Verifying the digital identities of all users accessing a corporate network from multiple access points is one of the toughest security challenges organizations are faced with. It goes without saying that any violation of digital identities causes severe reputational and monetary damage for the organizations affected.
The challenges of digital identity management become significantly greater and more complex with a cloud service. Managing user authentication in a cloud environment means everyone is effectively a remote user. To further complicate the issue, many organizations support a mix of on-premise and cloud IT services, making user authentication even more challenging. If we add to the picture the issues around managing user access from different mobile devices, it becomes clear why organizations are finding it so difficult to effectively manage user authentication in the emerging cloud and mobile computing infrastructures.
To secure digital identities in these heterogeneous environments, organizations need to adopt robust multi-factor authentication solutions as part of a holistic security strategy that offers multiple layers of protection. These layers should include encryption, access controls, encryption key management, network security and strong authentication.
A strong authentication solution that secures both the identity of users and applications that access non-public areas of an organization’s network is the first step toward ensuring data protection. The lack of adequate authentication mechanisms can result in critical vulnerabilities in an organization’s ability to protect sensitive information throughout its lifecycle.
One of the areas where authentication vulnerabilities are most critical is online banking. In this electronic age, where banks are fighting off increasingly sophisticated cyber threats, it is vital that a bank customer’s digital identity be protected at all times. Unfortunately, single-factor authentication solutions do not offer comprehensive protection against more sophisticated threats, such as Man-in-the-Browser (MitB) and Man-in-the-Middle (MitM) attacks in which hackers hijack legitimate user identities during a transaction and redirect funds.
Such attacks could be better prevented with next-generation authentication devices that use optical sensors to read financial transaction data from the screen and generate a unique electronic signature that validates each transaction. The user then keys the signature into the browser and confirms the payment. An approach that combines secure electronic transaction signing with OTP (one-time password) strong authentication, eliminates the risk of transaction tampering – as well as forgotten, stolen, or hacked passwords – and mitigates the risk of identity theft.
Additional layers of security could be added by using certificate-based authentication (CBA) or context-based authentication. CBA provides authentication using public key cryptography and unique digital keys that are associated with the authentication device and the person who owns it. Conversely, context-based authentication uses contextual information to verify users’ identity or limit access to specific systems or content based on different risk profiles and user criteria.
When deciding on their device and user authentication strategy, IT managers need to determine what type of authentication devices will be deployed across the organization based on cost, as well as on what users, data and access points will have to be secured. For example, organizations might want to adopt hybrid hardware tokens for maximum protection but might not be able to afford the upfront costs. This might prompt IT management to consider software-based solutions that offer a similar level of protection at a lower ownership cost. These software solutions can be installed on desktops or mobile devices offering OTP and certificate-based authentication.
By marrying strong multi-factor authentication with effective security and password management policies, organizations will be able to significantly reduce the risk of unauthorized access to corporate assets and data.
Another issue to consider is how to manage authentication in a heterogeneous environment. There are different approaches that could be adopted – from tailoring authentication to specific use cases to centralizing authentication management across multiple access points. By centrally managing ID federation, access controls and authentication to both on-premise and cloud applications, organizations will improve control and visibility while reducing administrative costs. This, coupled with strong data encryption and on-premise digital keys management, will provide the needed multi-layered protection to ensure the highest security standards are met.
In order to achieve this, CIOs and CTOs will need to establish mechanisms for effectively managing, monitoring and dealing with security risk. Using strong authentication solutions as part of a multi-layered approach to data security will enable organizations to resolve the challenges of cloud computing and IT consumerization, while ensuring trust in their IT infrastructure.
|SafeNet is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24–26 April 2012 at Earl’s Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and offers practical and professional expertise. Visit the Infosecurity Europe website for further information.|
Gary Clark joined SafeNet in March 2004 following the acquisition of Rainbow Technologies, where he was vice president, sales and marketing. In April 2009, he became the vice president, EMEA sales and business operations. During a 30-year career in sales and marketing, Clark worked initially in the consumer goods industry and in 1985 joined AST Computers, a US-based PC company. He held several senior sales management positions within AST Europe Ltd over a seven-year period, establishing multiple sales channels and subsidiaries during a time of rapid expansion.
Having worked for Unisys Corporation in the early 1990’s as business development manager EMEA, Clark joined Rainbow Technologies in 1994, initially to manage its UK subsidiary. During the following 10 years, Clark’s responsibilities grew to include all of Rainbow’s European operations.
Since 2004, Clark has overseen the growth of SafeNet in EMEA from a $20m company to over $100m in 2010. During this time, SafeNet has transformed its business model from a niche security vendor to one of the world’s largest data protection companies.