2006 Products of the Year: Authentication

With the threat of data theft and the demands of regulatory compliance, enterprises are clamoring for tools to ensure users accessing the network are indeed who they say they are.

Patrick A. CotÉ, information security officer for Houghton Mifflin Company, says RSA Security's RSA SecurID has proven itself as the best fit for his company. Others have reached the same conclusion, making it this year's gold-medal winner in authentication for the second straight year.

"With our prior system, you could really try to guess passwords," CotÉ says. "The whole password schema really wasn't very robust, so we looked for a two-factor authentication product."

His department rolled out SecurID tokens in May 2005; by late December, 2,500 accounts had been established in a Unix environment. So far, he says, "not a single person has had trouble authenticating."

The tokens are used strictly for remote access. "Once the PIN is set up, if the token is used correctly there's no downtime," CotÉ says. "It's very reliable. That was really why we chose RSA over the others. We needed that reliability."

Users responding to the Products of the Year survey rate SecurID particularly high in the performance, vendor support/service, features and overall quality categories. One user SecurID calls it "the standard by which all others are judged." Another calls it a "first-rate and robust product." Others agreed with CotÉ that it is "very reliable."

Since 1986, SecurID has defined authentication, authorization and accounting, and still the SecurID syste

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

I would like to receive a FREE subscription to Information Security magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

While CotÉ has deployed it in a Unix environment, organizations can also deploy SecurID through a variety of hardware and software tokens for Windows workstations and assorted handheld devices and wireless phones.

SecurID's scalability is another critical factor, enabling large enterprises to deploy and manage authentication for millions of users and hundreds of apps through its Authentication and Deployment managers. The bundled Deployment Manager is automated, Web-based provisioning software that enables quick token deployment. Its self-service capability reduces the drain on IT staffs and help desks.

For SMBs, two-factor authentication is also available with the RSA SecurID Appliance, a hardened Windows box with embedded firewall functionality designed for easy management.


[IMAGE]

Steel-Belted Radius/Enterprise Edition
Funk Software (Juniper Networks), www.funk.com

Authentication is where the rubber hits the road, and this RADIUS/AAA server for wired and wireless networks helps keep enterprises running smoothly and securely.






[IMAGE]

VeriSign Managed PKI Services
Verisign, www.verisign.com

Trust is a cornerstone of security, and companies trust VeriSign, which won very strong survey approval for security, and good ratings for performance and overall quality for its range of PKI services.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Web Security Advisor,   PKI and Digital Certificates,   Enterprise Identity and Access Management,   User Authentication Services,   Enterprise Single Sign-On (SSO),   Biometric Technology,   Security Token and Smart Card Technology,   Technology,   Authentication,   Compliance,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Web Security Advisor DNS rebinding defenses still necessary, thanks to Web 2.0 New defenses for automated SQL injection attacks PCI compliance and Web applications: Code review or firewalls? Worst practices: Bad security incidents to avoid Web scanning and reporting best practices Social networking Web site threats manageable with good enterprise policy Enterprise security in 2008: Building trust into the application development process PCI DSS Section 6: A plan for tackling application security Making the case for Web application vulnerability scanners Preparing for uniform resource identifier (URI) exploits PKI and Digital Certificates Portable security storage device could replace OTP devices What is most misunderstood about EV SSL certificates? VeriSign addresses MD5 flaw Rogue digital certificates strike blow to Internet security Can any firm or organization get a digital signature certificate? How to obtain a digital certificate for a server PKI and digital certificates: Security, authentication and implementation What is the best way to administer exams to students via computer? Should computer exams be transmitted as PDF files or Word files? Should PKI systems be used for laptop encryption? PKI and Digital Certificates Research Enterprise Single Sign-On (SSO) Changing times for identity management Kerberos configuration as an authentication system for single sign-on How to use single sign-on for Web access control to prevent malware Learn about enterprise strategy for server virtualization single sign-on Enterprise single sign-on: Easing the authentication process Exploring authentication methods: How to develop secure systems User provisioning and SSO for PeopleSoft- and Unix-based products Sun launches open source OpenSSO for identity management Pre-requisites for implementing enterprise single sign-on (SSO) Startup Symplified delivers SSO in the cloud Enterprise Single Sign-On (SSO) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) Certificate Revocation List  (SearchSecurity.com) Digital Signature Standard  (SearchSecurity.com) HDCP  (SearchSecurity.com) MD2  (SearchSecurity.com) MD4  (SearchSecurity.com) MD5  (SearchSecurity.com) nonrepudiation  (SearchSecurity.com) PKI  (SearchSecurity.com) public key  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.