1. Minimize end-user experience impact while maintaining an appropriate level of security.
If you are an existing RSA SecurID hardware token customer and, due to scale or distribution challenges, physical tokens are no longer your preferred option, RSA recommends that RSA SecurID software tokens be considered as a next-best alternative.
Advantages of this alternative:
- Same fundamental end-user authentication experience, minimizing end-user impact in the midst of facing other sudden and significant work environment changes.
- Able to more quickly provision tokens, leveraging automation to streamline processes while still maintaining token life-cycle security controls.
- RSA Electronic Enablement Program eliminates need to receive any physical media from RSA.
In order to conform to RSA-recommended practices, you will need to have (or to install) the AM Web Tier component for CT-KIP dynamic seed distribution. In the event that the AM Web Tier cannot be deployed or deployed quickly enough, ODA is another RSA authentication alternative to consider.
If you are seeking to deploy a net-new multi-factor authentication solution for remote access, then the RSA Cloud Authentication Service along with RSA's Authenticate mobile authentication application provide for a SaaS-based solution that is quick to implement, integrate and roll-out. Under this approach, an RSA application installed on the user's mobile device provides for a simple enrollment process using QR code scanning and a range of secure and convenient user authentication methods, including push-to-approve, biometric, and OTP.
2. Review your infrastructure and assess ability to support log-in traffic and administrative activities under load conditions.
Reliability, availability, and performance are critical not only to end-user experience but also to the overall health and stability of the authentication system. Dramatic increases in the user population size and peak authentication load can quickly swamp resources that previously were able to keep up. Fortunately, the RSA SecurID Access platform provides many architectural features and tuning parameters to address performance and availability requirements. You must also ensure that your environment's underlying server infrastructure, network, and remote access devices are up to the task.
RSA product documentation, including the RSA Authentication Manager 8.4 Performance and Scalability Guide, contains detailed information for consideration as you (re-)assess your authentication solution design for new load and performance requirements. For additional insights based on our extensive field experience and Subject Matter Expertise, click the "Optimizing & Tuning" resource button.
Additionally, if you are an existing RSA customer, ensure that you are running supported versions of RSA SecurID Access software components. For a detailed listing, refer to Product Version Life Cycle for RSA SecurID Access.
3. Consider end-user self-service and education capabilities needed to maintain ongoing operations.
As your end-user population increases in size, self-service and automation as well as effective user education material become paramount to maintaining ongoing operations. It is a given that IT and Help Desk staffs will be asked to "do more, with less" in times of business disruption and rapid expansion. Therefore, it is essential to empower users with self-service functions that offload common life-cycle tasks from back-end administrative staff and allow for easy -- but secure -- steps to resolve user "reset" states (e.g., PIN reset, account locks, password reset, etc.).
Out-of-the-box, RSA provides for self-service capabilities through the RSA Cloud Authentication Service's myPage and the RSA Authentication Manager Self-Service Console. For larger organizations, RSA Professional Services offers an add-on package, RSA SecurID Access Prime, that can be applied across RSA's Identity Assurance Platform to aid with customized self-service, delegated help desk administration, and workflow systems integration.
Just as importantly, end-user awareness and education around multi-factor authentication must be promoted in corporate communications, embedded within user onboarding workflows, and supported within a readily accessible portal. RSA provides a collection of resources that can be utilized to construct tailored materials for Educating Your Users.