Embed Size (px)
Citation preview
ViewBoard® IFP60 SeriesInteractive Display withEnterprise-Grade SecurityWhite Paper
ContentsUnauthorized Account Access at the Workplace ............................................................ 1
Workplace Cyber Security ............................................................................................1
Collaboration Security Risk ...........................................................................................2
Secured Collaboration with the ViewBoard® IFP60 Series Interactive Displays ............... 3
Biometric Authentication Boosts Workplace Security ...................................................4
Multi-factor Authentication for Enhanced Enterprise Security ......................................6
Single Sign-on Leaves No Trace ......................................................................................8
Added ViewBoard® Security: Windows Hello Integration ............................................. 11
Optional ViewBoard® Security: Reinforced Protection with Intel vPro™ Technology .... 12
Enhanced Security Plus Reduced IT Management Costs ............................................14
1
Workplace Cyber Security
Cybercrime is an enormous enterprise security challenge. As businesses increasingly rely on technology and the internet, exposure to workplace cyber security threats grows. Along with the rise in workplace tech, cybercrime has risen annually for several years. In 2016 it was the 2nd most reported type of crime globally. Privacy concerns parallel this rise.
Hackers attack computers and networks at an alarmingly frequent rate. In fact, attacks average once every 39 seconds. Each year, more cybercrimes make the headlines. Security breaches, data theft, ransomware, malware threats and more dominate the news.
The U.S. had the most data breaches of any other country, by a large margin. In 2016, there were 1,013 data breaches in the U.S. By comparison, second-place U.K. had just 38 breaches. 2017 saw a new record high of 1,579 breaches. Of these, business was the top-ranked category, accounting for 55% of all breaches. The Medical/Healthcare category came in second, with 23.7% of the total number of breaches.
Many (if not most) content sharing platforms rely on the internet. In any workplace, a workstation that’s fully integrated into the corporate LAN is a much greater risk. Similarly, LAN-connected interactive displays can pose a cyber security risk.
Unauthorized Account Access at the Workplace
2
Collaboration Security Risk
Workstyles are changing. Today, collaboration dominates the way we get things done in education and the workplace. In 1985, groups accomplished around 30% of business work; however, by 2010, this number had increased to 80%. Today, 97% of employees and executives agree that collaboration enhances productivity. Working together impacts the outcome and among its many benefits, collaboration can increase innovation by up to 15% and reduce the time to market by up to 20%.*
Working in teams can also create risk. According to Yaki Faitelson, Co-Founder and CEO of Varonis and head of the Forbes Technology Council:
Access requirements change over time as projects and teams come and go, and users join, change roles, or leave the organization. It is important to know exactly who uses and no longer uses.
The Varonis 2018 Global Data Risk Report indicated that 21% of an organization’s folders were accessible to every employee. 41% of companies had at least 1,000 sensitive files open to all employees.
* Data source: Work.com, IDC, Wainhouse Research, akuity.com, polycom.com, redbooth.com, hbr.org, adjuvi.com, tinyhr.com
3
Secured Collaboration with the ViewBoard® IFP60 Series Interactive Displays
The connectivity and collaboration capabilities compound security concerns at the workplace. To mitigate these concerns, ViewSonic® designs products with the latest security measures. The ViewSonic® ViewBoard® 60 line of IFPs were engineered with key security features to address today’s threats to enterprise security.
Advanced interactive displays like the ViewSonic ViewBoard® interactive flat panels (IFPs) deliver value by enabling extensive collaboration. Meeting participants can share and receive information locally, via a LAN, or over the cloud-based myviewboard.com. The
built-in browser enables easy integration of internet and cloud content to enhance presentations.
The ViewSonic ViewBoard® IFP60 line of interactive displays are the all-in-one digital whiteboards with pre-installed software and cloud-based capabilities delivering advanced annotation and content sharing. The ViewBoard® IFPs allow teams to connect and collaborate from across the table or around the globe. A secured collaboration includes ViewBoard®’s enterprise-grade security features:
• Biometric authentication• Multi-factor authentication• Single sign-on
4
Biometric Authentication Boosts Workplace Security
Securing workplace and customer data with passwords is old news. Biometric authentication is the wave of the security future. Financial institutions are leading the way. Large U.S. banks increasingly use biometrics like fingerprints and facial scans to secure accounts. Many are forgoing passwords for biometric authentication.
“We believe the password is dying,” said Tom Shaw, vice president for enterprise financial crimes management at financial services firm USAA. “We realized we have to get away from personal identification information because of the growing number of data breaches.”
Biometrics combined with other security methods provides an added defense against hackers. More modalities mean strengthened security with more barriers to safeguard company information.
Authentication modality
Aut
hent
icat
ion
stre
ngth - Biometrics
- Securitytoken
- Knowledgefactors
- Voice- Face- Fingerprint- Behavior - Physical
- Behavioral- Password- PIN- Security question
Security token
- Password- PIN
Multi-modal
2 Biometrictypes
1 Biometrictype
2 Knowledgefactors
1 Knowledgefactor
- Device ID- OTP token
Source: Nuance white paper
5
ViewBoard® Biometric Safeguards Intruders
The ViewBoard® IFP60 series interactive displays include biometric sign-on for added enterprise security. One finger access delivers a convenient, secure sign-on. Users quickly gain access to all ViewBoard® features, including access to company confidential files on the corporate LAN or cloud storage sites.
Certified Biometric Standards: FIPS 201 PIV
The U.S. federal government defined standards for biometric security in the Federal Information Processing Standard, Publication 201 (FIPS 201). FIPS 201 specifies Personal Identity Verification (PIV) requirements for federal employees and contractors. Many worldwide customs systems follow this standard, which was issued in response to a Homeland Security Presidential Directive. Among other things, FIPS 201 established rigorous standards for the image quality of biometric devices.
ViewBoard®s and FIPS 201
The ViewBoard® IFP60 series biometric fingerprint module is tested to be in full compliance with FIPS 201. The module is certified by the FBI for the agency’s FIPS 201 standards.
6
Multi-factor Authentication for Enhanced Enterprise Security
The password-only authentication is a known security risk, which attributes to compromised credentials - the leading cause of data breach. An multi-factor authentication (MFA) requires multiple methods of identification, adding a much-needed layer to workplace security.
The multi-factor authentication uses a combination of at least two of the three credentials (factors):
• Something You Know – Username, password, PIN, or security questions• Something You Have – Smartphone, one-time passcode, or smart card• Something You Are – Biometrics, like your fingerprint, retina scans, or voice
recognition
A two-factor authentication (2FA) is a common form of MFA for security. The 2FA requires two of the three MFA factors. To boost enterprise security, a user’s credentials must come from two different categories. For example, using two different passwords to log on would not be considered as a multi-factor.
The multi-factor authentication is everywhere. You have experienced it if you have:
• Swiped your bankcard at the ATM and then entered your PIN.• Logged into a website that sends a numeric code to your phone, which you then
entered to gain access to your account.
Extra security provides an added peace of mind. Imagine if one factor has been compromised by a hacker or unauthorized user; the likelihood that a second factor compromises is slim. An multi-factor authentication combined with a company’s existing network security is a smart way to boost workplace security.
7
ViewBoard®s and Multi-factor Security
The ViewBoard® IFP60 series interactive displays offer robust multi-factor authentication options.
These include:
• Built-in biometric fingerprint reader• Pre-installed myViewBoard™ token account/password• Microsoft Windows-based PC account/password
Authentication modality
Aut
hent
icat
ion
stre
ngth - Biometrics
- Securitytoken
- Knowledgefactors
- Voice- Face- Fingerprint- Behavior - Physical
- Behavioral- Password- PIN- Security question
Security token
- Password- PIN
Multi-modal
2 Biometrictypes
1 Biometrictype
2 Knowledgefactors
1 Knowledgefactor
- Device ID- OTP token
Source: Nuance white paper
8
Single Sign-on Leaves No Trace
Single sign-on (SSO) authentication lets users access multiple applications with one set of login credentials. These credentials are often referred to as a “token.” SSO can be referred to as a token-based authentication, it is useful for secure login to enterprise LANs. SSO is also commonly used for logging onto the internet because it allows users to stay on the web without the added exposure of cookies.
The use of a single sign-on is on the rise. Its growth parallels the growth of other related trends. These include the rise of the public cloud, a wave of new developer methods, enterprise mobility, web, and cloud-native applications.
Cloud applications in particular present both an opportunity and a drawback. Enterprises in 2017 were expected to use an average of 17 cloud applications to support their IT, operations, and business strategies. It’s no surprise that this adds to the complexity that are associated with IT management. In fact, 61% of respondents in a survey of CIOs said identity and access management (IAM) were more difficult than two years prior.
SSO is a useful enterprise cyber security tactic when users need to access multiple resources via the local area network (LAN). SSO improves workplace cyber security by minimizing bad password habits.
Barry Scott, CTO at cyber security firm Centrify EMEA calls this password hygiene. “The main cause of breaches is compromised credentials and the more usernames and passwords we have, the worse our password hygiene becomes,” said Scott. “We start to use the same passwords everywhere and they often become less complex, making it easier for credentials to be compromised.”
9
Single Sign-on Security
Single sign-on is a core security feature of ViewBoard® IFP60 Series interactive displays, which deliver advanced annotation and content sharing via the cloud. SSO is delivered via an integrated FIPS-201-certified Windows Hello fingerprint reader. This enterprise-grade cyber security includes AES256 encryption for complete security of data and files. Easy single sign-on and sign-off with cloud-based portability allows users to store and retrieve files with one touch.
When users log into the ViewBoard® IFP60 series interactive displays via the fingerprint reader, SSO functionality automatically signs them into the myViewBoard™ software – which delivers access to all 3rd party applications. These include Google Drive, OneDrive, Dropbox, Box, Zoom, and GoToMeeting.
Powered by Amazon Web Services, myViewBoard™ runs on an enterprise-grade secure platform that enables group communication over the internet. When a myViewBoard™ whiteboard session is finished, users can save data to their own cloud and sign off. All access and temporary files are deleted without leaving a trace behind.
Powered by Amazon Web Services, myViewBoard™ is a hybrid cloud-based whiteboard solution. myViewBoard™ integrates Github, Docker, and Circle CI to deploy secure, scalable architecture on Amazon’s Web Service Cloud platform. WebRTC’s protocol for securing the
streaming service and how PGP (Pretty Good Privacy) is integrated in personal secure file sharing and transmit use cases. This approach is designed to balance customers’ needs for security and confidentiality with public information in regard to technologies and third-party solutions that myViewBoard™ integrates.
10
Leave No Trace
The ViewBoard® IFP60 series interactive displays are generally installed as the public digital whiteboards. Consider a typical conference room display, many users interact with the display every day. Without appropriate enterprise security measures, this is a disaster waiting to happen.
Imagine a user forgets to remove and unmount their cloud service at the OS level from Google Drive, OneDrive, Dropbox, Box, or other cloud-based services. Whoever uses the display next could have access to the previous user’s entire cloud storage without appropriate cyber security measures. Single sign-on at the application layer prevents workplace cyber security disaster by using advanced processes like OAuth and Access Tokens to access cloud services, rather than a pure username/password system.
The myViewBoard™ cloud-based whiteboard software uses an access token bound to a myviewboard.com account. It functions only at the application level. Cloud storage access is only available within the application and only to the host that has logged in. When combined with personalized settings, an added security measure automatically logs out the host after a customizable time interval. Files saved to the default cloud storage, along with all access and temporary files, are deleted. No trace of the token or related files (which are also encrypted) is left behind on the ViewBoard®.
For an added layer of security, the connection used to exchange tokens between the myViewBoard™ native app (myViewBoard™ for Windows/Android) and a myViewBoard™ web app (myviewboard.com) uses an encrypted AES 256 web socket.
Furthermore, when a user logs into myviewboard.com on myViewBoard™ for Windows/Android, the application has a direct connection to the cloud storage (Google Drive, OneDrive, Drobox, and Box). The operating system is bypassed. In other words, the cloud storage abilities are completely disconnected from the underlying host operating system. This is an important enterprise cyber security feature: only the myViewBoard™ native app on ViewBoard® IFP60 series interactive displays can access the cloud storage.
11
Added ViewBoard® Security: Windows Hello Integration
The Windows Hello enables secure biometric sign-in to any ViewSonic ViewBoard® IFP60 series displays. Windows Hello is a biometric technology that uses the face, iris, or fingerprint as alternatives to using passwords to launch Windows.
Another feature of Windows Hello is the password technology called Windows Passport. Passport uses two-factor authentication (a biometric sensor or PIN with enrolled device) to grant password-free access to applications, websites, and networks on enrolled devices. To work with Passport, devices must have biometric sensors, such as those based on Intel® processors and technologies.
Windows Hello provides many benefits, including:
• Strengthening protection against credential theft. Attackers need both thedevice and the biometric info or PIN to gain access so it’s more difficult to gainaccess without the employee’s knowledge.
• Simple employee authentication method. No more forgotten passwords!Simple to remember PIN backs up biometric login.
• Convenient support. Support for Windows Hello is built into the operatingsystem so you can add additional biometric devices and polices as part of acoordinated rollout or to individual employees or groups using Group Policy orMobile Device Management (MDM), and Configurations Service Provider (CSP)policies.
12
Optional ViewBoard® Security: Reinforced Protection with Intel vPro™ Technology
The ViewSonic ViewBoard® IFP60 series interactive displays can be upgraded with an optional Intel-Unite certified VPC12-WPO-2 slot-in PC. The slot-in PC delivers added security and computing power. A powerful Intel Unite solution, the slot-in PC delivers a secure unified communications platform along with reduced IT management costs.
The latest (6th Gen and up) Intel Core vPro™ processors deliver enhanced security benefits to high-performing devices like the ViewSonic slot-in PC VPC12-WPO-2. These processors enable organizations to fully utilize Windows 10 security features. The result: wireless capabilities plus hardware-enhanced enterprise security that meet the security needs of the most demanding businesses.
Windows 10 is one of the most secure versions of Windows, ever. The new security features included with Windows 10 make a compelling case for businesses to invest in this OS.
Reinforced protection with Microsoft Windows 10 and Intel Intel vPro Technology
13
Combining Windows 10 and 6th Gen Intel® Core™ vPro™ processors amps up enterprise security in an era of increasing cyber intrusion. Consider:
• When credential keys, tokens, and policies are processed by the vPro™ chip,they're much more difficult to see or reach. The Intel® Authenticate Solutionboosts IT confidence by hardening at least one factor and IT policies.
• Facial recognition, fingerprint, Bluetooth phone proximity, protected PIN, andlogical location are using Intel® Active Management Technology (Intel® AMT).Virtual smart cards and additional factors from OEMs and hardware partnersgive you even more options for protecting the latest Intel® Core™ vPro™processor-based computers.
• The solution easily integrates into existing network environments andmanagement tools, including Microsoft System Center Configuration Manager(SCCM)*, Active Directory Group Policy Objects (GPO)* and McAfee® ePolicyOrchestrator® software.
Learn more on the Intel® Authenticate Solution here.
Learn more on the enhanced security with Windows® 10 and Intel® Core® vPro™ processor here.
Intel vPro™ processors further enhance security through the use of a TMP – Trusted Platform Module. The TPM is a protected and encapsulated microcontroller security chip used to defend internal data structures against intelligent attacks.
It stores keys, passwords, and digital certificates, making them more secure against external software attacks and physical theft. Learn more about the Intel TPM here and here.
14
Enhanced Security Plus Reduced IT Management Costs
Adopting the ViewSonic ViewBoard®s as client PCs for deployment of Intel® vPro™ technology enables IT departments to conveniently manage systems remotely at the firmware level. This includes:
• Enabling control of client PCs even in a pre-boot environment• Secure client management that’s less prone to interference from OS issues• Permitting remote access to the PC regardless of the system’s state or condition
The ability to remotely manage the ViewSonic ViewBoard®s throughout the enterprise reduces IT and administrative costs. Administrators receive error messages on their remote workstations. They can reset passphrases, troubleshoot and repair systems without leaving their seats. Resources that would have been spent on calls and travel are reduced. System uptime is maximized and employees (and techs) are spared from having to walk through diagnostic processes over the phone.
KVM remote controls allow service techs to diagnose or repair PCs even when the operating system has malfunctioned or become non-functional. Moreover, with ISO mounts, service technicians can boot from an ISO image, install operating systems, share a drive via the cloud, or access a Windows pre-installation environment.
For more information, please visit www.viewsonic.com
Specifications and availability are subject to change without notice. Corporate names and trademarks stated herein are the property of their respective companies. Copyright © 2019 ViewSonic Corporation. All rights reserved.
