RSA, a Dell Technologies business, has for well over a decade provided its customers with a hardware-based two-factor authentication technology known as SecurID. RSA is no longer limiting SecurID to just hardware, and at its RSA Conference 2017 event that kicks off today in San Francisco, the company is announcing new capabilities for its expanded RSA SecurID Access product portfolio. “We’re evolving SecurID Access to go beyond just the hardware tokens with a number of frictionless capabilities to help people prove they are who they say they are,” Jim Ducharme, vice president of Engineering and Product Management at RSA, told eWEEK
Among the expanded identity assurance capabilities in the SecurID Access portfolio are cloud and mobile options, as well as advanced risk-based analytics.
The mobile multifactor authentication application that is part of the expanded SecurID Access portfolio provides new authentication options, including biometrics. Additionally, Ducharme noted that RSA has added context-based risk analytics to the mobile authentication technology.
“We now have context-based awareness for things like known location and known device for users; as well, we are making use of a behavioral engine,” he said. “We have leveraged technology that we have been working on for years as part of our adaptive authentication products that have been typically used to protect online transactions against fraud.”
RSA has other security analytics technology in its portfolio, including the NetWitness offering that has the goal of using analytics to help identify potential attacks and improve security. Ducharme explained that SecurID makes use of risk-based analytics to provide a higher degree of user authentication integrity.
RSA Via Access
The new RSA SecurID Access portfolio being announced at the 2017 RSA Conference isn’t the first time the company has used its big event to announce new authentication technology. At the 2015 RSA Conference, RSA announced an identity authentication platform called Via, which included access, governance and lifecycle components. As it turns out, the Via portfolio no longer exists and instead has been integrated into the new SecurID Access offerings.
“Via Access is no more,” Ducharme said.
Ducharme explained that when Via Access was announced in 2015, RSA’s intent was to provide new authentication capabilities for the modern enterprise. Unfortunately, the Via product was thought to be a replacement for SecurID, but Ducharme said it was not intended to replace SecurID, but rather to be a complementary technology.
“So we combined the Via Access and SecurID portfolio together into what is now called RSA SecurID Access,” he said.
Among the enhanced capabilities in the new RSA SecurID Access portfolio is the ability to deploy identity assurance features in the cloud.
“SecurID now can not only be deployed in the cloud, but it can also protect applications that are deployed in the cloud as well,” Ducharme said.
The idea of securing access to cloud applications is one in which Cloud Access Security Broker (CASB) technologies often come into play. Ducharme explained that RSA SecurID Access includes a reverse proxy, providing an identity control point for the cloud. He added that RSA’s goal is help provide identity assurance on a continuous basis.
From a compliance perspective, RSA has an integration between SecurID Access and the RSA Archer GRC (Governance, Risk and Compliance) platform. Ducharme said that RSA Archer has an identity risk dashboard that can be populated with data from SecurID Access to help quantify and articulate the risk and the controls in place, to help customers manage their identity risk.
“We believe that identity is the most consequential attack vector now for the enterprise,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.