Cloud Security: Lessons from Asgard
December 03, 2012 --
Gartner Identity and Access Management Summit, Las Vegas, Dec. 3, 2012 (GLOBE NEWSWIRE) -- With only a slight nod to the recent blockbuster movie "The
Avengers," Authentify Chief Technology Officer Andy Rolfe unveiled
his original thinking on a four-dimensional "Security Tesseract" at
Gartner's annual Identity and Access Management Summit, held
December 2nd to 5th at Caesar's
"The cloud is a truly multi-dimensional environment," said
Rolfe. "Analyzing your risks, fraud vectors and defenses must
account for and adapt to the four dimensions of identity sources,
communications channels, data acquisition planes and authentication
defense factors. Seeing this as analogous to a tesseract is
an elegant way to view the challenge because the four vectors are
intertwined, and a change in one plane impacts the others."
While Rolfe posits that the rapid evolution to corporate BYOD
environments increases the risk surfaces in this four dimensional
view, he also illustrates how smart phones, tablets and other
Intelligent Personal Devices, or IPD's, can be used to implement
stronger security and remote user authentication.
Like the guarded Bifröst bridge that securely linked earth to
Asgard in Norse mythology, an out-of-band (OOB) secure link using
mobile devices or PCs can be used to defend against any known
threats to the four dimensions of cloud security. True to the
tesseract analogy, a secure OOB link reflects across all of the
surfaces, protecting each from man-in-the-middle,
man-in-the-browser, DNS poisoning, malicious hotspots, phishing and
other known IT security threats.
"It is certainly a thought provoking way to look at the
challenge of knowing who exactly is in your cloud and what they can
get at while they are there," according to Tom Swiontek, an IT
security industry consultant. "I've not seen the problem presented
in this way before."
For effective cloud security in all four dimensions, Authentify
offers its new 2CHK app
and OOB authentication service. Here's how it works. The end
user activates a small, convenient app on their smartphone or PC
and links it securely to their company login account or identity
directory using voice or SMS-based OOB authentication. Once this is
done, the 2CHK app is "always on" and maintains a secure channel to
Authentify's authentication service.
The first key benefit is security. 2CHK complements IT or online
and mobile banking security by providing a completely separate app
and OOB channel that protects against stolen passwords and, due to
layers of encryption, cannot be defeated by man-in-the-middle and
man-in-the-browser attacks. The second key benefit is convenience.
Online or mobile commerce customers or IT network users see
transactions in the 2CHK app immediately and can confirm or reject
Authentify was the first to offer a security service based on
synchronizing a telephone call for remote user
authentication. Since introducing the service in 2001,
Authentify has developed authentication schemas and solutions that
employ voice channels, SMS messaging and data channels via smart
devices or IPD's.
About Authentify, Inc.
Authentify, Inc. is a leading global provider of telephone-based
Out-of-Band (OOB) authentication services. With a client list that
includes five of the world's top ten banks, three of the five
largest ecommerce websites and two of the top four insurance
companies in North America, Authentify has the most experience and
expertise in deploying OOB solutions in the industry. These
multi-factor authentication (MFA) services enable organizations
that need strong security to quickly and cost-effectively add
two-factor or multi-factor authentication layers to user logons,
transaction verifications or critical changes such as adding an ACH
payee, resetting passwords or changing contact information. The
company's patented technology employs a service-oriented message
architecture and XML API to seamlessly integrate into existing
security processes. Authentify markets primarily to financial
services firms that need to protect their clients' online accounts,
corporate security professionals managing access control, and
emerchants who want to limit fraud on their sites.
For more information, visit Authentify at: www.authentify.com.
Authentify is protected by numerous granted and pending U.S. and
International patents including
U.S. PATENT NOS. 6,934,858 / 7,383,572 / 7,461,258 / 7,574,733.
CONTACT: Deb Montner, Montner & Associates