RSA Access Control and Risk-Based Authentication Integration Enables Cost-Effective Protection for Web Portals

Leading Financial Institutions Leverage RSA® Access Manager and RSA® Adaptive Authentication to Assure Identities and Control Information Access

Bedford, MA, Wednesday, November 29, 2006 — RSA, The Security Division of EMC (NYSE: EMC), today announced that the integration of RSA® Access Manager software and RSA® Adaptive Authentication is enabling two leading financial institutions to help cost-effectively protect end users and assets within consumer-facing Web portals. RSA Access Manager software is designed to enable each financial institution to leverage policy-driven access controls to provide users with single sign on across authorized services offered within the portal. In addition, the risk-based authentication module of RSA Adaptive Authentication is engineered to help customers cost effectively assure the identities of portal users, and assess risk during their session.

This success builds on RSA’s long history of enabling organizations to marry stronger forms of user authentication with robust access control. In recent years companies, particularly those in the healthcare industry - including Blue Cross and Blue Shield of Kansas City and Geisinger Health System - have employed RSA SecurID one-time password technology to verify identities on the front end of a Web portal, while RSA Access Manager technology delivers fine-grained access control inside the application. RSA’s risk based authentication technology, which is designed to provide optimal balance between security and usability, provides an additional strong authentication option for further securing access control policies. Risk-based authentication meets the growing need of organizations to protect Web portals with access control, and leverage an authentication mechanism that best suits the needs of the organization and its customers.

“As Web portals containing protected data are rolled out to large user populations, authenticating users and controlling access becomes a core business requirement,” said Ray Wagner, managing vice president at Gartner, Inc. “These types of deployments often have a spectrum of authentication requirements for different populations and applications. Deployers are thus interested in integrated solutions that can offer the type of authentication that makes sense in each case.”
Customer Use Scenario

For end users, the integrated RSA Access Manager and RSA Adaptive Authentication solution is engineered to provide a seamless experience, while also delivering much higher degrees of security:

* For consumers accessing the organization’s portal, RSA Adaptive Authentication leverages a range of parameters behind the scenes - including device and network forensics, behavioral analysis and the end user’s computer itself as a second authentication factor - to ascertain positive identification.
* Still behind the scenes, RSA Adaptive Authentication quickly and transparently scores transactions according to the perceived level of risk and automatically invokes additional security measures if needed, all with minimal impact to the customer.
* Once the identity of the user is verified, access to the Web portal is granted. Here, inside the portal, RSA Access Manager enables customers to ensure that users are only able to access their information, and only able to execute authorized transactions based on their permissions and profile in the system.

“As companies roll out new and improved Web portals, which often serve very large user populations, effective access control and user authentication becomes a key concern,” said Jim Melvin, vice president of marketing at RSA. “By deploying RSA Access Manager with RSA Adaptive Authentication, we’re empowering organizations to implement the authentication that best meets their needs, from both a cost and usability standpoint. It’s encouraging to see that this combination makes sense to the market as well, with growing demand and two customers deploying it already.”
About RSA

RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.

RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.


RSA and SecurID are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and services mentioned are trademarks of their respective companies.

Contact Information

Dave Howell

Public Relations Manager

RSA Security Inc.

Contact via E-mail