Ensuring Business Continuity through Authentication Flexibility
When faced with a disruption in enterprise security, businesses need to ensure that data is protected and that system access is not compromised. After the breach at a token-based security vendor last week, many businesses and government agencies are struggling to plan their next steps.
Businesses used token based strong authentication to secure transactions from employees working outside the office, partners, and customers. The impact of the breach is still being considered. It could range from a minimal impact to stolen algorithm ‘seeds’ which would render some or all of the tokens useless. Let us take a hypothetical situation where a future breach has made those tokens useless. What is the plan for all the employees or customers that need to do secure transactions from remote locations? Can a business afford to shut down remote access until they are on an alternate mechanism?
In all successful data security systems, one of the goals of the organization should be to combine multiple authentication strategies in a flexible and easily reconfigurable platform for a second factor to augment username and password. For example, SMS one time password (OTP) to the mobile phone, Voice Biometrics where your unique voice print is your second authentication mechanism, or a voice-delivered OTP delivered to the user through a telephone are additional mechanisms that could be used. If one authentication mechanism (like the token) gets compromised, the enterprise will be able to change the policy to shut that down, but still utilize another second factor to authenticate users and assure strong authentication.
ID access management and authentication systems should also be risk-based. Risk analysis of suspicious transactions, policy violations, or out-of-normal behavior should trigger varying, progressively more complex authentication challenges. These security authentication parameters need to be customized in real-time so that the organization can present authentication challenges based upon the latest threat assessment. Security threat models should also map to the overarching identity access management strategy. For example, challenges to users based on logins from a particular region or country, login frequency, changes in their ISP, machine characteristics, or other criteria.
Martin Kuppinger, writing in the Kuppinger Cole blog, says “customers should take the opportunity and rethink their authentication strategies in general. How could they implement a flexible, versatile approach for all types of users and different security requirements of interactions and transactions? Versatility definitely helps – having a versatile approach for authentication in place allows to add additional factors and means or replace some factors quickly.” We couldn’t agree more.
Recommended For You
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
Fraudulent account activity and identity fraud are both significant drains to today’s business resources. In the era of online and mobile commerce, […]
Fraudsters are a smart group. With each fraud prevention method that’s introduced, they figure out ways to work around it. […]
The growth of synthetic identity fraud shows few signs of slowing. Data breaches, social media mining, phishing and other schemes have given […]