There's usually a particular risk or application that pushes management to break down and finally implement multi-factor authentication (MFA). And it's good to begin with a use-case that provides a quick win in terms of risk reduction and ROI. But I often see organizations rush out and implement a point solution for applying MFA to a hot use case. Then what happens? You've brought a technology in, spent money on training, infrastructure, enrollment and gotten users accustomed to a new experience. But you've only solved one problem. Invariably one or more of the following happens pretty soon:
- When auditors, regulators hammer on another big risk area
- You implement a new app that also requires MFA to achieve acceptable risk
- An executive gets worked up about the latest exploit in the news and demands a wider adoption of MFA (that's a good thing)
- A manager leaves who was standing in the way of MFA expansion to a vital business area or technology
Once that happens you look at the point solution that was implemented earlier and realize it's just not going to work in the bigger picture or expanding its use is going to be complicated and expensive. Often organizations choose a different MFA solution for this new use-case. Now you've got 2. Twice the infrastructure, training, licensing, etc, etc. Invariably some users need access to both resources and they flip out (understandably so) when they learn they have to carry 2 tokens or at least complain and get confused about using 2 different apps on their mobile device. Not to mention the support calls resulting from confusion about which token or MFA method to use for each application.
There is a better way:
- Pick your initial use-case for quick ROI but think long term
- Support all types of applications, OSs, and clouds now and future
- Support a wide variety of methods, form factors and vendors for Goldilocks level user experience
- Leverage redundancy, security and scalability of Active Directory to ensure fault-tolerance without high cost
- Eliminate friction and cost with self-registration
- Exploit reverse proxy technology to support legacy apps without modification
- Integrate with federation simplify MFA deployment and enable new security capabilities
- Support gradual migration
- Dynamically require multi-factor only when necessary
In this webinar I'll drill down into all 9 of these and show you a solution, featuring Dell Defender, that nails them cold.
I'll help you understand the role that many important technologies play including RADIUS, PAM, AD, OATH, SAML, OpenID Connect and more.
You can really take these 9 requirements into account from the beginning without creating a multi-year and multimillion dollar project with thousands of consulting hours.
Join me for this real training for free ™ event. Please register now.