The case for multi-factor authentication (MFA) is clear. The harder you make it for cyber attackers to get to your data, the lower your risk of a breach-and MFA definitely makes it harder, by requiring people who request access to authenticate their identity in more than one way. The downside is that if you don't choose wisely, MFA can also make things harder for people within your organization to deploy it, use it and manage it. And given that most of us tend to take the path of least resistance, you want to be sure to seek out a solution that makes MFA easy for everyone except attackers.
- Easy to Deploy
One of the biggest challenges for organizations that are eager to move up to MFA is deploying it into existing identity environments-especially when that environment includes both on-premises and cloud applications, and users are more likely than not to be mobile. To make it easier, look for flexible deployment options (on-premises or as a service) as well as rich API support so you can seamlessly integrate MFA into your existing SSO experience. You'll also benefit from having an easy migration path to MFA and other advanced authentication from your current solution, so you can use one solution to access on-premises and cloud applications on multiple mobile platforms.
- Easy to Use
If you're going to step up security by going beyond passwords and even past traditional two-factor authentication, you don't want it to slow down or frustrate your users. One way to keep things simple for them is to use a risk-based approach that that transparently verifies who they are, and automatically asks for additional authentication only when the risk they present warrants it. For example, if a user is signing in on the same device, to the same applications and from the same location every day, the risk that they're not who they say they are is low-so the system shouldn't require them to jump through hoops to login. However, if they suddenly travel to another country and attempt to log in from a strange location, you'll want to reconfirm their identity with convenient step-up authentication options. For that, you need a variety of authentication choices including push notifications, biometrics), SMS and more.
- Easy to Manage
Just as you want to make it easy for people who use your MFA solution, you also want to keep it simple for the folks who manage it. If you give users several authentication options, for example, who's it going to fall on to deal with all those choices? To make MFA easy and convenient, both for users and administrators, self-enrollment and other secure self-service options are critical. So are other capabilities aimed at making the solution easy to manage, such as out-of-the-box access-policy configuration options for a wide variety of applications and a single, centralized view into access across both your on-premises and cloud applications.
With four out of five confirmed data breaches involving weak, default or stolen passwords, going beyond username and password for most users is more important now than ever. Want to know if your authentication strategy is on the right track? Download our infographic to find out. You'll also see the wide range of authentication options you get with RSA SecurID® Access, and you'll discover how RSA is reimagining MFA, making it easy to deploy, use and manage.
Author: Melanie Sommer
Category: RSA Fundamentals
Keywords: Identity Access, Multi-Factor Authentication, RSA SecurID Access