Symantec's decision to migrate its managed security services (MSS) customers off RSA’s SecurID tokens is the beginning of a complete phase out, Grant Geyer, Symantec's vice president of global managed security services told CSO.com.au.
From July 7 Symantec's MSS customers were able to use either RSA tokens or Symantec’s own VIP “soft token” to access its managed security operations centre, but eventually RSA will be dropped from its authentication line up.
“We will provide plenty of time for customers to move to the new authentication options, and we do intend on stopping support for RSA once the migration is complete,” Geyer told CSO.com.au in an email.
The global program had already seen a number of customers successfully migrate off SecurID, he said, but he declined to disclose how many RSA tokens would be replaced once the program has completed.
"As our customers and the clients they serve have been concerned about the potential risk due to the RSA breach, we have been actively evaluating mitigation options for secure authentication to our MSS portal," he said.
Symantec VIP “soft token” system came with its acquisition of VeriSign's security business last year. The authentication service relies on X.509 certificates issued to mobile devices such as the iPhone, iPad, BlackBerry, Android and Windows 7 devices as well as BREW and J2ME-capable phones.
The security giant is not the only vendor to capitalise on the uncertainty surrounding RSA's authentication tokens. Shortly after RSA's March revelation that its systems were compromised through a simple but persistent phishing attack, CA launched its one for one token replacement program. Symantec in June also began offering customers a $5 discount for every SecurID token its VIP subscription service replaced.
To stem potential losses caused by rivals and to appease customers, RSA boss Art Coviello announced in June that it would replace tokens free of charge to customers, which could amount to 40 million tokens. It also appointed its first chief security officer, Eddie Schwarz, from NetWitness, the security company credited with discovering the breach which RSA acquired shortly after the attack.