23 September 2020
When choosing our multifactor authentication product, it is important to understand our thought process when evaluating the marketplace for a product and more importantly why we were looking.
In the last few years, we have seen a massive swing when it comes to business priorities in IT.
You will often find that IT directors and managers mark security as their number one focus on IT spending, and with good reason. Each day we create more and more data which is the lifeblood of many organisations.
What is Multi-Factor Authentication?
Multi-factor authentication and access management is an important part of a multi-layered approach to securing business assets. A common attack vector is credential theft. Think about what a malicious actor could do if they had access to a corporate Office 365 account or similar. Multi-factor authentication means that even if a user does fall victim to credential theft, it would be near impossible for the malicious actor to use those credentials as each login request would require a unique one-time passcode to login with. Similarly, with access management, having strong scenario-based policies in place around who is accessing what, when, and from where, ensures an extra layer of security in an ever-changing working environment.
With that in mind, we set out to find a solution that met a set of criteria. Something easy to use, has a rich set of features, is SaaS-based, and offers value for money.
We looked at offerings from Microsoft, DUO, and others which all have their good points, but none of them offered everything we wanted, apart from Thales.
Who is Thales and what is SafeNet Trusted Access (STA)?
SafeNet Trusted Access (STA) is a combined MFA and access management service that centrally manages and secures access to web based, on premises and cloud-based applications. STA simplifies user experience whilst also being simple enough for IT admins to implement and moderate. STA not only features flexible risk-based policies, but also single sign on portals, universal authentication policies and protection of all SAML-based applications.
If you have not heard of Thales before, part of their organisation is the business they acquired when they bought Gemalto in 2019. The name Gemalto may sound familiar, they specialise in products like Passports with the RFID chips, card readers for online banking systems, and importantly, they make their own physical One Time Passcode tokens.
STA allows business to scale as they move into the cloud, take more applications on premises, or a hybrid of the two whilst ensuring that the business meets compliance.
How can Thales and Microsoft complement each other?
When looking at Thales and Microsoft, the main differentiator between the two products is that Thales can protect all applications, whether they are in a Microsoft environment or not. Microsoft will only protect Microsoft applications being accessed, such as O365.
It is also good security practice to split your security provider from your virtual infrastructure provider. That’s why many companies prefer to select a 3rd party provider for their security solutions, rather than relying on just the one vendor.
The key differentiators between STA and DUO
When looking at MFA provider DUO, the Thales STA product also provides superior features. For example, STA provides a lower total cost of ownership.
Because Thales produce their own physical One Time Passcode tokens, these can be added to the MFA service, typically at no additional cost. With vendors like Duo, it is often an extra. It is important to understand why we think this is a differentiator. Many organisations that would like to roll out MFA may not want a software token installed on users’ personal devices, or indeed the user may not want any corporate software on their personal device. Having the option to hand out a physical token for those use cases, without incurring an additional charge represents excellent value.
Other superior features include, granular reporting, ease of deployment and more robust multi-factor authentication, all of which is all included the price of the license. There isn’t a “buffet-style” approach to their license model, the one license covers all features within the SafeNet Trusted Access consol.
Choosing your Multi-Factor Authentication product
This is not just about enabling MFA and access management policies, but about looking at the bigger cybersecurity picture. To do that we have to have robust conditional access policies that you can integrate with all applications, not matter where they live, be that in the cloud or on premises. It also must be delivered by a name that you can trust, such as Thales and with simplified operations for IT staff.
Are you getting the most value out of your Multi-Factor Authentication solution webinar can be found here.