10:36 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

Cloud Security: Lessons from Asgard (And Gartner's Identity And Access Management Summit)

What the Tesseract can teach us about 4-dimensional cloud security threats and BYOD defenses

Gartner Identity and Access Management Summit, Las Vegas, December 3, 2012 – With only a slight nod to the recent blockbuster movie “The Avengers,” Authentify Chief Technology Officer Andy Rolfe unveiled his original thinking on a four-dimensional “Security Tesseract” at Gartner’s annual Identity and Access Management Summit, held December 2nd to 5th at Caesar’s Palace.

“The cloud is a truly multi-dimensional environment,” said Rolfe. “Analyzing your risks, fraud vectors and defenses must account for and adapt to the four dimensions of identity sources, communications channels, data acquisition planes and authentication defense factors. Seeing this as analogous to a tesseract is an elegant way to view the challenge because the four vectors are intertwined, and a change in one plane impacts the others.”

While Rolfe posits that the rapid evolution to corporate BYOD environments increases the risk surfaces in this four dimensional view, he also illustrates how smart phones, tablets and other Intelligent Personal Devices, or IPD’s, can be used to implement stronger security and remote user authentication.

Like the guarded Bifröst bridge that securely linked earth to Asgard in Norse mythology, an out-of-band (OOB) secure link using mobile devices or PCs can be used to defend against any known threats to the four dimensions of cloud security. True to the tesseract analogy, a secure OOB link reflects across all of the surfaces, protecting each from man-in-the-middle, man-in-the-browser, DNS poisoning, malicious hotspots, phishing and other known IT security threats.

“It is certainly a thought provoking way to look at the challenge of knowing who exactly is in your cloud and what they can get at while they are there,” according to Tom Swiontek, an IT security industry consultant. “I’ve not seen the problem presented in this way before.”

For effective cloud security in all four dimensions, Authentify offers its new 2CHK app and OOB authentication service. Here’s how it works. The end user activates a small, convenient app on their smartphone or PC and links it securely to their company login account or identity directory using voice or SMS-based OOB authentication. Once this is done, the 2CHK app is “always on” and maintains a secure channel to Authentify’s authentication service.

The first key benefit is security. 2CHK complements IT or online and mobile banking security by providing a completely separate app and OOB channel that protects against stolen passwords and, due to layers of encryption, cannot be defeated by man-in-the-middle and man-in-the-browser attacks. The second key benefit is convenience. Online or mobile commerce customers or IT network users see transactions in the 2CHK app immediately and can confirm or reject them easily.

Authentify was the first to offer a security service based on synchronizing a telephone call for remote user authentication. Since introducing the service in 2001, Authentify has developed authentication schemas and solutions that employ voice channels, SMS messaging and data channels via smart devices or IPD’s.

More information is available at, and a copy of Mr. Rolfe’s presentation can be obtained by contacting Authentify at

About Authentify, Inc.

Authentify, Inc. is a leading global provider of telephone-based Out-of-Band (OOB) authentication services. With a client list that includes five of the world's top ten banks, three of the five largest ecommerce websites and two of the top four insurance companies in North America, Authentify has the most experience and expertise in deploying OOB solutions in the industry. These multi-factor authentication (MFA) services enable organizations that need strong security to quickly and cost-effectively add two-factor or multi-factor authentication layers to user logons, transaction verifications or critical changes such as adding an ACH payee, resetting passwords or changing contact information. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing access control, and emerchants who want to limit fraud on their sites.

For more information, visit Authentify at:

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web