Upload
amd-developer-central
View
103
Download
1
Embed Size (px)
DESCRIPTION
Presentation SE-4110 by Martin Ahlers at the AMD Developer Summit (APU13) November 11-13, 2013.
Citation preview
© 2013 - VASCO Data Security
Top Things to Consider When Authenticating Web Applications
November 2013
© 2013 - VASCO Data Security
Increasing need to protect our online activities
2
End users ASP’s
! Lost revenues ! Tarnished brand ! Low data integrity ! Subscriber churn
! Confidential data leakage ! Cyber bullying ! “Gold farming” ! Identity theft
2012: Hacker able to access billing
information and other accounts
2012: Exposed 6 million user account
passwords
2013: Hackers posted fake news about bombing of the White House, Dow Jones dropped 100 points
2013: 10 million people watch Netflix without
paying for it by sharing passwords
2012: Hackers able to access users’ personal data for use in phishing
attacks
2013: Hackers able to access customer names,
credit/debit cards and expiration dates of 2.9
million customers, and up to 38 million ID’s and
passwords
© 2013 - VASCO Data Security
Agenda
! Applications and pain points ! Cloud services ! Subscription services ! Gaming
! Quick VASCO background ! Combined AMD and VASCO solution ! Sample business case ! Sample competitive comparison
3
© 2013 - VASCO Data Security
Cloud Security Concerns
4
! Losing files
! Files not stored securely
! Loss of control
! Embarrassing files made public
! Computer viruses
Source: Halon 2013 Security Survey
© 2013 - VASCO Data Security
Cloud Providers Are Expected to Lead on Security
5
Within five years, cloud security will become one of the primary drivers for adopting cloud computing. The reason for a shift of security from obstacle to driver is that Cloud Service Providers (CSPs) are expected to invest far more in the development of their security infrastructure and expertise than any typical enterprise
Ernst and Young: Cloud Computing Issues and Impacts, 2011
© 2013 - VASCO Data Security
Subscription Sharing: New York Times Analysis
6
BuzzFeed: It is representative of a rising generation of young people who 1) Like watching shows Online and 2) Cannot fathom paying for them
© 2013 - VASCO Data Security
! Eliminate revenue leakage from account sharing ! Account sharing is perceived as a
back-end security problem. But for companies that rely on online subscriptions as a primary revenue stream, account sharing can mean lost income
! What we found was that about 33 percent of the accounts on the network were being shared
! Secure personal information
! Preserve data integrity for advertising/marketing
Subscription Account Sharing Impacts
"If you're running The Wall Street Journal or World of Warcraft, and you've got multiple people sharing a single subscription, you're losing customers."
Source: AdmitOne 7
© 2013 - VASCO Data Security
Tier 1 ASP Example
8
In need of a cloud based two-factor authentication platform
Company Profile ! One of the world's largest insight, information and
consultancy networks. By connecting its specialist companies, the group aims to become the pre-eminent provider of compelling insights for the global business community.
Needs ! Protect online assets/revenues and control their IP ! Auditable and traceable accounts for Risk and Compliance
Dept. ! No new overhead or code modification of existing web
portals ! OpEx based purchases to tie to subscription services and
improve cash flow ! Everything IT must move to the cloud
© 2013 - VASCO Data Security
Creating Secure Communities Raises Revenues
9 http://info.socious.com/bid/56237/How-Online-Customer-Communities-Can-Increase-Revenue-By-19-Research
! University of Michigan studied a Tier 1 online retailer
! Study found a 19% increase in revenue when customers were connected in an online community
“While the major share of firm and media attention has focused on third-party online social networks such as Facebook, many firms have made the choice to build their own such networks.”
© 2013 - VASCO Data Security
Current state of Gaming
10 Source: SuperData Research and Newzoo Games
$-‐ $2.0 $4.0 $6.0 $8.0 $10.0 $12.0 $14.0 $16.0 $18.0 $20.0
2012 2013 2014 2015
Online Gaming Market Share by Geography (USD $B)
ROW
US
Online gaming industry growing significantly….. …..however ARPU is steadily declining
Publishers need assistance to stabilize ARPU by providing additional value to paying customers
© 2013 - VASCO Data Security
US Gaming Demographics
Typical US Gamer
Age 25-44 Income $35k-$75k 60% male 79% college degree
Sources: *Nielsen Entertainment's third annual Active Gamer Benchmark Study; ** StatGrab; ***SuperData Research/Newzoo 11
117m Online Gamers in the US
1. Above average income and education 2. Tech savvy 3. Understand the value of security
Affinity to online security
© 2013 - VASCO Data Security
Gaming companies must capitalize on hits
! Example: Diablo 3 ! Fastest selling PC game to date ! Broke Amazon record for most pre-
orders ! Sold 3.5m copies on the 1st day ! Sold 6m copies in 1st week ! Within 1 week, it became the most
played game in Korea, 39% of Korean gamers logging in daily
12
Securing new game revenue is a natural fit
© 2013 - VASCO Data Security
Gaming ASP Pain Points
! Account sharing ! Increase revenues and subscriptions with stronger
authentication ! New releases are very competitive, must capitalize on hits
! Account bullying ! Hackers stealing credentials to tamper with account holders
! Gold farming ! Dissatisfaction lowers switching costs and increases churn ! Less of an issue with advent of free to play and ability to buy/sell
with real dollars
! User islands ! Create communities of users to increase stickiness and
monetize free to play ! Cross sell gaming assets ! One credential to access all game sites
“MMO players are very dedicated gamers. As the majority already plays games on other screens, it will be interesting to see if publishers succeed in extending and monetizing their MMO experience across all screens.“
Peter Warman, CEO of Newzoo
13
© 2013 - VASCO Data Security
Agenda
! Applications and pain points ! Cloud services ! Subscription services ! Gaming
! Quick VASCO background ! Combined AMD and VASCO solution ! Sample business case ! Sample competitive comparison
14
© 2013 - VASCO Data Security
Federal Reserve Briefing 15
Our Philosophy
Security
Cost Ease
Find the optimal balance for ASPs and consumers
© 2013 - VASCO Data Security
VASCO Heritage in Banking Security
16
© 2013 - VASCO Data Security
Agenda
! Applications and pain points ! Cloud services ! Subscription services ! Gaming
! Quick VASCO background ! Combined AMD and VASCO solution ! Sample business case ! Sample competitive comparison
17
© 2013 - VASCO Data Security
18 18 18
Secure Portal to Web Apps
App3
App6
App4
App5
App1
App2
Cloud Subscribers
Logins Passwords
Numerous
Complex for users, headache for IT helpdesk
App3
App6
App4
App5
App1
App2
Cloud Subscribers
QR code scan
Simple for users, savings for IT helpdesk
OTP
© 2013 - VASCO Data Security
Integration overview
19
App App App
TEE Client API
Trusted App
Trusted App DIGIPASS
Secure OS (TEE)
Secure Monitor Secure Boot
ARM Cortex A5 Processor with Trustzone Security Extensions
Normal SecDon Secure SecDon
AMD chipset
PlaBorm/Rich OS (e.g. Windows, etc)
© 2013 - VASCO Data Security
Highly secure yet familiar, simple user experience
20
© 2013 - VASCO Data Security
Agenda
! Applications and pain points ! Cloud services ! Subscription services ! Gaming
! Quick VASCO background ! Combined AMD and VASCO solution ! Sample business case ! Sample competitive comparison
21
© 2013 - VASCO Data Security
Cost Effective Cloud
22
Cost per user
Users or Authentications
Opex Model Pay as you grow
© 2013 - VASCO Data Security
-
4,000,000
8,000,000
12,000,000
16,000,000
20,000,000
YR 1 YR 2 YR 3 YR 4 YR 5
Incremental revenues
Incremental costs
MYDIGIPASS.COM Subscription Business Case
ASP with 1M users per month
23
Increased Subscription Assumptions:
• Per a Tier 1 subscription account, 2FA will increase revenues by 10% in YR 1 increasing to 20% by YR 5
• $100 annual subscription revenue • $10 per user 2FA cost
MDP.com would return $17.5M net profit over 5 years.
© 2013 - VASCO Data Security
Easily Deployed Two Factor Authentication
24
© 2013 - VASCO Data Security
Agenda
! Applications and pain points ! Cloud services ! Subscription services ! Gaming
! Quick VASCO background ! Combined AMD and VASCO solution ! Sample business case ! Sample competitive comparison
25
© 2013 - VASCO Data Security
Comparison vs. Home Grown SMS
26
Operates on 3G/4G, WiFi or LAN
Does not operate on WiFi
Not delivered in poor coverage area
Not delivered when out of range
Not delivered under heavy traffic congestion
Over 5% of SMS deliveries fail*
Over 9% take over 5 minutes*
* Per UCLA study Analysis of the Reliability of
a Nationwide Short Message Service
Your unique code is w2z356
Home Grown SMS
© 2013 - VASCO Data Security
Spying on SMS
27
Secure out of band QR code transmission
Unsecure text message can be intercepted using off the shelf
software
Your unique code is w2z356
Your unique code is w2z356
Home Grown SMS
© 2013 - VASCO Data Security
Baseline Mobile App Security
28
Federate Multiple Applications
No
Incremental SMS Opex YES
Authentication method
Standard OTP
Back-up methods Written code
Your unique code is w2z356
Home Grown SMS
Federate Multiple Applications YES
Incremental SMS Opex
NO
Authentication method Challenge/response - more secure
Back-up methods
Smartphone Hardware token
© 2013 - VASCO Data Security
Top Things to Remember for ASP’s
! Are you creating a secure cloud community? ! Application ! Delivery
! Is account vulnerability limiting your revenue growth? ! Losing potential customers ! High cost of fixing account hacking events ! Causing customer churn
! Could strong two-factor authentication in the cloud meet your needs? ! Speedy ROI ! Easy to manage / Easy for users ! More secure than SMS
29
© 2013 - VASCO Data Security
For More Information
30
! Contact us at ! [email protected] ! [email protected] ! And go to our Application Service Provider site ! http://mydigipass.vasco.com/