Training

FFIEC Authentication Guidance , Next-Generation Technologies & Secure Development , Standards, Regulations & Compliance

Adaptive Strong Auth & Federated SSO - A Layered Security Model for FFIEC Compliance

Adaptive Strong Auth & Federated SSO - A Layered Security Model for FFIEC Compliance

In the wake of today's evolving threat landscape, the FFIEC recommends a robust, layered security program that includes the use of dual customer authorization through different access devices. Strong authentication when combined with federated SSO (single sign on) standards can strengthen, accelerate, and provide key security components to build a layered security model that addresses FFIEC mandates. Learn from Forrester Research Speaker - Eve Maler and Intel experts how on-premise or cloud hosted financial applications now require a more convenient, adaptive, and portable strong authentication model.

In this expert session learn:

  • Unique value prop of federated SSO combined with strong auth
  • Overview on software OTP authentication components and flows
  • How SAML based SSO provides a rich authentication audit trail for compliance
  • How mobile based software OTP compares to other strong auth methods
  • Adaptive authentication & SSO use cases decomposed
  • How to deliver one-time passwords over various channels such as smartphone apps, SMS, email, and Yubikeys

Background

Enterprises are adopting federated single sign-on (SSO) to cloud SaaS applications such as Google Apps and Salesforce to reduce helpdesk costs associated with password resets.

But there's another good reason to centralize authentication in the enterprise: it lets you perform two-factor strong authentication to enable secure access to these cloud applications. With the advent of rootkit-based malware that gets surreptitiously installed on personal computers and can compromise some of the most robust online authentication techniques, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security.

Given these newer threats, the new supplement to the FFIEC Authentication Guidance recommends a layered security program that includes the use of dual customer authorization through different access devices that can help provide a level of security that customers expect and that can protect institutions from financial and reputation risk.

Strong authentication via hardware tokens has been used to secure internal application access for some time, but recent events have shown this method to have serious downsides - not including the administrative cost and associated operational complexity. As the cloud, partners and a remote workforce drive demand for access to sensitive applications outside the traditional firewall, clearly a more convenient, adaptive, and portable strong authentication model is required. The emergence of federated SSO and mobile-based software tokens provide a more powerful, flexible approach.

In this expert session with Forrester Research learn:

  • Unique value prop of federated SSO combined with strong auth
  • Overview a software OTP authentication components and flows
  • How SAML based SSO provides a rich authentication audit trail for compliance
  • How mobile based software OTP compares to other strong auth methods
  • Adaptive authentication & SSO use cases decomposed
  • How to deliver one-time passwords over various channels such as smartphone apps, SMS, email, and Yubikeys

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.