The FTC Safeguards Rule has recently been updated and mandates that all financial services companies must have MFA in place for applications that store/handle customer Personally Identifiable Information (PII). How are you delivering on this requirement (MFA, SSO, Other)? What have you done to reduce friction (ex. RBAC, CIM) or improve customer experience?

777 views1 Upvote4 Comments

Head of Cyber Security in Manufacturing, 501 - 1,000 employees
A mix of multitude of topics, rbac, iga, least priviledge, logging combined with mfa best case phish resistant like x509 or fido2 and sso
Director of Network Transformation, Self-employed
My recommendation?  Move beyond MFA. The recent Verizon Breach report calls it out.  74% of all breaches included the human element with 86% of breaches involved the use of stolen credentials.  MFA is one layer.  As we saw with the recent Cisco incident, it only works so far.  Better, move to an adaptive trust model leveraging one of the SSE technology providers out there.  Include device posture in access to resources.  Add another or several layers beyond MFA.  And move to Zero Trust.  ZTNA for remote access is a great place to start.  
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I would say today's customers are very much concerned about their data security and privacy; we, as a ciso along business, need to build awareness among the customers about how MFA will add layer of security to safeguard their assets.
Director, Information Technology in Services (non-Government), 10,001+ employees
SSO along with MFA options such as one-time passwords (OTP), hardware tokens, or push notifications to ensure secure authentication.

Options to improve user experience include implementing adaptive authentication, mobile authentication apps, or password-less authentication methods.

Content you might like

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


9.2k views9 Upvotes1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.5k views133 Upvotes324 Comments

IPA has significantly improved our operations.7%

IPA has not brought much change to our operations.34%

IPA is very similar to traditional automation in our company.25%

IPA is quite different from traditional automation in our company.10%

Our company had a smooth implementation of IPA.2%

Our company faced some challenges during the implementation of IPA.5%

Our organization has integrated IPA with other technologies such as RPA and BPM.2%

Our organization has not yet integrated IPA with other technologies.8%

We have not yet encountered any significant challenges with IPA.2%

Our organization has automated some processes using IPA.2%


1.5k views1 Upvote1 Comment