Cyber
Multi-factor authentication for legacy systems
Introduce contemporary authentication controls around an application that cannot support them itself.
Why this challenge is hard
Legacy systems may be critical, stable and commercially valuable while having been designed before modern identity standards. A source-code change can require scarce skills, broad regression testing and a release window disproportionate to the control being introduced.
Replacing the application to obtain MFA confuses an immediate security requirement with a multi-year transformation. The exposure exists now, while replacement may take years.
What Data Mediation changes
The authentication step is introduced in the data path rather than in the application. The mediation layer can pause an interaction, request additional proof and release the original request only when policy is satisfied.
Approach
How Data Mediation is applied
- 01
Position the agent in front of the protected application.
- 02
Identify the users, transactions or conditions that require stronger proof.
- 03
Orchestrate the approved authentication mechanism.
- 04
Allow or deny the original interaction without changing application code.
What can be demonstrated
- MFA applied to a legacy workflow
- No source-code or database change to the protected system
- Policy varied by user, action, location or risk
- A reversible implementation with a complete decision record
The exact scope, controls and evidence depend on the customer environment and are agreed before implementation.
Start with a defined outcome and prove it in controlled scope.
Discuss this work