accel klantenevent 2016: vasco

© VASCO Data Security, Inc. - CONFIDENTIAL

Kurt Berghs – Area Sales Belgium

VASCO

Securing IDentities

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

It’s a world war out there

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL3

Also in Belgium:

And we’re in the middle of it

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL4

Why? I hate my boss!

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL5

Jonathan James

Gary McKinnon

Kevin Mitnick

Why? Glory!

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL6

Why? Security…

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL7

Why? Money!!!

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL8

De oplossing van de overheid

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL9

• In België: CBPL (Privacy commissie) https://www.privacycommission.be• Waakhond over de data gegevens van Belgen en van data bewaard in België• Data: van Overheden, Medische gegevens, Klantengegevens, …• Strafrechtelijke bevoegdheden• Verschillende ISO normen worden aanbevolen (ISO 27001:2013)• Data bewaren zoals een goede huisvader • Meldingsplicht!!!

De oplossing van de overheid

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL10

Boetes:

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL11

How to hack?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL12

Hacking for dummies 1. GUESS a password

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL13

Hacking for dummies 1. GUESS a password

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL14

Hacking for dummies 2. browse or buy

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL15

Hacking for dummies 3. Just ask nicely

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL16

You’re not alone

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL17

You’re not alone

+500.000.000 accounts

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL18

You’re not alone

+1.000.000.000 accounts

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

What can you do?

19

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

What can you do?

20

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

What can you do?

21

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Moeten wij ons zorgen maken? The Target Breach

What happend to Target?• One of the largest retail chains in US• 40M personal customer records stolen by hackers

Concequences• 200M $ estimated CC re-issuing cost• 100M $ cost for security upgrade• 46% drop in profit• 10% drop in stockprice• CEO resigned

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Moeten wij ons zorgen maken?

23

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL24

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL25

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL26

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL27

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL28

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL29

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL30

Hoe lossen we dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL31

Hoe lossen eind gebruikers dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL32

Hoe lossen eind gebruikers dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL33

Hoe lossen eind gebruikers dit op?

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Hoe lost VASCO dit op? Oorsprong

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Referenties in de financiele wereld

© VASCO Data Security, Inc. - CONFIDENTIAL

Tevredenheid met kwaliteit van digitaal aanbod per sector

64%60%

48% 48% 45% 45%39%

Financial Services Retail Media Utilities Local Government Central Government Transport

n = 2500Source: Fujitsu Digital Inside Out research

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Hoe lost VASCO dit op? Enterprise security

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Referenties in de enterprise markt

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Hoe lost Vasco dit op? Online Application Security

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Referenties in de online wereld

40

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Hoe lost Vasco dit op: 5 Solution Pillars

Multi-Factor Authentication

Risk Management

Mobile Application Security

Identity Proofing

ElectronicSignature

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL42

Multifactor Authentication

Hardware Token

Software Token

Wearable

© Gartner, 2014

KnowledgeSomething known to

only the user

TokenSomething held by only

the user

Biometric TraitSomething inherent to

only the user

A password, a passphrase, a PIN

An OTP token, a smart card with X. 509 public-key infrastructure credentials

A biological or behavioral trait, such as face typography, fingerprint or voice

Examples

Biometrics BehavioralAnalysis

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL43

Multifactor authentication before

DIGIPASS Go Range

DIGIPASS for Web

DIGIPASS E-signature

Virtual DIGIPASS

DIGIPASS for WindowsDIGIPASS for Mobile

Software

Appliance

Service

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

Multifactor authentication today

44

UsernameOTP

Cloud office

Myemployees

CRM

Webmail

Appli & Desktop

Virtualizatie

SSO

Employees

1200

External People/Partners

50000

UsernameUsernameOTP

ERP

RemoteDesktop

mngt

File sharing

Risk mngt

… portal

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL

VASCO Solution: DIGIPASS for Apps

© VASCO Data Security, Inc. - CONFIDENTIAL

9367893678

© VASCO Data Security, Inc. - CONFIDENTIAL© VASCO Data Security, Inc. - CONFIDENTIAL46

ROAM: Register Once. Authenticate Many.

VASCO Trusted Digital ID Platform

Identity Proofing Providers- Government ID Card- Experian- AYIN- IdenTrust

VASCO Certified Digital ID

Verified Identities

47