If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect? It is obvious that if we answer in detail to these questions, we will design a good strong authentication handbook based on risks.
Information security professionals are under more pressure than ever before to protect their company’s critical assets. In a time when information can be the most valuable asset a company has, ensuring only authorized users have the ability to gain access to sensitive data systems is critical to ensuring the success of the company. But security also has to be flexible to accommodate the needs of the business. The challenge for IT security professionals today is finding the right balance of security and convenience.
Risk appropriate authentication
Flexible strong authentication solutions
- Gemalto time-based OTP tokens use the current time computed with a secret key to create a password. When the corresponding validation server receives the password, it combines the current time with the secret key and performs the same cryptographic computation as the token. If the two resulting passwords match up, access is granted for one attempt within a 30 second window.
- SMS OTP solutions use the IDConfirm Server to send a password to any mobile phone via SMS. This offers safe and convenient authentication without the hassle or extra cost of having to carry another device.
- The Protiva Mobile OTP solution exploits all the convenience of the mobile phone without the need for a network. Users download an application that turns the phone into a token that generates a secure OTP.
Smart card solutions
- There are three options when deploying a certificate-based identity solution: .NET, minidriver enabled (MD), or PIV. Each solution provides a high level of assurance of the identity of the user attempting to gain logical access to the network. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. .NET and MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a.NET or MD certificate-based authentication solution is virtually plug and play.NET & MD are also compatible with MAC OS and Linux environments.
- Adding biometric functionality adds a further level of security with the addition of fingerprint match-on-card user verification. This functionality is supported by Windows Biometric Framework.
- Secure Flash USB Token are secure USB tokens that offer simple, highly secure solutions for the mobile office, preventing data loss, securing portable data and digitally signing documents.
Additional PKI functionality
- Using the Internet for business processes is cheaper and faster but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital signatures created using smart card devices with PKI can securely authenticate virtual documents, saving both time and money.
- PKI also allows for email encryption. This is essential for preventing sensitive emails being read by unintended recipients.
- Unsecured USB flash drives can be a major source of data loss but PKI-based tokens are perfect for secure data storage, ensuring sensitive business information is kept safe, even if the drive is lost or stolen.
Flexible authentication built to evolve with your business
Strong authentication adds layers of identity verification to ensure only authorized users gain network access through a variety of easy-to-use form factors that meet business requirements and ensure user adoption.