From paying your rent, to that cup of coffee - every payment in the world goes through a mind-bending number of channels, companies, networks, technologies and sets of eyes. Until recently. New technology in the payments sector, from encryption & authentication to digital currencies and open APIs have opened up new avenues for moving money, and new challenges too.
So join this panel of industry heavyweights as they discuss the world that holds, up the world of money, what challenges lie ahead, and what our world of payments may look like in the future. Featuring:
- Steve Kirsch, CEO & Founder, Token - A revolutionary open Banking platform
- Jason Gardner, CEO & Founder, Marqeta - The innovative payment platform
& More TBC
The seismic effects of PSD2 will hit banking hard in the next 18 months. And as the regulation lays the foundations for a new era of openness in financial services it is already disturbing the comfortable status quo. Banks will need to manage this revolutionary change and as the clock is ticking ever-louder towards the January 2018 deadline, we must look at what PSD2 involves, why it matters and identify threats and opportunities.
We'll explore how banks can transform and importantly, what happens if they don't. Now is the time - sink or swim, win or lose?
Remember when strong authentication meant a “one-time password” hardware token for your VPN? Now, we’ve got a workforce full of road warriors, access control considerations for new Cloud-based applications, and executives coming out of the woodwork to get their shiny iPad2 on the network. Throw in the current “breach of the day” climate, and you have to think – what’s coming next for authentication?
An insightful panel discussion between the security industry experts below:
Mike Rothman, Analyst and President of Securosis Research
Andrew Moloney, Independent Security Consultant
Doron Cohen, VP Technology, Identity Protection, SafeNet
Mike Smart, EMEA Solutions Director, SafeNet - Facilitator
Remember when strong authentication meant a “one time password” hardware token for your VPN? Now, we’ve got a workforce full of road warriors, access control considerations for new Cloud-based applications, and executives coming out of the woodwork to get their shiny iPad2 on the network. Throw in the current “breach of the day” climate, and you have to think – what’s coming next for authentication?
Join this expert webcast with Securosis and SafeNet, and get pragmatic advice from the best in the business – learn how to prepare and evolve your approach to authentication, and address users and data spilling not just over the four corners of the earth, but up into the Cloud as well.
Topics we’ll cover:
•Hardware or software: how do you choose, and why should you need to?
•Authentication goes Cloud: extending identity federation and SSO to your SaaS applications
•Don’t fear the iPad: credentialing and managing mobile devices without opening security holes
•Controlling the chaos: best practices for striking the balance between security, ease of use, manageability and cost
The notion of API management in which enterprise architects, app developers,and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.
Register today and join Ovum IT Security Analyst Rik Turner, Rami Essaid, CEO of Distil Networks and Shane Ward, Senior Director of Technology at GuideStar as they dig deep into API Security and what it means for your business.
Here’s just some of what you’ll learn in this webinar:
-The importance of CIO and/or CISO visibility into how API security is managed across the enterprise
- How to map your business requirements to your API security strategy
- The How, Where, and Why of API controls such as geo/org fencing, token governance, dynamic access control lists, and advanced rate limiting
- When heavy “application services governance” software suites are the wrong approach
Multi-Factor Authentication (MFA) is the standard for protecting sensitive systems and credentials. What once was limited to physical tokens and keycodes has expanded into digital tokens, phone applications, and password vaults, all in the effort to offer additional safeguards for critical access points like VPN connectivity and system administrator accounts.
While MFA is now an industry-standard security practice, monitoring and protecting these implementations from exploitation is not widely practiced.
Gathered from the trenches of both our Incident Responders and Red Teamers, here is a quick introduction to the problems faced with common MFA systems, the ways real-world attackers (e.g. APT28 & ATP29) and our Red Team have bypassed or subverted them, and some techniques your team can use to further protect the multi-factor keys to your kingdom.
Register today to learn from our experts.
Consumer-facing organizations of all types face increasing IT complexity and a future where more applications will have PANs, tokens, and payment tokens flowing in the system. Understanding tokenization is critical to the security of applications, and to having solid justification for reducing audit scope in a tokenized environment.
With newer methods of tokenization such as Apple Pay gaining ground in the marketplace, there is a need to develop deeper technical and architectural understanding of the available methods of protecting PAN data, and how security tokenization fits from the perspective of the end-to-end architecture of payments ecosystems.
In this session our experts will explain how the tokenization system is secured within the network and how it maps tokens into PANs. Attendees will learn:
The latest on PCI 3.0 and updates related to SSL and TLS encryption protocols and vulnerabilities that can put payment data at risk,
Security and PCI-related aspects of payment vs. security tokenization in user networks, and
Gain a deeper understanding of standards and options for protecting PAN data in multi-platform enterprise environments.
Username and password are not enough. So why do most companies still use them?
There’s a Technology Basics White Paper first published in 2002 entitled “Username and Password – A Dying Security Model.” This paper documents the HIGH risk level associated with legacy authentication (using username and password) and predicted that secure access methods using Biometrics, Single Sign On (SSO), One Time Password Tokens and Multi-Factor Authentication would quickly replace the use of traditional passwords. Fast forward to a decade and a half later and the majority of companies are still using username and password authentication. We all agree that legacy authentication is not good enough, so why do most companies still use them?
For many, the path to modern authentication seems difficult and expensive, while others worry about the impact on user experience. Join us for a webinar where we will explore this paradox and discuss practices for making secure, modern authentication fast and easy for developers and simple and frictionless for users.
Rapidly changing technology means that most mission critical systems are becoming increasingly complex. Many high volume payment engines are now surrounded by a variety of complementary systems used for enhanced authorization processing, fraud scoring, token management, etc. In this session payments industry experts Jack van Meel and Jim Knudsen will look at how to effectively monitor and manage payment ecosystems in more detail. They will walk through several complex scenarios including real-time transaction visibility, interchange insight and a BASE24 to BASE24-eps migration that shows how businesses can still excel in demanding hybrid environments.Read more >
Join DemandGen as we walk through the keys to Unlocking the Power in Your Marketo Programs. During this webinar, DemandGen Senior Architects we will dive into Marketo and provide you approaches and best practices for strategic program design and utilization including…
•How to effectively use channels, tags, and campaign tracking to deliver accurate program conversion and opportunity impact reporting
•How to integrate marketing programs with global operational programs for streamlined system setup and improved system performance
•How to leverage tokens and templates to support dynamic content and design templates
•A phase-by-phase approach to applying best practices to your current Marketo program setup
The five reasons presented will be:
• Fast deployment – With out of the box integrations, showing the different integration methods.
• Low day-to-day operational overhead – via automated lifecycle admin, self service, alerts, multi-tier architecture, etc.
• Convenience/assurance levels - Broad range of methods offer convenience and varying levels of assurance.
• Extensibility – broad ecosystem support lets you fully, centrally manage strong authentication from a single point of management, with no need for additional components and servers, etc.
• Cost – optional cloud efficiencies, software-based tokens, flexible subscription-based pricing, migration options, etc.
They say old protocols never die. Okay, no one really says that, but it’s what happens in reality. If you look around a little, you can still find organisations with token ring networks while dial-up modems still account for a small, but significant part of Internet usage worldwide. And then there are the current protocols that simply never get updated. DNS and NTP are staples of the Internet that are absolutely necessary.
Martin McKeay, Akamai’s Security Advocate for EMEA, will explore the dangers of some of the outdated and unpatched protocols on the Internet today. These antiquated communication methods are being used and abused by malicious actors to send traffic and attacks against your network. Explore how to protect yourself, and learn good network hygiene practices to make sure your organisation is not part of the problem.
These top ten were put together by AWS security practitioners with over a decade of combined experience securing large AWS deployments.
Attendees will discover how most of these best practices are very easy to implement and go a very long way to ensuring your success on AWS.
Join Evident.io's John Robel, Principal Solutions Architect, and 2nd Watch's Kevin Dillon, Solution Architect, for a review of the Top Ten AWS Security Best Practices.
In this one hour session, attendees will come away with actionable information that can be implemented immediately regarding how to:
- Disable Root API Access Key and Secret Key
- Enable MFA Tokens Everywhere
- Reduce Number of IAM Users with Admin Rights
- Use Roles for EC2
- Least Privilege: Limit what IAM Entities Can Do with Strong Policies
- Rotate all the Keys Regularly
- Use IAM Roles with STS AssumeRole Where Possible
- Use AutoScaling to Dampen DDoS Effects
- Do Not Allow 0.0.0.0/0 Unless You Mean It
- Watch World-Readable and Listable S3 Bucket Policies
Date: February 25, 2016
Time: 1:00pm EST / 10:00AM PST
Duration: 1 Hour
John Robel is a Principle Solutions Architect for Evident.io with over 20 years experience, and his previous role was as a Senior Technical Account Manager at AWS where he managed customer relationships with some of the largest AWS enterprise customers like Netflix and Adobe. John is an AWS Certified Solutions Architect and has been both Cisco Certified as a Network Associate and ITIL Foundation certified.
Kevin Dillon is a Solutions Architect with 2nd Watch and has over 20 years’ experience building and managing high-performing teams with extensive industry experience with hedge funds and asset management firms. Kevin lives in the New York city area.
Ethoria Cloud Authentication Can Save RSA SecurID Customers up to 60% of Token Management Costs:
Ethan Group's Ethoria Cloud Service is a fully managed service, hosted in Australia and built on SafeNet Authentication Services technology. This enables businesses to extend the use of Two-Factor Authentication to the cloud while reducing token management and ensuring an excellent user experience.
The challenge is how to continuing using your RSA SecurID tokens while reducing administration costs. With Ethoria Cloud Services your RSA tokens will continue to work until they expire, but with no need for you to manage ACE server and Databases!
Join us along with SafeNet’s Senior Engineer Andrew Younger for a "Live" demonstration and session on Ethoria Cloud Authentication in which we will show how you can achieve the “balance”. In this session you will learn:
•How Ethoria Cloud Authentication will save you time and money managing your two-factor authentication.
•How existing RSA tokens will continue to work.
•How to broaden your use-cases to include cloud applications like Google apps or Salesforce.com.
•See all of the automation functions in action.