Time to Move to Better Authentication

Updated: September 02, 2010

Strong authentication is any means that requires two or more factors, you pick them:

Something you know (password)

Something you have (hardware token, your computer, smart phone, smart card)

Something you are (fingerprint, retinal scan, voice print, even your gait or the way you type)

Where you are (geolocation)

The cost at the time for an RSA one time password (OTP) token was about $80/year to acquire and maintain. Since then the costs have come down considerably for OTP generating devices but can still be a daunting amount if you have lots of users.

Two things are driving innovation in strong authentication: the rapid move to web based services and the increased value of IT assets. Be it a Salesforce.com or your stock trading account the value of information that you have access to is rising and the threats against those assets are growing with that value.

You may feel comfortable that you have deployed Microsoft Active Directory, require long passwords, and force people to login whenever they come on to the network but there is a whole class of users and assets that do not fall under this regime. Think of all the Linux servers, firewalls, and routers on your network. These are control points that are vulnerable to attack and most organizations still use admin passwords that are not bound to individuals, share those passwords with internal teams and outside vendors, and never reset them. This is were privileged access management comes into play. Xceedium, Cyber-Ark, Quest, and e-DMZ are some of the products used for privileged access management.

Strong authentication can have business value too. I had one client that managed a multi Listing service for realtors. They had 15,000 subscribers to their service but were concerned that every real estate office was sharing their $39/month account. By deploying strong authentication they more than covered their costs because their subscription numbers went up. When eTrade deployed RSA tokens to 10,000 top account holders the money in those accounts went up 20% because of the increased perception of security.

Check out yubikey for a low cost token authentication solution.TriCipher is a certificate based solution that comes close to providing single signon for all of your web based accounts. It was just acquired this week by VMware.

What is one thing that everyone already has and will be reported and shut off immediately if it is lost or stolen? Cellphones of course. Why not use them for strong out-of-band authentication? This is the approach Arcot took. They were acquired by CA this week. PhoneFactor and the stealth mode Scio Security also have simple to deploy and use cell phone strong authentication.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more