RSA Hack what it means to SecurEnvoySecurEnvoy 21/03/2011 Archive
As a result of the recent hack that RSA has endured SecurEnvoy has become the port of call for journalists around the world looking for clarity on the situation, with an understanding on what it means to the end-user community and indeed resellers and industry partners.
Within hours of the story breaking, Andrew Kemshall and Steve Watts co-founders at SecurEnvoy were interviewed by the FT, Infosecurity US, SC UK and US, CRN, ITPRo, Computerworld, ZDnet and PC World to name but a few.
RSA continue to say “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
In their thirty years there has never been a breach like this; it’s sad for this to have happened in our industry, however it certainly doesn’t take away any of the reasons for buying 2FA. What it does do is question the way manufactures manage customer information in their own disparate databases and it is essential that companies recognise the differentiators!
Most importantly, unlike RSA and other 2FA vendors, SecurEnvoy do not store any token records or customer encryption keys. Our unique approach randomly generates any required keys within the customer’s environment. This approach means there is nothing relating to our customers security stored at SecurEnvoy and therefore customer details could never become compromised.
Because SecurEnvoy is easy to install and can replace 18,000 tokens in under one hour, any RSA SecurID customer than wants a fast, secure and cost effective resolution can install and replace tokens within less than a day on any device.