Multifactor Authentication for the Mainframe?

Is the password is dead or dying?

Lots of articles talk about the death of passwords. Google aims to kill them off by the end of 2017. According to the company, Android users will soon be able to log in to services using a combination of face, typing, and movement patterns. Apple figured this out long ago (Apple Pay) and continues to move away from passwords. Even the U.S. government is coming to grips with the fact that passwords don’t cut it anymore.

Enter multifactor authentication or MFA. Almost everyone agrees that MFA provides the strongest level of authentication (who you are) possible. It’s great for users, too. My iPhone is a great example. While I like many things about it, Touch ID is my favorite feature. I never have to remember my thumb print (it’s always with me), and no one can steal it (except James Bond). Touch ID makes secure access so easy.

Given the riskiness of passwords and the rise of MFA solutions, I have to ask why it’s still okay to rely on passwords for mainframe access. Here’s my guess: This question has never occurred to many mainframe system admins because there’s never been any other way to authenticate host access—especially for older mainframe applications.

 Are mainframe passwords secure?

When you think about passwords, it’s clear that the longer and more complex the password, the more secure it will be. But mainframe applications—especially those written decades ago, the ones that pretty much run your business—were hardcoded to use only weak eight-character, case-insensitive passwords.  Ask any IT security person if they think these passwords provide adequate protection for mission-critical applications and you will get a resounding “No way!”

As far as anyone knows, though, they’ve been the only option available. Until now. At Micro Focus, we are bridging the old and the new, helping our digitally empowered customers to innovate faster, with less risk. One of our latest solutions provides a safe, manageable, economical way for you to use multifactor authentication to authorize mainframe access for all your users—from employees to business partners.

Multifactor authentication to authorize mainframe access?

It’s a logical solution because it uses any of our modern terminal emulatorsthe tool used for accessing host applications—and a newer product called Host Access Management and Security Server (MSS). Working alongside your emulator, MSS makes it possible for you to say goodbye to mainframe passwords, or reinforce them with other authentication options. In fact, you can use up to 14 different types of authentication methods—from smart cards and mobile text-based verification codes to fingerprint and retina scans. You’re free to choose the best solution for your business.

In addition to strengthening security, there’s another big benefit that can come with multifactor authentication for host systems: No more passwords means no more mainframe password-reset headaches!

Yes, it’s finally possible to give your mainframe applications the same level of protection your other applications enjoy. Using MFA for your mainframes brings them into the modern world of security. You’ll get rid of your password headaches and be better equipped to comply with industry and governmental regulations. All you need is a little “focus”—Micro Focus.

Geo-fencing: securing authentication?

Micro Focus is leading the industry in geo-fencing and Advanced Authentication with it’s NetIQ portfolio. Simon Puleo looks at this fascinating new area and suggests some potential and very practical uses for this technology in his latest blog

Are you are one of the 500 million users who recently had their account details stolen from Yahoo?

Chances are that criminals will use them for credential stuffing – using automation to try different combinations of passwords and usernames at multiple sites to login to your accounts.

So you’re probably thinking the same as me – that a single username and password is no longer sufficient protection from malicious log-in, especially when recycled on multiple sites.

DeYahoo1

Is your identity on the line?

Indeed, 75% of respondents to a September 2016 Ponemon study agreed that “single-factor authentication no longer effectively protects unauthorized access to information.”

Biometric authentication is one solution and is already a feature of newer iPhones. However, skimmers and shimmers are already seeking to undermine even this.

Perhaps geo-fencing, the emerging alternative, can address the balancing act between user experience and security? It provides effective authentication and can be easily deployed for users with a GPS device. Let’s take a closer look at what this technology is, and how it can be used.

What is geo-fencing?

Geo-fencing enables software administrators to define geographical boundaries. They draw a shape around the perimeter of a building or area where they want to enforce a virtual barrier.  It is really that easy. The administrator decides who can access what within that barrier, based on GPS coordinates. In the example below, an admin has set a policy that only state employees with a GPS can access systems within the Capitol Building.

cap

Let’s dive deeper, and differentiate between geo-location and geo-fencing. Because geo-location uses your IP it can be easily spoofed or fooled, and is not geographically accurate. However geo-fencing is based on GPS coordinates from satellites tracking latitude and longitude.

While GPS can be spoofed it requires loads of expensive scientific equipment and certain features to validate the signal. Using geo-coordinates enables new sets of policies and controls to ensure security and enforce seamless verification, keeping it easy for the user to log-in and hard for the criminal to break in. Consider the below example:

Security Policy: Users must logout when leaving their work area.

Real-world scenario: Let’s go and get a coffee right now. Ever drop what you are doing, leaving your PC unlocked and vulnerable to insider attacks? Sure you have.

Control: Based on a geo-fence as small as five feet, users could be logged out when they leave their cube with a geo device, then logged back in when they return. It’s a perfect combination of convenience, caffeine and security.

Patient safety, IT security 

This scenario may sound incredible, but Troy Drewry, a Micro Focus Product Manager, explains that it is not that far-fetched. Troy shared his excitement for the topic – and a number of geo based authentication projects he is involved in – with me. One effort is enabling doctors and medical staff to login and logout of workstations simply by their physical location. This could help save valuable time in time-critical ER situations while still enforcing HIPAA policies.

Another project is working with an innovative bank that is researching using geo-fencing around ATMs to provide another factor of validation.  In this scenario, geo-fencing could have the advantage of PIN-less transactions, circumventing skimmers.

As he explained to me, “What is interesting to me is that with geo-fencing and user location as a factor of authentication, it means that security and convenience are less at odds.” I couldn’t agree more. Pressing the button on my hard token to login to my bank accounts seems almost anachronistic; geo-fencing is charting a new route for authentication.

Micro Focus is leading the industry in geo-fencing and Advanced Authentication. To learn more, speak with one of our specialists or click here.

 

Move beyond weak mainframe passwords with advanced multifactor authentication

Flexibility is the key when it comes to multifactor authentication and you can also use these same methods to authorize access to your host systems as well. You can set up different authentication requirements for different types of users and manage everything from a central console. David Fletcher provides more insight in his blog….

More and more companies are moving to multifactor authentication. Almost everyone agrees that multifactor authentication is the best way to provide the strongest level of authentication (who you are). This technology is taking hold in many industries, and for the most part it’s working pretty well. Now ask yourself “How can I use multifactor authentication to authorize access to my host systems?”

thumb

Complex and Expensive?

Wow—things just got really complicated and expensive. Think about who is accessing your host systems today. Employees all over the world with different devices and different access needs. Business partners who need access but don’t have your same systems and devices. What about customers who are actually updating their own data via web services on your host systems? The level of complexity that comes with implementing multifactor authentication for enterprise applications is hard enough. Now throw in the mainframe and it’s enough to keep anyone from moving in that direction.

But what if there was a flexible and manageable way to use multifactor authentication for host applications? Because Micro Focus is the expert in securing and managing access to your host systems, we have developed new capabilities to make implementing and managing multifactor authentication flexible and affordable. You can even use the same products for implementing multifactor authentication for your enterprise applications and authorizing access to your host systems.

Affordable and Flexible:

The key to making multifactor authentication affordable and flexible is having a system that supports many different ways of authenticating. Such a system could support whatever methods of authentication are right for your users and your budget.

There are many different ways that a user can be authenticated. You can take advantage of the fact that most (if not all) employees or partners have a cell phone. No need for costly devices to increase security to your systems. What if you could let a partner choose between answering three security questions or using a fingerprint for authenticating or a combination of questions and cell phone?

Flexibility is the key when it comes to multifactor authentication. Now you can also use these same methods to authorize access to your host systems as well. You can set up different authentication requirements for different types of users and manage everything from a central console.

Micro Focus® Advanced Authentication, combined with Host Access Management and Security Server (MSS) and one or more of our terminal emulation clients, provide up to 14 different methods of authentication to authorize access to host systems. As new technologies emerge, you can count on Micro Focus to stay ahead of the game so that when you are ready to make a move, we are too.

To learn more about enabling multifactor authentication to authorize access to your host systems, contact your Micro Focus sales representative today.

Originally published here