AGAT

CONTACT US
CONTACT US

Category: Two Factor Authentication

Categories
How To Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication

How to safely connect to Skype for Business using RSA security token

SkypeShield offers innovative security solution that allows users of RSA SecurityID and other secure tokens to safely connect to their organization’s Skype for Business server without using their  Active Directory (AD) credentials.

SkypeShield’s solution adds another secured authentication option, enabling strong mobile and external Skype for Business authentication for organizations with a network policy that requires Hardware One Time Password (OTP) or Two Factor Authentication (TFA).

Organizations that use OTP tokens, such as RSA SecurID Authenticator device, have a problem using them in conjunction with Skype for Business. The new solution enables therefore both mobile and desktop users to connect to Skype for Business using their RSA token while avoiding the usage of AD credentials and implementing TFA.

Moreover, SkypeShield can require the user to register in a self-service portal to further add security to the authentication process and make sure only registered devices can connect.

The device registration process is completed once and the user uses his RSA token to authenticate and enable Skype for Business connectivity thereafter.

“The market for security tokens is constantly growing, requiring organizations, that use Skype for Business to look for new security solutions,” said Guy Eldan, CEO of AGAT Software which developed SkypeShield. “After we launched a special solution for smart card mobile authentication, it was only natural to add another special solution for security tokens.”

SkypeShield’s solution does not require setting Active Directory Federation Services (ADFS) and offers a complete user experience including both Skype for Business & Exchange information, which can be safely used from the external device.

It also addresses account lockout protection and other TFA software solutions for external Skype for Business clients.

A recent survey by research company Frost & Sullivan indicated that the global OTP market is growing at an annual rate of 7.5 percent and is expected to reach $1.2 billion by 2017.

Categories
Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication Uncategorized

Protecting EWS while publishing Skype for Business

Using Skype for Business (Lync), the client interacts with the Exchange server to obtain meeting information. In order to implement this connection, the deployment of Skype for Business requires Exchange Web Services (EWS) published externally to the world.

This exposes the client to several threats:

  • The deployment of EWS includes an authentication service, thus exposing the network to account lockout in case of a DDoS attack.
  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.

So, for example, users using Outlook Web Access (OWA) have access to their full mail data, creating the risk that an attacker with valid AD credentials will also obtain access to the users’ organizations’ mail by using this services.

To minimize this risk, SkypeShield blocks any request for information that arrives from a device that is not registered, and adds a Two Factor Authentication (TFA) layer for the Exchange.

SkypeShield is based on a Two Factor Authentication using the client’s password and device. Thus, unauthorized use of the user’s credentials will not be sufficient to connect to Lync or Exchange without having access to the device itself. This also allows for restricting the usage of these services to approved or registered devices only.

Categories
Uncategorized BYOD Skype for Business SkypeShield Two Factor Authentication

Survey: only 21% of US businesses use multifactor authentication

Despite the fact that usage of workplace smartphones is constantly on the rise, only 21 percent of American businesses are using multifactor authentication to verify a user’s identity when granting access to critical enterprise applications and data, according to a survey conducted by systems integrator Champion Solutions Group and published by Computer World.

The survey, which included 447 businesses of different sizes, revealed that 53% did not implement a formal BYOD (bring your own device) security policy. More than a quarter of respondents confessed they had no systematic security approach.

Multifactor authentication, such as SkypeShield’s Two Factor Authentication (TFA), covers a wide category of techniques to require two or more methods of authentication from independent categories of credentials when a person logs in from a device. The deployment of TFA for non-Web applications, such as Skype for Business, is even smaller as these types of applications are not covered by generic TFA solutions offered by the market.

“Mobile security best practices have been promulgated by analysts and security firms for more than a decade to protect sensitive corporate data, but there is apparently widespread variation about how companies implement security for BYOD workers,” said Champion CEO Chris Pyle.

“A growing need exists for more stringent application of security policies and procedures in modern businesses,” Champion wrote in an 18-page white paper describing the survey’s findings.

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED