment for ubiquitous policy management
Copyright © 2016 Centrify Corporation. All Rights Reserved. 10
Visibility
How is MFA compliance measured?
• Best-in-class MFA solutions offer visibility and reporting across every user and device throughout your entire environment, including SaaS, IaaS, VPN and on-premises resources
Copyright © 2016 Centrify Corporation. All Rights Reserved. 11
MFA for On-premises Applications
MFA for Server Logins and Privilege
Elevation
MFA for Cloud Apps
MFA for VPNMFA for Cloud Infrastructure (IaaS)
MFA for SharedResources
Centrify Identity Platform
Centrify Addresses These ChallengesEvery User. Every IT Resource. Across Your Enterprise.
Copyright © 2016 Centrify Corporation. All Rights Reserved. 12
Thank YouDownload Best Practices for Multi-factor Authentication
See how Centrify can simplify your MFA deployment challenges