At RSA, we spend a good percentage of time listening to customers to understand what they need before we develop next-generation products that will exceed their requirements now and support their longer-term initiatives tomorrow.
Recently, I spoke with some prospects (not existing customers) about their identity management wish lists. I was surprised to hear that better authentication protection and ease-of-use for macOS were at the top of their lists. The reason it was surprising is because RSA already offers many of the features and functionalities they were seeking, with more in the works. Here’s what I heard from, and shared with, this group regarding their top three macOS wishes:
Wish #1: Protect logins whether the machine is online or offline, with no fail-open
RSA SecurID Access offers offline authentication for macOS (and Windows), which ensures convenient and secure access to applications even when the network is unavailable. This means that users remain productive while organizational resources remain protected. In addition, RSA uniquely deploys “no fail-open” designs to provide the highest levels of security when a user – through no fault of their own – cannot be validated. Other authentication solutions with “fail open” designs could allow a bad actor to access a machine by simply turning off the Wi-Fi access point. RSA provides always-on strong multi-factor authentication and protection, irrespective of the access scenario.
Wish #2: Enforce 2FA/MFA for unlock, sleep, and wake for already logged-in users for macOS
Why is it important to not only enforce 2FA/MFA at initial login, but also after lock, sleep or wake scenarios? Here are three key reasons that customers appreciate this RSA SecurID Access feature, particularly on macOS devices:
- Protection that works the way users do. Think about how many times you shut down or reboot your computer. Generally, users don’t reboot their systems on a daily basis, but use lock or screen savers (sleep mode) whenever they walk away from their computers. Some settings even allow users to be logged-in without a reboot for more than 150 days. RSA SecurID Access is one of the few authentication solutions that enforces 2FA/MFA at lock, sleep, and wake, even if the user is already logged in.
- Upholds strict compliance and security requirements. Bypassing MFA on the unlock scenario doesn’t meet NIST standards, which means security-conscious organizations, particularly government agencies, would be out of compliance. RSA SecurID Access is trusted by organizations that require the highest levels of protection because of requirements like this.
- Secure, but frictionless access. For organizations who don’t want users to be prompted with MFA for every unlock, RSA SecurID Access will soon provide organizations with the flexibility to choose the scenarios when they need users to re-authenticate. Organizations can allow macOS machines to unlock with an alternative option, such as a password, with no additional MFA challenge. This flexibility ensures that organizations strike the right balance between usability and security.
Wish #3: Provide offline emergency access, even in the worst-case scenarios
With the influx in remote workers, simplifying self-service and emergency access has increased in importance. Offline emergency access is designed to address some of the extreme scenarios where a user may get blocked from accessing an organization’s network. Let’s say a user can’t access an authenticator (due to lost or damaged phones or tokens, forgotten PIN, etc.) and can’t get online for alternative authentication options. In these scenarios, offline emergency access can provide a secure yet easy way to access enterprise resources via macOS machines. With this feature, RSA SecurID Access will be helping organizations reduce disruptions to user productivity, regardless of the user’s situation.
Checking off your wish list
At RSA, we’re pleased to fulfill the wishes of our customers and soon-to-be customers. We don’t innovate for innovation’s sake, but to ensure you’re protected for what’s next, before it’s required. If you’d like to share your own authentication wish list, please do so on our customer community, RSA Link, and maybe you’ll be getting what you ask for and more this holiday season and beyond.