RIP to SecurID
...on behalf of Kerry Loftus, senior director of product management, User Authentication.
RSA SecurID has a long history and the recent events have been shocking for anyone in the security industry. While the details of the RSA breach have still not been made public, the fact that its effect led directly to an attack on a defense contractor infer that the breach was serious and widespread. For security professionals working with smaller budgets to protect their infrastructure from increasingly more sophisticated attacks this presents an interesting question – ok, now what? There used to be a saying, “You’ll never get fired buying SecurID.” Now its quite the opposite.
So who’s on the shortlist? Lots of authentication companies are chiming in and speed is of the essence. But its critical that as customers are evaluating alternatives, they keep in mind a couple of basic tenets:
- Security is more than a point solution. Authentication requirements vary by application, by data set and by end user. Point authentication solutions will offer a patch for now but the needs of the enterprise are broader.
- Flexibility is key. Given varying needs across applications, data and users, having the flexibility to address these varying risk profiles in a single solution is critical.
- The cloud makes you nimble. Authentication techniques have evolved greatly in 15 years—in fact, some may argue this was RSA’s general Achilles heal. There was little innovation and change in a solution that was at the forefront of protecting critical enterprise infrastructure and IP. Cloud solutions deliver this agility—they can ebb and morph based on relevant megatrends such as mobility as well as threat landscapes that may be driven from international espionage. Plug into a cloud solution that is centralized and can be adjusted to the here and now.
- Vet the vendor. Who do you want to partner with in protecting your most critical infrastructure? Who will have the resources to ensure that the authentication solution you buy is relevant and will be relevant for years to come.
At Symantec, we have been working with customers in delivering the VIP Service designed to address the needs of today’s enterprises in protecting their most critical assets. Our VIP Service distinguishes itself from the rest:
- Broad spectrum of authentication capabilities: From traditional two factor to out of band leveraging mobile devices to risk based authentication; Applicable authentication capabilities for any enterprise’s risk profile in today’s threat environment
- Centralized in Symantec hosted infrastructure, protected by tried and true security: 15 years protecting critical internet infrastructure from attack including DNS root servers and security root keys for the internet
- Built on open standards: Transparent and vetted by top security experts as best in class; Unimpacted by recent RSA breach
….All delivered by a proven vendor with a holistic approach to security. Be sure to check out a free trial of the VIP Service at http://www.verisign.com/authentication/two-factor-authentication/free-trial-vip-authentication/index.html