session id: spo-w09b how next generation trusted ... · pdf filehow next generation trusted...
TRANSCRIPT
![Page 1: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
Chris Taylor
How Next Generation Trusted Identities Can Help Transform Your Business
SPO-W09B
Senior Product ManagerEntrust Datacard@Ctaylor_Entrust
![Page 2: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/2.jpg)
#RSAC
Identity underpins our PERSONAL life
2
![Page 3: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/3.jpg)
#RSAC
Identity underpins our WORK life
3
![Page 4: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/4.jpg)
#RSAC
So, what’s the problem?
4
TOO MANY IDENTITIES, TOO MANY PASSWORDS
![Page 5: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/5.jpg)
#RSAC
Mega-breaches target password weaknesses
5
![Page 6: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/6.jpg)
#RSAC
Solving the core issue
6
BUILDING A TRUSTED DIGITAL IDENTITY & EMPOWERING MOBILITY
![Page 7: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/7.jpg)
#RSAC
Achieving Usability & Security
7
![Page 8: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/8.jpg)
#RSACSO HOW DO WE MOVE
TOWARDS TRUSTED
IDENTITES?8
![Page 9: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/9.jpg)
#RSAC
9
![Page 10: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/10.jpg)
#RSAC
Benefits of a Mobile-Based Trusted Identity
10
Protect the business & our customers
Improve productivity & UX
New Services / better processes
Reduce IT cost and complexity
![Page 11: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/11.jpg)
#RSAC
Powerful Native Features Enhance Security
11
TEE & Secure Element
Biometrics Crypto
“Out of Band” Channel
Application Sandbox
Device & Location Attributes
![Page 12: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/12.jpg)
#RSACTransparent/Low friction security that adapts to risk
12
RISK VECTORS
Jail broken phonesLost/stolen phonesRogue applicationsBreached credentialsImpersonating devicesBanking trojans/malwareCNP fraud
SECURITY LAYERS
USER
OPERATING SYSTEM
CHANNEL
TRANSACTION
DEVICE
Jailbreak detectionSandboxingMalware detectionTrusted execution environment (TEE)
Device fingerprintingGeo-locationDevice IDProtected application access
Mutual SSL authentication
Adaptive authenticationEmbedded digital IDPush authentication
Push transaction signingTransaction signing tokens
![Page 13: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/13.jpg)
#RSAC
MOVING TOWARDS
THE PASSWORD-LESS
ENTERPRISE
13
![Page 14: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/14.jpg)
#RSAC
APPROVALS & SIGNING
TRANSACTIONVERIFICATION
FEDERATE TO SAAS
PHYSICALACCESS
VPN
LOGICAL ACCESS
Use Cases
![Page 15: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/15.jpg)
#RSAC
VPN Authentication
15
PROBLEM:
Hardware tokens are secure but not user friendly
IT provisioning and logistics is complex
Expensive, limited use technology
SOLUTION:
Mobile Push Authentication simplifies 2FA for users and IT
![Page 16: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/16.jpg)
#RSAC
Mobile Push for VPN authentication
16
No hardware tokens to carry
Better user experience
Easy user provisioning
Certificate approach is password-less
xxxxx
xxxxx
xxxxx
![Page 17: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/17.jpg)
#RSAC
Physical / logical access
17
PROBLEM:
Passwords are painful to use and insecure
Smart cards are expensive and complex to deploy
Building access cards are insecure
SOLUTION:
Transform mobile devices into multi-purpose virtual smart cards
![Page 18: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/18.jpg)
#RSAC
Windows SCLO
18
Traditional Smart Card
![Page 19: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/19.jpg)
#RSAC
Windows SCLO
19
Traditional Smart Card
Virtual smart card reader
Mobile Virtual Smart Card
Convenient “auto-detect”
Secure “auto-logout”
![Page 20: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/20.jpg)
#RSAC
Physical access
20
NFC-based communication to PACs
Convenient / always in hand
Strong Authentication
Can’t be “skimmed”
PKI certificate-based
Biometrics
PIV / Derived Credential compliant
![Page 21: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/21.jpg)
#RSAC
On-the-go approvals
21
PROBLEM:
Constant need to improve business process (employees and customers)
Many processes require formal approvals / signatures
Traditional digital signing is complex to deploy and have a poor UX
SOLUTION:
Use mobile for anywhere, anytime digital signing
![Page 22: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/22.jpg)
#RSAC
Digital Signature Using Mobile
22
Enable Business Transformation
Convenient / user friendly process
Improve internal efficiency
Improve consumer experience
2. Transaction approval
1. Transaction origination• Doctor writing a prescription • Banker offering a loan• Employee submitting a requisition
![Page 23: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/23.jpg)
#RSAC
Summary
23
Identity is critical to today’s connected enterprise
Dated authentication methods fall short
Security Usability Cost / IT management
Mobile trusted identities transform business and the password-less enterprise
More secure More convenient Truly multi-purpose
![Page 24: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/24.jpg)
#RSAC
Apply what you have learned today
Next week you should: Identify opportunities and use cases in your organization whereby
trusted identities on mobile devices can be leveraged
In the first three months following this presentation you should: Assess the critical qualities that would be used in the vendor
qualification process Begin vendor selection
Within size months you should: Select a vendor’s solution and conduct a pilot with your first use case Plan the implementation for supporting all use cases
24
![Page 25: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/25.jpg)
#RSAC
BACK UP
25
![Page 26: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/26.jpg)
#RSAC
All industries are at risk
26
EMPLOYEE IDENTITIES ARE BECOMING A WEAK LINK
![Page 27: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/27.jpg)
#RSAC
Mitigating the risk of fraud
27
PROBLEM:
Fraud attacks are increasing in scope and sophistication
Customer data, enterprise systems, intellectual property & money are at risk
Malware can “ride” on authenticated user sessions
SOLUTION:
Use mobile to verify transactions “out of band” defeating account takeovers
3USE CASE
![Page 28: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/28.jpg)
#RSAC
Mitigating the risk of fraud
28
3USE CASE
Let’s say you want to execute a $5000 bank transfer…
How can you be sure your PC is not infected with malware?
Compromised with desktop Malware?
![Page 29: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/29.jpg)
#RSAC
Mobile for Transaction Verification
29
3USE CASE
Compromised with desktop Malware?
Transaction details retrieved over secure connection
QR Code
Offline TransactionVerification
![Page 30: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/30.jpg)
#RSAC
• Not portable• Secure location• Work only
• Portable• Less Secure Locations• Work & some personal
• Highly portable• Anywhere anytime access• BYOD
Mobile will become the New Enterprise Desktop
![Page 31: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/31.jpg)
#RSAC
Mobile as the New Desktop
31
DIGITAL IDENTITY
![Page 32: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/32.jpg)
#RSAC
Entrust Datacard Corporate Overview
32
Trusted Identities | Secure Transactions
Privately held, headquartered in Minneapolis, MN, USA
Founded in 1969
Approximately $650M in annual revenue
2,000+ employees
34 worldwide locations
Sales, service and support covering 150+ countries
![Page 33: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/33.jpg)
#RSAC
So what’s the problem?
33
Too many identities
Too many passwords
Too many password rules / changes
Lost / forgotten cards / hardware tokens
More regulatory laws around identities
![Page 34: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/34.jpg)
#RSAC
Mobile- A unique blend of security and usability
34
Users want to carry them
• Always in hand• Always connected• Convenient• Support work / personal balance
Smart phones are becoming ubiquitous
• Both enterprise and consumer segments
Technology and security allows them to be used for multi-purpose trusted identities
![Page 35: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/35.jpg)
#RSAC
Adaptive Authentication Platform
35
FRICTIONLESS EXPERIENCENo passwordsIdentify with a simple swipeFamiliar for smartphone usersHighly secure
ENABLING SOLUTIONAdaptive authentication — identifies risksLayered security — device, identity & behavior analyticsSupport for Apple, Samsung & Windows devicesTransaction signing for CNP transaction
RELEASE 11
![Page 36: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/36.jpg)
#RSAC
Security for Every Vulnerability
36
AUTHENTICATION
USERPhone Jailbreak or
Root Detection
MOBILE SECURITY ONLINE SECURITY
App Access Control —PIN, Biometrics
Device Authentication —Device Fingerprinting
Adaptive Authentication — External Risk Engines & Contextual Data
User Authentication — Transparent OTP or Certificate-Based
Transaction Authentication —Mobile Push Notifications
Strong Identity Protection —TEE Storage
DEVICE
CHANNEL
TRANSACTION
APPLICATION
![Page 37: SESSION ID: SPO-W09B How Next Generation Trusted ... · PDF fileHow Next Generation Trusted Identities Can Help Transform Your Business . SPO-W09B. Senior Product Manager. Entrust](https://reader031.vdocuments.mx/reader031/viewer/2022021817/5a8e92247f8b9af27f8cf50d/html5/thumbnails/37.jpg)
#RSAC
Stronger controls are not always betterSome offer better security but… Costly Logistics to issues / replace User have to carry them User experience frustrating Not multi-purpose Can you issue them to customers and partners?
More complex passwords?
Hardware tokens for the masses?
USB security keys?
Smart cards?