Software Authenticators: Showcasing Convenience with Security and Future Concepts RSA Global Summit 2014 RSA SecurID Software Token Library #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 2 “I’m kind of a big deal” RSA SecurID Token Record 1010100010101010 1011101011101010 1010100010010101 00110101010 #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 3 Security DISCONNECTED, one-time passcode generation reduces the attack surface DEVICE BINDING allows the token record to only be imported to the device you specify COPY PROTECTION prevents the token record from being copied to another device PINPAD STYLE combines the something you know with the something you always have your mobile device. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 4 Administration MULTIPLE TOKEN support allows up to 10 tokens per device. TOKEN RECOVERY allows the admin to re-provision the token record from one device to another, reducing the replacement token costs. DYNAMIC SEED provisioning ensures the token record is not transferred across the wire, preventing interception by attackers. QR Code import allows the end user to simply scan a QR image to import the token record. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 5 Usability REDESIGNED USER INTERFACE across all OS platforms – iOS, Android, BlackBerry 10 and Windows Phone EXPIRATION NOTIFICATIONS displayed to the end user 30 days prior to the token expiration date. IMPORT AUDIT LOG allows customer support to better understand token record provisioning errors MULTIPLE LANGUAGE SUPPORT enables faster cross-geo adoption. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 6 Benefits of Software Token Adoption  ‘Something you have’ becomes ‘something you always have’  Realize cost savings – No mailing costs – Streamlined administration – 100% Token Record Recovery and Repurpose  Software Tokens are on average about 20% less than hardware tokens © Copyright 2014 EMC Corporation. All rights reserved. #RSAsummit 7 RSA SecurID Mobile SDK #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 8 How does AM Prime Work?  AM Integration Services  AM Prime Self Service Portal  AM Prime Help Desk Admin Portal  AM Bulk Admin #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 9 #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 10 Demo #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 11 Fast, Secure Token Provisioning ACTIVATION CODE can be delivered out-of-band to authenticate the end user and expires after 7 days. DEVICE BINDING allows the token record to only be imported to the device you specify. DYNAMIC SEED provisioning ensures one-time use only. No old token records floating around in email inboxes. QR Code import ensures that an attacker cannot intercept the token record in transit. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 12 McKesson Challenge  9,000 software tokens expiring within 4 months  Support call volume is significant enough to be tracked at an executive level  User population can range from a technologist to a relatively nascent computer user Solution  Built redundant infrastructure with multiple internal and external access  Construct, test and replicate the image  Build the message and communicate users PATRICK ENYART Senior Director – Security Operations “RSA and McKesson Security Operations worked together to migrate almost 10,000 users to new tokens in 8 weeks while not increasing support call volumes.” © Copyright 2014 EMC Corporation. All rights reserved. Applications  Remote Access Authentication Results  All users were migrated except 200 who did not call for support  Monitoring trending of support calls which are steadily trending downward as of now  Building a report for monitoring the volume of site usage #RSAsummit 13 Q&A #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 14 Don’t miss these sessions…  Wednesday 2:45 PM – 3:30 PM Leveraging Your SecurID Investment: Increase Protection without Increasing Costs with Scott Atchue and Rachael Stockton (RSA)  Wednesday 3:45 PM – 4:30 PM Taking Authentication into the 3rd Platform – Cloud and Mobile with Ayelet Biger-Levin  Thursday 10:45 AM – 12:30 PM RSA Authentication Manager 6.1 Data Migration Hands-On-Lab with Bill Burdzel (RSA)  Thursday 11:45 AM – 12:30 PM Under the Hood: Streamlining and Automating RSA Authenticator Lifecycle Management with Sean Doyle (RSA) and Patrick Enyart (McKesson) #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 15 THANK YOU