Over the past few years, data breaches have increased in frequency and size, making the need to protect sensitive information a top priority for businesses worldwide. According to the latest Breach Level Index report, one billion data records were compromised in 2014 alone, a 49% increase in data breaches and a 78% increase in data records stolen or lost compared to 2013. Big names targeted and exposed in the last 12 months include Mumsnet, Moonpig, and British Airways as well as financial institutions such as the European Central Bank, JP Morgan Chase and HSBC.
According to SafeNet’s 2014 Authentication Survey, just 15% of organisations worldwide address the security challenges of today’s complex authentication environment by implementing multi-factor authentication (MFA) among 90-100% of their employees. With more than 2 million records compromised each day, the remaining 85% put at risk the confidentiality and integrity of their networks, applications and intellectual property, leaving them at the mercy of cyber-criminals.
The attacks on businesses are getting more sophisticated and the pressure for system administrators to react with increasing urgency is overwhelming. Against this backdrop, they face further pressure from within the business to accommodate new ways of working and business transformation – driven by broad adoption of cloud and mobility and the maturity of new technologies.
In addition, while uniform security policies, central management, visibility, and transparency of their entire authentication environment have eased the Identity and access management (IAM) burden on CISOs, system administrators are tasked with putting out IT fires and with maintaining and upgrading their organisation’s network infrastructure, systems, and applications. With so much to do in so little time, IAM solutions that save system administrators time by reducing management along with the ability to securely adopt new technologies are certain to reach the CIO’s shortlist.
A solid authentication scheme can be fluid and transparent to users, providing an extensible authentication framework to cloud and enterprise applications —allowing CIOs and system administrators to not only fulfil their duties but also drive up efficiency and innovation. Here are the key functionalities to look out for:
Auto-syncing and auto-provisioning – These functionalities automatically issue tokens to new users, and automatically request activation via email notification. Similarly, they also disable a user’s access permissions once they are removed from the user store.
Automated Token Provisioning – Both automated token provisioning and deprovisioning utilise periodic synching with existing user stores (such as AD, Oracle, SQL, Lotus, Novell, IBM, etc.) in order to effect the appropriate actions.
Automated User and Solution Management – These capabilities can provide automated alerts delivered through SMS or email, containing real-time red flag notifications on incidents that require follow up actions, thus allowing management by exception. Examples include notifications to users and administrators in the event of account lockout, modification of a key configuration setting, or the absence of user enrolments by a certain date.
Group-based Policies – These policy capabilities streamline the provisioning and authorisation process. For example, different user groups can be assigned different pre-authentication rules, such as time and date or IP address restrictions, application permissions, and token provisioning configurations.
User Self-Service – To further reduce help desk overhead, solutions that offer basic self-service, such as requesting a new token, requesting a backup authentication method, activating or re-syncing a token, and updating user profile details can reduce the management burden on IT.
Federated Login – With SAML-based identity federation, solutions can extend stored identities to the cloud, enabling users to sign in to software-as-a-service (SaaS) and cloud applications with the same credentials used to log in to the corporate network. In effect, this allows for the ability to sign in only once and concurrently gain access to multiple SaaS applications.
Frictionless Authentication Methods – A study published by the National Institute of Technology and Standards (NIST) found that, on average, NIST employees authenticated 23 times within a 24-hour period, with “over-authentication” requirements resulting in user frustration, otherwise known as ‘password fatigue,’. In turn this led users to cope by using strategies with the potential to jeopardise security down the line, such as writing down passwords. In enterprise authentication scenarios, however, users cannot simply walk away to avoid authentication. Hence, the importance of frictionless authentication methods such as OTP, OOBA, and tokenless authentication (for example, context-based authentication), which enhance user experience and lower barriers of adoption.
As-a-Service delivery – Strong authentication and identity management can be delivered as-a-service from the cloud, further lowering the total cost of operation with cloud computing efficiencies.
So how can organisations offer users an effortless authentication experience whilst addressing password pains? These top tips can help:
* Secure an SSO with strong authentication, elevating the level of assurance that users are in fact who they claim to be. Strong multi-factor authentication can be added to ESSO/federated SSO scenarios without incurring the high cost of user inconvenience.
* Eliminate reliance on passwords: Two-factor authentication can completely replace static passwords, eliminating password fatigue, password administration and password vulnerabilities.
* Offer self-service: Keep dependence on help desk personnel to a minimum by offering users extensive self-service functionalities, such as resetting their profile details, requesting a new token, or syncing a current one.
* Lower barriers for users: Remove the need to physically carry additional daily authentication props, context-based authentication, out-of-band software tokens and phone-as-a-token options, providing convenient enterprise mobility from any endpoint.
Rising security risks and demand for seamless and secure access across any device, anytime, has triggered greater adoption of authentication solutions - and further growth is expected.
By choosing the right authentication method, organisations will reduce system administrators’ workload, allowing them to focus on implementing the most efficient apps and platforms. They will also be safe in the knowledge that their data is protected, whether or not a security breach occurs.