A new Gartner report shows that Android smartphone sales have gone from 9.6% to 36%. Microsoft can’t seem to catch a break, they just managed to sell 3.6 Million phones and rumors say that over half of those sold were actually WM6, not good news for WM7 right?
What’s amazing is that SecureAuth is able to actually support all of these platforms with our 2-Factor authentication that allows users to get access to applications with their browsers.
When we get into specific platforms like Android, well that’s where we’re leading the way with our ability to take YOUR existing applications like Sharepoint, OWA, Google Apps, Postini, Salesforce and yes, even your own custom applications that you want to utilize strong authentication (online banking apps, etc) and turn them into a deployable, downloadable application!
How do we do it? Jump on over here to find out – LINK
Microsoft recently released Microsoft Security Advisory (2416728) about a vulnerability (CVE-2010-3332) in ASP.NET that allows the unauthorized access to files that can contain sensitive data within an ASP.NET application such as web.config, and be able decrypt data sent to the client. Microsoft has released a work around for the vulnerability, but they do not have a patch out at this time.
Customers utilizing SecureAuth® Identity Enforcement Platform are already mitigating this risk from outside attackers for their ASP.NET applications. Customers who have integrated their ASP.NET applications with SecureAuth® Identity Enforcement Platform are thwarting attackers who wish to utilize this attack by forcing strong bilateral authentication that authenticates both the user and the server before communication is allowed to the ASP.NET application. Because the attackers are unable to communicate to the customer’s ASP.NET applications, such as Microsoft SharePoint 2010, the risk of this vulnerability has been mitigated from the unauthorized users.
In fact, SecureAuth is the only “Authentication Provider” that provides strong authentication for Microsoft SharePoint 2010 that is token-less, non-phishable, authenticates both the user and the server , easy to deploy, and does not require any agent, proxy, or VPN to be installed.
Contact us to find out about what people are calling the “Game Changer” when it comes to a strong authentication and true identity enforcement that is also a 2-Factor, Web Single-Sign-On, and Identity Management solution that is low cost and easy to deploy.
SecureAuth believes in a defense-in-depth strategy and recommends that you patch this vulnerability once a patch is released.
More information about this vulnerability and work around can be found at:
Microsoft Security Advisory (2416728)
Scott Guthrie’s Blogs: Important: ASP.NET Security Vulnerability and Frequently Asked Questions about the ASP.NET Security Vulerability
Microsoft SharePoint Team Blog
CVE-2010-3332
Categories
Blog |
Tags
2factor, ASP.NET, authentication, cloud security, Identity Management, rsa, RSA Alternatives, SecureAuth, secureID, SharePoint, two factor
|
Author
Milton |
|
I just returned from a week in beautiful but hot St. Louis where SecureAuth Corporation had the privilege of being one of select few vendors to be invited to participate in the FBI sponsored Information Security Officer Training Symposium. This is a truly unique event. Held every two years it is hosted and paid for by the FBI. They invite the ISO from all 50 states to come to a week of training and discussion on IT Security and Cyber Crime.
Vendors can attend by invitation only, no buy in, SecureAuth was invited based upon our project with the state of New Hampshire. Jad Flewelling, ISO for state of NH, led a panel discussion on how the state has successfully used the SecureAuth Identity Enforcement Platform to securely integrate into the Criminal Justis Information System (CJIS) Data Base. The discussion was very well received by the attendees with lots of questions for Jad on how he successfully achieved the integration and met the FBI mandate a year early.
One of the main topics of the conference was that the CJIS ISO office has revised the CJIS Information Security Policy and it is in formal staffing for approval with an implementation goal of January 2011 for all states and territories. The new policy is a significant departure from the current policy in its approach and scope. As a result all proposed multifactor authentication solutions for authentication of users into the CJIS system by the state and local agencies must be approved by the state ISO and then approved by George White of the FBI. While there is not a list of FBI certified authentication products for use in accessing the CJIS, all proposed solutions and architectures must be submitted by the state ISO to George White’s office for approval. We are very proud to say that the SecureAuth Identity Enforcement Platform was approved by Mr. White for deployment at state of NH.
There are 17,000 agencies that need to implement FBI approved access to the CJIS by 2011. SecureAuth IEP is the approved, cost effective, and secure way to meet this mandate.
The world famous St. Louis Arch
While in Munich, Germany this month, I had the opportunity to meet Tim Cole of Kuppinger Cole, the leading European-based analyst company for all topics around Identity Management and Digital Identities. Well, it was a good conversation, but not just because we were relaxing in a Munich beer garden. Tim is really interested in identity and security as it relates to enterprises migrating to the cloud. Well, we had had plenty to discuss. Tim really gets it, as you can read on his blog. http://tiny.cc/securecloud
Later I went for a hike in the Bavarian Alps and spent some cloud time (the old fashioned kind made of water vapor).
Now I am back to the virtual cloud and flexible, inexpensive two-factor authentication for the cloud.
Good article in IBD http://tiny.cc/Cloud246 back in June I came across discussing the growth of cloud computing from a business perspective. Cloud security seems to be one of the few concerns restraining the rapid adoption. We see ourselves as an enabler which mitigates security while retaining the promise of low cost and flexibility of cloud computing.
Quote from Investor’s Business Daily, June 9, 2009:
“Cloud computing’s growth is outpacing the industry overall. Global revenue from cloud services is expected to jump 21% this year to $56.3 billion from $46.4 billion, says market-tracker Gartner. It sees sales of more than $150 billion in 2013.
These (business) efforts highlight the growing acceptance of cloud computing, even as executives concede concerns remain.
There are downsides, perhaps led by technical issues in integrating cloud computing with an existing network. Some critics also question reliability and whether users lose some control over security.”
That last sentence is the key to MultiFactor’s SecureAuth value proposition. SecureAuth automatically enforces identity policy already built into an enterprise’s existng directory. The administrator retains total control over access to cloud applications while securing those cloud applications from unauthorized access.
