Secure and controlled user access to corporate systems is the cornerstone of protecting these systems. Elizaveta KOSTINA, Cybersecurity Engineer at Seeton, in the article of the Networks and Business magazine explains how the RSA SecurID solution can help.
The paradox of modern authentication: the more protection, the less security?
An interesting phenomenon in recent years is the paradox of security fatigue. The more complex the password requirements become and the more authentication factors are added, the more often users try to bypass them. The consequences are notes with passwords on monitors, the use of one password for all services, and even the transfer of tokens between employees "for convenience". On the other hand, the information security service cannot afford to compromise: attacks are becoming more frequent, methods are becoming more sophisticated, and credentials are the main target of attackers.
How much does compromise cost?
According to IBM's Cost of a Data Breach Report 2024, the average cost per compromised record is $165, and full recovery from a major incident takes an average of 277 days. Despite this, many companies still lack a transparent picture of who has access to what and why.
This is where the issue of not only authentication, but also IAM (Identity & Access Management) arises. But how do you start this difficult journey to avoid losing control over users and disrupting business processes?
The answer is RSA SecurID
RSA SecurID - is not just a multi-factor authentication system. This is the first and fundamental step towards building a full-fledged IAM strategy in a company.
The solution allows:
- secure access to any system - local, cloud, VPN, web applications;
- use different verification factors (mobile app, hardware token, biometrics, push notifications);
- implement adaptive authentication - require additional confirmation only in risky situations;
- provide a single point of management for all access policies and authentication controls.
From an iconic keyring to a modern platform
Back in the 2000s, many IT professionals remember the iconic RSA key fobs with six digits that change every minute. These key fobs served as a "something you have" factor in authentication (Figure 1).
Figure 1. RSA SecurID SID700 hardware token
Over the years, the platform has expanded significantly to include mobile tokens, biometrics integration, push authentication, FIDO keys, and risk-based adaptive authentication. This functionality is implemented through the RSA Cloud Authentication Service, a cloud-based authentication platform with adaptive logic.
RSA SecurID features include:
- certified integration with more than 500 technology partners;
- support for open standards: SAML, RADIUS, OAuth, etc;
- flexible integration into complex environments (via REST APIs, agents, SDKs);
- RSA My Page module - a portal for identity verification and secure self-service for employees.
In addition, the process of switching between different authentication methods - from hardware tokens to mobile tokens, from SMS to push notifications, etc. - is step-by-step and does not require complex system rebuilding. The migration is simple and does not disrupt business processes.
RSA's reliability is backed by the trust of 94% Fortune 500 companies, with SecurID protecting more than 50 million users worldwide.
The myth of the stolen token: why it is not enough for access
There is a common misconception that if an attacker takes possession of a token, they will automatically gain access to the system. In fact, this is not the case. The code that generates the RSA SecurID token is called a tokencode and is not a password in itself.
Tokencode is created using an algorithm that uses a 128-bit seed unique to each device and the current time. The code is updated every minute and is valid only for a limited period. The user authenticates in two stages: first, he or she enters his or her username and main password, and then the system asks for a one-time password (passcode), which consists of two parts - a PIN code known only to the user and a variable token code (tokencode).
Even if an attacker has physically stolen the token and has the login credentials, without the PIN, which only the owner knows, it is impossible to log in. This principle provides a double layer of protection: "something you have" (token) + "something you know" (PIN).
No cloud? We do! Cloud only? No problem
RSA SecurID supports flexible deployment options, allowing you to tailor the solution to your specific needs.
On-Premises (local deployment) - classic deployment in your own data centre. Suitable for organisations seeking full control over all components of the authentication system.
Cloud (cloud deployment) - is ideal for companies that already work in the cloud or are moving in this direction. The main advantages include automatic updates and simplified administration.
Hybrid (hybrid model) - combines cloud capabilities with existing local infrastructure. In this scenario, authentication takes place through the RSA cloud service, while protected resources can remain in the local environment (Fig. 2).
Fig. 2. A variant of the RSA SecurID authentication architecture
Special agents (Identity Routers) are used to communicate between local systems and the cloud platform.
Security in action: 6 business use cases for RSA SecurID
- Protection of privileged accounts. Using RSA SecurID for administrator logins allows you to implement separate enhanced security policies and eliminate the risk of password-only access.
- Secure access to VPNs and corporate resources. Secure access to your virtual private network by requiring users to authenticate with RSA SecurID tokens. This ensures that only authorised individuals can connect remotely.
- Offline authentication on Windows. RSA SecurID supports offline access to the workstation through local agents that synchronise with tokens. This ensures authentication even when there is no network connection.
- Protection of cloud services. Extend multifactor authentication to cloud apps and services such as Microsoft 365, AWS, and Google Workspace, enabling secure access to critical services.
- Secure transactions in financial systems. Access to internal CRM or e-banking can be made secure with one-time codes that are not stored and cannot be reused.
- Compliance with audit requirements and standards (GDPR, PCI DSS, ISO 27001).
Suspicion algorithm: what happens when your actions change
One of the key innovations of RSA SecurID in recent years is the risk-based authentication technology (Risk-Based Authentication, RBA). Imagine a system that knows that you usually work from 9am to 6pm, use a specific device, and connect from a specific IP address. If the access request matches the usual pattern, authentication takes place without any additional actions on the part of the user. However, if the system detects an abnormality - for example, an attempt to log in at night, from an unfamiliar device or an unusual location - it automatically requires additional verification (for example, repeated MFA or blocking the request).
Scaling RSA SecurID to a full-fledged IAM system
The RSA Identity Governance & Lifecycle (IGL) platform extends the functionality of RSA SecurID by providing tools for managing the account lifecycle and access rights. IGL also provides centralised user role management and access control for audit and compliance purposes.
Thus, implementing multi-factor authentication with RSA SecurID is just the first step. Later on, an organisation can gradually scale the solution to a full-fledged IAM system by activating RSA IGL capabilities without changing the underlying architecture. An integrated approach to IAM based on RSA solutions provides not only strong authentication, but also centralised, comprehensive control over accounts, access, and security compliance.
If your company is considering upgrading its authentication systems or implementing solutions RSA SecurIDIt is critical to get professional advice and conduct pilot testing. The company can help with this "SITON GROUP" LTD., which has many years of experience in implementing RSA solutions and the status of Gold Reseller partner.
For a detailed consultation, please contact us at cs@seeton.pro or by phone +38 044 239 99 99.
A modern cybersecurity strategy must combine reliability, convenience and adaptability. In collaboration with RSA SecurID, we are helping organisations to implement this approach now.
Source: “Networks and Business” magazine (August 2025) "Security without compromise: modern authentication challenges and solutions from RSA"