That old saw about every cloud having a silver lining is true — at least when it comes to data breaches and ID theft.
Bad as these may be for the average consumer, they open up a great opportunity for vendors.
That burgeoning opportunity now sees CA strengthening its SiteMinder Web Access Manager by teaming up with Arcot, which offers risk-based authentication in its RiskFort product.
The combination of the two will help detect, assess and block fraud attempts in real time for ay consumer- or enterprise-facing portal.
Here’s how it works: RiskFort keeps logs of where consumers or enterprise staff normally log in from. If they log in from somewhere else, it uses statistics and analysis to calculate a risk score.
Based on that risk score and policies put in place by companies using the two, CA SiteMinder will then grant or deny access or initiate some other action.
“SiteMinder tells you who can do what within an enterprise; we’re adding higher assurance that the who is the right user,” said Ram Varadarajan, president and CEO of Arcot.
The deal will help CA continue its attempts to broaden the authentication capabilities of its security product line.
RiskFort works well with SiteMinder, and “strong authentication solutions such as tokens haven’t been successful in the online consumer world because they need to be deployed, and that’s expensive,” Bill Mann, senior vice president, CA Security Management, said.
Tokens are needed in two-factor authentication which is increasingly becoming desirable as the growing number of breaches and the growth of ID theft show. Security experts generally agree that a user name and password is easily cracked and is proving inadequate as cyber criminals get more sophisticated.
The problem with tokens is that the consumer or user needs to carry them around, and often forgets to do so. Arcot’s approach is based on offering a software alternative to a physical token.
“As Web 2.0, software service, collaboration and social networks get used more in business, the demand for identity assurance will become even more critical,” Mann said. Indeed, and enterprises need to be able to authenticate that people are who they claim to be online.