10:36 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

Cloud Security: Lessons from Asgard (And Gartner's Identity And Access Management Summit)

What the Tesseract can teach us about 4-dimensional cloud security threats and BYOD defenses

Gartner Identity and Access Management Summit, Las Vegas, December 3, 2012 – With only a slight nod to the recent blockbuster movie “The Avengers,” Authentify Chief Technology Officer Andy Rolfe unveiled his original thinking on a four-dimensional “Security Tesseract” at Gartner’s annual Identity and Access Management Summit, held December 2nd to 5th at Caesar’s Palace.

“The cloud is a truly multi-dimensional environment,” said Rolfe. “Analyzing your risks, fraud vectors and defenses must account for and adapt to the four dimensions of identity sources, communications channels, data acquisition planes and authentication defense factors. Seeing this as analogous to a tesseract is an elegant way to view the challenge because the four vectors are intertwined, and a change in one plane impacts the others.”

While Rolfe posits that the rapid evolution to corporate BYOD environments increases the risk surfaces in this four dimensional view, he also illustrates how smart phones, tablets and other Intelligent Personal Devices, or IPD’s, can be used to implement stronger security and remote user authentication.

Like the guarded Bifröst bridge that securely linked earth to Asgard in Norse mythology, an out-of-band (OOB) secure link using mobile devices or PCs can be used to defend against any known threats to the four dimensions of cloud security. True to the tesseract analogy, a secure OOB link reflects across all of the surfaces, protecting each from man-in-the-middle, man-in-the-browser, DNS poisoning, malicious hotspots, phishing and other known IT security threats.

“It is certainly a thought provoking way to look at the challenge of knowing who exactly is in your cloud and what they can get at while they are there,” according to Tom Swiontek, an IT security industry consultant. “I’ve not seen the problem presented in this way before.”

For effective cloud security in all four dimensions, Authentify offers its new 2CHK app and OOB authentication service. Here’s how it works. The end user activates a small, convenient app on their smartphone or PC and links it securely to their company login account or identity directory using voice or SMS-based OOB authentication. Once this is done, the 2CHK app is “always on” and maintains a secure channel to Authentify’s authentication service.

The first key benefit is security. 2CHK complements IT or online and mobile banking security by providing a completely separate app and OOB channel that protects against stolen passwords and, due to layers of encryption, cannot be defeated by man-in-the-middle and man-in-the-browser attacks. The second key benefit is convenience. Online or mobile commerce customers or IT network users see transactions in the 2CHK app immediately and can confirm or reject them easily.

Authentify was the first to offer a security service based on synchronizing a telephone call for remote user authentication. Since introducing the service in 2001, Authentify has developed authentication schemas and solutions that employ voice channels, SMS messaging and data channels via smart devices or IPD’s.

More information is available at, and a copy of Mr. Rolfe’s presentation can be obtained by contacting Authentify at

About Authentify, Inc.

Authentify, Inc. is a leading global provider of telephone-based Out-of-Band (OOB) authentication services. With a client list that includes five of the world's top ten banks, three of the five largest ecommerce websites and two of the top four insurance companies in North America, Authentify has the most experience and expertise in deploying OOB solutions in the industry. These multi-factor authentication (MFA) services enable organizations that need strong security to quickly and cost-effectively add two-factor or multi-factor authentication layers to user logons, transaction verifications or critical changes such as adding an ACH payee, resetting passwords or changing contact information. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing access control, and emerchants who want to limit fraud on their sites.

For more information, visit Authentify at:

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.