One of the inescapable talking points in the security industry right now is simplicity. Security professionals often express the need for greater simplicity in a range of areas, from how they communicate to senior management, through to the efficacy of technological solutions in diminishing workload.
Simplicity, or ease-of-use, is also integral when it comes to providing services to end-users and consumers. This need is particularly acute around authentication and identity – a point that Entrust Datacard expounded upon during discussions with Infosecurity at RSA Conference 2015.
“The biggest trend is flexibility,” explains Ray Wisbowski, VP of financial marketing. “Our technology uses multiple authenticators and can provide step-up authentication; it does that from a vantage point where it’s transparent to the end-user. You’re just trying to make it as seamless and transparent as possible.”
One challenge is implementing solutions with technologies such as online banking services that were designed during the desktop age. As users do more and more banking on-the-go, across a range of devices, those services have had to adapt and become more flexible to meet the changing needs of users, explains Entrust Datacard.
“We’re putting our solutions into architectures that were originally designed for desktop; we’re giving the same experience, but putting that security underneath, so that it doesn’t require re-education of the user,” says Dave Rockvam, VP of software marketing.
One such solution, which Entrust Datacard has announced at RSA, is the addition of a push authentication capability in its IdentityGuard Mobile platform.
Alerts are pushed to the user so that they can verify log-in with a simple ‘OK’ assertion when attempting to access a VPN network. This establishes a secure session, Entrust Datacard says, without the need for additional hardware tokens or complex passwords.
The idea is to evolve from older technologies without high expenditure and complexity for IT; there is no need to purchase dedicated hardware tokens, and user management is simple, as updating apps is well within the capability of the average user.
IdentityGuard, the company explains, can scale-up or combine with new technologies by unlocking additional functionalities. This could include implementation with biometrics, Rockvam says.
“We work with Touch ID, so if you want that level of authentication, it’s fine. If you want facial recognition, there are different things we can look at to prove that is probably you.”
In a wider sense, Entrust Datacard is well-positioned to assess the changing face of identity today.
“Identity is merging quite a bit.” Rockvam explains. “Entrust for many years was all about authentication; we used digital certificates as the authenticator. On a mobile device, we’re turning it into a smart card or smart credential, so we’re binding the identity to the transaction. Yes you’re authenticating, but it’s merging – what are your credentials? What do you have? And what do you want to do?”