Kenn Chong

Securing The Home Office, Over The Internet, During The New Normal: What's New For RSA SecurID® Access In 2020

Blog Post created by Kenn Chong Employee on Mar 31, 2020

With governments worldwide implementing various travel restrictions and guidelines for its citizens lately, organizations and their employees are learning to live with the New Normal: essential businesses, social distancing, remote learning, and work from home.

 

Organizations today are also learning to deal with the realities of operating in this new environment.

 

The Home Office is now The Office for employees

The Internet is now The Corporate Network for admins

The New Normal is now Business As Usual for Lines Of Businesses (LOBs)

 

LOBs have highlighted an urgent need for employees to conveniently and securely access critical resources from The Home Office, over The Internet, during The New Normal; as they develop business resiliency while simultaneously enabling a large remote workforce. In some cases, employees may require accessing these work resources from just about any machine that is made available to them at any given point in time.

 

Let us take a look at what is new with RSA SecurID Access in 2020 that organizations can use to achieve these goals. 

 

FIDO Authentication

 

Enterprise interest in FIDO as a secure and convenient authentication method for employees to utilize anywhere on any machine is increasingly growing; recognizing that it can provide a means to achieve this goal with devices that are portable and easy-to-use. As organizations begin incorporating FIDO as part of their Identity and Access Management (IAM) strategy, they turn to us as their premier Identity and Access Management (IAM) solution provider to offer not just any FIDO authentication solution, but an Enterprise Grade FIDO authentication solution. Below are some examples of how we do it better:

      

  • Certification of the RSA SecurID Access Cloud Authentication Service (CAS) as a FIDO2 Certified Server - January 2020
  • Verification of the integrity and authenticity of FIDO-certified security keys listed with the FIDO Alliance Metadata Service (MDS) - January 2020
  • Support for Windows Hello enabled devices and compatible Android phones as FIDO authenticators - February 2020
  • The release of the YubiKey for RSA SecurID Access - a hardware based FIDO authentication solution that provides superior defense against phishing, eliminates account takeovers, and reduces IT costs - March 2020
  • The release of RSA Security Key Utility, a Windows utility that can be deployed on users' WIndows machines to manage user verification for any FIDO2-certified security key - March 2020

 

 

RSA SecurID Authenticate Mobile App

 

Aside from the FIDO enhancements above, we have also continued to strengthen the security of our RSA SecurID Authenticate mobile app. With our app being installed on employee owned Bring-Your-Own-Devices (BYOD), IT admins are always concerned with the security and integrity of the underlying devices used to run the Authenticate app. With this in mind, some enhancements made to the Authenticate app to alleviate these concerns. These enhancements include:

 

  • Jailbreak Detection for the RSA SecurID Authenticate 3.2 for iOS - January 2020
  • Enhanced compliance checks for the RSA SecurID Authenticate 3.3 for Android. This ensures that the device is not rooted before allowing use of the app - March 2020

 

Our customers have relied on the RSA Authentication Manager (AM) server to reliably protect their mission critical infrastructure with RSA SecurID Tokens for many years. One notable enhancement made as part of Patch 9 in January 2020 is to allow users to authenticate to applications using biometrics available on their devices, such as Apple Touch ID or Face ID, Android fingerprint, or Windows Hello. This feature is available if customers use the Security Console wizard to connect the AM to CAS. For instructions, see Connect RSA Authentication Manager to the Cloud Authentication Service.  

 

Easier Setup and Management

 

To make it easy for our CAS admins to setup and manage users, the following enhancements have been implemented:

 

 

Miscellaneous

 

Lastly, as a reminder to our customers using CAS, the IP addresses for CAS and the Cloud Administration Console will be changing soon. We recommend that customers make any necessary firewall changes to allow identity routers and user browsers to connect to these new IP addresses. To prevent service disruption, customers' network must be able to connect to both the existing and new IP addresses according to the table below:

 

RegionNew IP Addresses
ANZ

20.37.53.30,

20.39.99.202

EMEA

51.105.164.237,

52.155.160.141

US

52.188.41.46,

52.160.192.135

 

Closing

 

As organizations continue adapting to the needs of a dynamic and growing remote workforce, they expect vendors to offer solutions that can keep up with them. We hope our customers will take advantage of enhancements announced above to provide employees with a convenient and secure way to access critical resources from The Home Office, over The Internet, during The New Normal with an Enterprise Grade IAM solution.  

Outcomes