Comparing the top multifactor authentication vendors. Multifactor authentication products can provide significant benefits to an enterprise, but the technology is complex and the tools themselves can vary greatly from vendor to vendor. It's helpful to examine sample use cases for specific tools to show how a vendor's product can meet the multifactor authentication needs and requirements of an enterprise. Here is a comparison of four of the leading products in the MFA space: EMC RSA Authentication Manager, which is part of its Secur. ID technology; Symantec Verisign VIP; CA Strong Authentication ; and Vasco Identikey Digipass (NOTE: The author has a consulting relationship with VASCO). All four are solid MFA tools that have been around for years and can handle a wide variety of situations, token types and applications; and all come in both cloud and on- premises versions, although there are some differences in labeling and packaging. CA has two separate MFA products with different names (the cloud service is called Secure Cloud, the Windows version Strong Authentication); RSA is just for on- premises purposes, although several of their partners have virtual machine- managed hosted versions; and Symantec is sold only as a cloud- based service, although it has add- on agents that must be installed on- premises for connecting to particular local resources. None of the four major MFA products deliver all three authentication uses - - Active Directory, Web services verification and Web server augmentation - - together in a single product; however, each requires add- on modules for either their SAML or Active Directory support (see table below). ![]() The database recognizes 1,746,000 software titles and delivers updates for your software including minor upgrades. 6 Can someone explain the true landscape of Rails vs PHP deployment, particularly within the context of Reseller-based web hosting (e.g., Hostgator)? This page provides additional information for users of the RSA SecurID Software Token for Android including how to import the token, set a PIN, and authenticate. For example, RSA's Authentication Manager works with its Adaptive Federation Manager product to provide SAML Web services integration, and Symantec VIP requires the company's VIP Enterprise Gateway to integrate with Active Directory. This is typical of the MFA product space, and is why it's so important to understand which applications - - and under which circumstances - - an organization may want to deploy additional factors. Speaking of add- ons, before selecting an MFA solution based on its application support, it's important to understand how that support is delivered. All four of the top multifactor authentication vendors' products contain multiple server software components or agents that need to be installed to strengthen logins of such things as Outlook or Share. Point servers, for example (see the third column in the table below). ![]() While this helps widen their reach, it also increases the level of complexity of installation and operation, since there are multiple pieces to configure and keep track of. And, like Symantec VIP, some of the other multifactor authentication vendors' products have both cloud and on- premises pieces that need to work together to authenticate users to both kinds of servers and services. In addition, enterprises may want to consider a single sign- on product instead of a MFA product for certain circumstances (see sidebar on SSO versus MFA for more on how to make this decision).Usage key: A– Active Directory, V – Verification of Web services identity, W – Web server support, * – Use case that requires the additional components in column three.Complexity workflow. Billing Managing Medical Office Pediatric Pediatric Software Developer more. Part of the evaluation process with MFA products is observing what happens as you go about using the normal day- to- day activities of these tools: registering new tokens and new users, setting up protection for a new application, modifying security policies, and figuring out why a user is in distress and can't login to corporate applications.Some of the products, such as RSA and VASCO, offer a lot more flexibility when it comes to token workflow processes. This reflects - - in part - - how long they have been in the multifactor business. For example, enterprises can add additional factor authentication steps at various places in the login dialogs with both products. With the others, there are more limitations or users are taken to a self- service portal where they can set up their multifactor authentication particulars. Reporting. All four of these productsinclude lots of different reports and various format export options. RSA's and CA's multifactor authentication solutions are probably the weakest, with both on the level of glorified log files compared to the others' more robust reporting tools. This could be an issue for occasional users who might not have the time to search through the log files. Symantec VIP, on the other hand, offers a variety of reports - - including user, credential and audit reports - - and interactive graphics on its home page dashboard. While VASCO, for its part, has more than 3. All of the leading MFA products, however, offer the ability to schedule particular reports and have real- time monitoring of alerts and other activities. Mobile support. As more users make use of their mobile devices for more of their computing needs, the MFA vendors have to support logins from mobiles and Web- based applications. Enterprises may also want a way to store multiple factors on users' phones and tablets so they don't have to carry around (and the company doesn't have to deploy and support) traditional hardware- based key fob tokens. Each of these four products supports the basic four mobile operating systems: Windows Phone, Apple i. OS, Android and Black. Berry. This is true for most of the multifactor authentication vendors these days, so it shouldn't be an issue unless there are some aging phone OS versions or an odd Android handset in the mobile fleet that isn't covered by the chosen vendor. Be sure to check the fine print for the particular OS versions supported when investigating MFA products. Multiple token support. RSA, Symantec and VASCO are tops when it comes to tokens: Each product has a wide collection of hardware and software tokens that can be deployed as additional authentication factors. This gives them the most flexibility in terms of securing particular logins and services that can meet just about any situation. Meanwhile, some of the products, such as VASCO's and Symantec's, offer desktop software in addition to their mobile apps to run the one- time password generators. While this is a nice- to- have feature, unless most of a business' users are exclusive to their desktops, this is probably not a reason to choose either of those products over other MFA products. One nice feature of Symantec VIP, when compared to other products, is its ability to push one- time passwords to mobile devices. Lastly, before selecting tokens, read the sidebar on risk- based authentication (see above) to see if that relatively new - - and complimentary - - authentication mechanism is something that could be included in the MFA package. FIDO support. RSA, CA, Ping Identity, Dell, Safenet and VASCO are all MFA vendors that are members of the FIDO Alliance. That's great, but in this particular case, membership doesn't mean all that much, at least not yet. The promise of FIDO is to consolidate authentications across a wide swath of Web- based resources, and remove the need to store the digital identity on any one particular site. It is still more of a promise than a reality, however. So, for example, none of the four major multifactor authentication vendors actually deliver support for FIDO in their products yet, while other authentication vendors, such as Nok Nok Labs, have released FIDO- ready products. If this is of interest, then start with them or one of the other FIDO- ready vendors already out there. Conclusion. Any of these four products would do a solid job in providing MFA protection. All of them support mobile token methods, have somewhat flexible authentication methods, and some are even rising to the challenge with moving into risk- based methods, too. Their differences are more a matter of packaging, pricing and whether an organization's staff can understand and act on the various reports that each produces, which is more a matter of style than substance. Certainly, these four should be in the starting lineup for any request for proposals or pilot projects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |