Readers vote on the best digital identity verification products, services, and management systems, including PKI, hardware and software tokens, smart cards.
In this part:
EMC RSA SecurID
RSA, the Security Division of EMC
The breach of SecurID, the two-factor authentication product from EMC Corp.'s RSA security division, earlier this year isn't news anymore. At this point, many of the attack details – from the initial spear-phishing email to the exploited Adobe zero-day flaw – are public knowledge. While RSA's breach-handling strategy has been lauded by some and pilloried by others, it seems SecurID customers are still pleased with the product. So pleased, in fact, that they gave it top honors in this year's Reader's Choice Awards for authentication technology.
Conducted in the weeks following the breach, our survey asked nearly 200 information security pros what they thought of the authentication products used in their enterprises. While SecurID posted strong numbers across the board, it was ranked especially highly for its integration and compatibility with existing infrastructure, its ease of use for end users, and its scalability, with three-quarters of respondents rating it a four or five (on a scale of 1 to 5). But perhaps the biggest honors were those the survey didn't directly measure: Customers' confidence in the product's security, even following a compromise.
Expert's market reflection:
“As businesses move services to the cloud and highly funded hacker groups find sophisticated ways to perpetrate identity theft, companies are seeking stronger authentication for globalized end users and customers.”
— Randall Gamby, information security officer for a consulting firm that specializes in data warehouse initiatives
As a tool used to centralize Web access management, CA's SiteMinder was praised most highly for the security of its credentials against cracking and discovery, earning it this year's silver award. The authentication technology also brought home strong marks for its adept integration and compatibility, as well as its scalability and ease-of-use for end users. The product is designed with centralization and dynamic authorization at the forefront, with emphasis on making Web access more manageable for IT and security teams.
VeriSign (Symantec) Identity Protection Authentication ServiceSymantec
This year's bronze award winner for authentication goes to VeriSign's Identity Protection Authentication Service. Due perhaps to its cloud-based functionality, the service scored highly for its integration and compatibility proficiency. Readers also gave it high marks for its scalability and ease of installation. Among other features, the VeriSign Identity Protection Authentication Service boasts a wide variety of one-time password (OTP) options, and the fact that it's based in the cloud means there's no need for hardware or software installation.