webcast - strong security for remote workers - 091411 - final

8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final

1/18

www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 1

Strong Security for Remote Workers

Is Just a Phone Call Away

PhoneFactor

Sarah Fender, Vice President of Marketing and Product Management


2/18


The Rapid Growth of the Mobile Workforce

Demand for Working Remotely has Increased Dramatically

Fewer Workers Doing More

Working From the Road, Client Sites, and Remote Offices

Home-Based Workers

New Technology Makes it So Easy

Federal Telework Enhancement Act of 2010

This Changing Workforce Dynamic has Created

New Challenges for IT

Prevalence of Unmanaged Remote Devices

Use of Unsecured Networks

Exponential Growth In Attack Surface


3/18

www.phonefactor.com | 1-877-No-Token (1-877-668-6536)

Passwords are a Known and Commonly Exploited Vulnerability

Users continue to employ poor password practices.

Account credentials are among the most frequently advertised and most

frequently requested items for sale on the black market.

Passwords are often the first step in launching a layered attack.

Regulations Increasingly Mandate the Use of Two-Factor

HIPAA, FFIEC, PCI DSS, FIPS, NIST, State Pharmacy Boards

Layering Multiple Factors Ensures Only Authorized Users Have Access

Something you know - a password or PIN Something you have - a phone, credit card or token

Something you are - a fingerprint or retinal scan

Two-Factor Is Critical toS

ecuring Remote Access


4/18


Key Considerations when Deploying Two-Factor How many workers do you currently have that will need remote access, and how

quickly will this number grow?

Will you be managing access for contract or seasonal employees or partners?

Is remote access for disaster recovery a priority?

How often will your users be accessing remote data or network resources?

How and from where will they be accessing this information?

What devices and applications will they use?

How technically sophisticated are these users?

What is your timeframe for rollout to your users?

How much bandwidth does your IT department have to support this project initially and

on an ongoing basis?

What is your budget?


5/18


Growing Demand for Phone-Based Authentication

Token-based authentication is falling out of favor

Requires users to carry an extra, 1-dimensional device

Considerable costs for initial deployment, provisioning, and replacement

Malware and other threats defeat tokens

Recent breach impacts trust in security tokens

Phones are becoming mode of choice for second (and sometimes third) level

of authentication

Leverages a device the user already has and carries with them at all times

Phones are used for everything; security is a natural extension of that

Where theres internet access, theres cell coverage

Supports remote workers and all of their devices

Offers biometric authentication for the highest level of assurance

Enables transaction-level verification for banking and payment systems


6/18


No tokens for users to carry and track

No software or certificates for end users to install

No hardware or devices to purchase and manage

Works with any phone, anywhere in the world

Supports multiple phone numbers with call rollover

Can be set up in minutes for thousands of users

No end user training is required

Automated enrollment and user self-service

Robust logging and reporting capabilities for auditing

Phone-Based Authentication Is Ideal for Remote Workers


7/18


Two Easy Out-of-Band Authentication Methods

Introducing PhoneFactor

Phone Call

PhoneFactor places an automated phone call

to the user. The user answers the phone and

presses # (or enters a PIN) to authenticate.

Incoming

Call

PhoneFactor

Step 1:User logs into any application using their standard username and password.

Step 2:

SMS Text

PhoneFactor sends a OTP to the user in

a text message. The user replies to the

text message with the passcode (or the

passcode and PIN) to authenticate.

This is PhoneFactor.

Please press the #

sign to complete your

authentication.


8/18


Require a PIN to Authenticate

PIN Security

Add a third tier of protection by requiring users

to enter a personal identification number (PIN)

to authenticate. Even if an attacker had access

to the users phone, they could not authenticatewithout also knowing the users secret PIN.

PIN Rules and Resets

Specify rules for PIN strength and expiration

and allow users to change their PIN from the

phone menu.

Works with Phone Call and SMS Methods

Defeats Call Forwarding Attacks

Features


Please enter your PIN

followed by the # sign

to complete your

authentication.


9/18


10/18


Add a Third Factor of Authentication with Voice Biometrics Streamlined Three-Factor Authentication

PhoneFactor simultaneously verifies something you

have (your telephone) and something you are (your

voiceprint) for the second and third factors of

authentication.

Reliable Voiceprint Matching

Proven voice mapping model ensures that

authorized users can be verified regardless of

environmental factors or minor variations in the

users voice.

Automated User Enrollment

Users are prompted to record a voice passphrase

when enrolling through the PhoneFactor User

Portal or during their first authentication call.

Features


Please speak your

passphrase to complete

your authentication.


11/18


Customize the User Experience

Greet Users with a Custom Phone Prompt

Customize the authentication message and menus.

Caller ID

Display a custom phone number, such as your helpdesk or customer service number, for the caller ID.

Users can simply dial the number displayed in the

caller ID for assistance.

Promotional or Service Announcements

Play service announcements or promotional

messages during the authentication call. Enable users

to transfer to your sales or customer service

department after authenticating.

Features

This is ABC Company

calling to authenticate

your Outlook Web

Access login.

Please press # to

complete your

authentication.


12/18


Automate Enrollment and OngoingS

upport Enrollment Is As Simple As 1-2-3

Step 1 : Users are imported from AD/LDAP.

Step 2 : Users receives an email from

PhoneFactor with a link to enroll.

Step 3 : Users click the link, specify a phonenumber and security questions, and

complete a test authentication.

Thats it.

The next time the user logs into a PhoneFactor secured application, they will receive a

phone call or text message. No further user training is required.

Users Manage Their Own Phone Number(s) and PIN Users can log into the web portal to change their phone number or PIN.

Users can change their phone number and PIN during any authentication call.

One-Time Bypass Enables Emergency Access

Administrators and users can create a One-Time Bypass through a web portal.

User Deployment & Support


13/18


More Secure Out-of-Band authentication and fraud alerts offer unparalleled

security.

Transaction verification protects against sophisticated attacks.

Biometric voiceprint adds a seamless third-factor of authentication.

Better User Experience Users do not have to carry and keep track of an extra device.

There are no software or certificates for end users to install.

In a recent client survey, 94% of users preferred PhoneFactor over

security tokens.

Easier to Deploy and Support There are no hardware or software tokens to purchase, provision,

manage, and support.

PhoneFactor enables rapid implementation, automated user

enrollment, and requires very little ongoing maintenance.

Low Total Cost of Ownership

Why PhoneFactor?

PhoneFactor Benefits

BUSINESS IMPACTS

Decreased risk of abreach

Regulatory compliance PCI, HIPAA, NIST, etc.

Reduced deploymenttime

Decreased maintenance

and support costs

Increased employee

productivity

Significant savings overtokens and other two-

factor solutions


14/18


How It Works

Step 1The PhoneFactor Agent adds a second authentication step a confirmation phone call to your existing

authentication process. If the username and password are correct, the agent sends an SSL request to one

of the PhoneFactor data centers.

Step 2The data center calls the user, who confirms the login by answering and pressing the # or a PIN. Finally, it

returns success or failure to the application.

Agent

Web Services | Gateway

SSL

PHONE NETWORK

PhoneFactor Service

PhoneFactor

Step

2RemoteLogin

WebsiteLogin

FundsTransfer

CustomApplications AD/LDAP Oracle/SQL

UserPortal

Step

1

Direct SDK

Java | .NET | PHP

RADIUS

MgmtPortal


15/18


Scale, Performance, and

Security

Hosted PhoneFactor service designed for stability and performance

Redundant data center locations, bandwidth, telephony, and power

Agent optimized to support large numbers of users, authentications

Multiple, synchronized agents offer local redundancy

High scale, redundant directory integration

PhoneFactor integrates security at every point

Leverages mutual SSL authentication using server and client certificates

All communications are encrypted between agents and between agents and thedata centers

User data is not stored in PhoneFactor data centers

100% Out-of-Band

Verifies possession of a trusted device (the phone) through an out-of-band channel

Protects against malware and MITM/MITB attacks

Architecture


16/18


Typical Implementation

PhoneFactor Agent with User Portal

Runs within your corporate network

Used to manage settings and users

Maintains its own user data store

Synchronizes with AD and LDAP Servers

Includes off-the-shelf integration with

all leading enterprise applications

Integrates with custom applications via

Web Services SDK or Universal Web Gateway

Includes User Portal web interface for:

Automated user enrollment and self-service

Help Desks to provide user support

Online Management Portal

Hosted at PhoneFactor.com

Provides centralized usage reports

Manages company-wide settings


17/18


Tips forS

ecuring Remote Access with Two-Factor Consider the impact of the solution on end users. Simplicity for users = improved

productivity and fewer support calls.

Take into account the ease with which your solution can be implemented and

deployed.

Ensure appropriate processes and systems are in place to support end users.

Select a solution which works with all of the devices your workers may use to

access corporate resources and applications.

If you must meet regulatory requirements, ask the vendor you are considering for

reference clients in your industry who have been audited for compliance.

Confirm that the solution can stand up to the most sophisticated attacks.

Be sure to calculate the total cost of ownership over several years, not just the

initial upfront hard costs.


18/18

webcast - strong security for remote workers - 091411 - final

Documents