Page 29 - index
P. 29
Extending the Benefits of Strong Authentication Across the
Enterprise
By Julian Lovelock, Vice President of Product Marketing, Identity Assurance, HID Global
Enterprises have typically focused on securing the network perimeter and relied on static
passwords to authenticate users inside the firewall. This is insufficient given the nature of
today’s Advanced Persistent Threats (APTs) and internal risks associated with Bring Your
Own Device (BYOD) adoption. Since static passwords can be a potential recipe for a
security disaster, enterprises would benefit from not only employing strong authentication for
remote access, but also extending its use to cover the desktop, key applications, servers,
and cloud-based systems as part of a multi-layered security strategy.
Unfortunately, choosing an effective strong authentication solution for enterprise data
protection has traditionally been difficult. Available solutions have been inadequate either in
their security capabilities, or in the user experience they deliver, or in the cost and
complexity to deploy them. Now, we have the opportunity to eliminate these problems using
Near Field Communications (NFC)-enabled credentials that can reside on smart cards or
smartphones, and can be employed to secure access to everything from doors, to data, to
the cloud. Versatile, NFC-based strong authentication solutions can:
Support converged secure logical access to the network and cloud-based services and
resources, as well as physical access to buildings, offices and other areas;
Support mobile security tokens for the most convenient and secure access from
smartphones or tablets; and
Deliver multifactor authentication capabilities for the most effective threat protection, as part
of a multi-layered security strategy.
The Challenges of Strong Authentication
Multi-factor authentication, also known as strong authentication, combines something the
user knows (such as a password) with something the user has (such as mobile and web
tokens), and can also be extended to include a third factor in the form of something the user
is (which can be ascertained through a biometric or behavior-metric solution).
Users have grown weary of the inconvenience of hardware OTPs, display cards and other
physical devices for two-factor authentication. Additionally, OTPs are useful only for a limited
range of applications. The industry is now replacing hardware OTPs with software tokens
that can be held on such user devices as mobile phones, tablets, and browser-based tokens.
With software OTPs, organizations are able to replace a dedicated security token with the
user’s smartphone, enabling the two-factor authentication to grow in popularity and
convenience. A phone app generates an OTP, or OTPs are sent to the phone via SMS.
However, there are security vulnerabilities with software OTPs that have driven the need for
a far more secure strong authentication alternative, such as smart cards based on the Public
Key Infrastructure (PKI). The downside to this approach, however, is its high cost and level
of complexity to deploy.
29 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
