Best Practices for Authenticating Mobile Workers and Securing Data Access

Best Practices for
Authenticating Mobile Workers
and Securing Data Access
Learn how to use strong authentication to secure
remote data access and ensure regulatory compliance.
By Eileen Feretic
Executive Summary well as from careless employees who share password infor-In an environment where business and government databas- mation online or who tape password information to their es store ever-increasing amounts of sensitive and confidential computer monitors or under their keyboards. data - and where a growing number of employees need to Organizations have too much to lose to take chances with access that data remotely - password security alone is insuf- their mission-critical information: Security breaches can cost ficient to ensure user authentication. Many organizations an enterprise customers, revenue, and credibility, not to men-are turning to two-factor authentication, which requires two tion the damage that could result from a lawsuit or a govern-measures for users to verify their identities and access data. ment investigation. Gartner Research predicts that the cost of Typically, two-factor authentication involves "something data breaches will increase 20 percent per year through 2009. you have," such as a token, and "something you know," such In an incident still unresolved as of November 2007, as a PIN or password. Hardware tokens provide a unique customers of CRM and on-demand application provider passcode each time a user logs in to the system. Tokens are Salesforce.com are being plagued by a password phishing portable, easy to use, relatively inexpensive, and compatible scam. Clients receive official-looking e-mail messages that, with virtually every type of computer. if opened, install malware on the recipient's computer or Secure Computing's SafeWord two-factor authentication direct them to an infected Web site that requests their Sales-delivers the security today's companies need. It authenti- force passwords. Armed with this data, criminals can steal cates users of remote access solutions such as VPNs, Citrix significant amounts of sensitive business information. To applications, Webmail, Outlook Web Access and other Web counteract this threat, Salesforce.com advised its customers applications, plus Windows and Unix log-ins, for compre- to add a second factor of authentication, such as tokens. hensive identity and access management. A 2007 report from FBR Research also underscores the need for more stringent security: "Customers and consul-Introduction tants with whom we have spoken echo a recurring theme, Whether your employees are working in an office or 'Passwords are not sufficient anymore,' as many organiza-remotely, they need fast, secure access to networks, applica- tions are looking for more safety nets to guard their network tions, files, and e-mail to do their jobs effectively. However, [and] intellectual property." giving employees - and sometimes business partners and customers - remote access to your corporate networks can Providing Stronger Securitybe dangerous, unless you have the right security technolo- Given the inadequacy of password-based security systems, gies and processes in place. organizations are turning to two-factor authentication. Be-To ensure that only authorized individuals are access- cause it requires separate measures to establish an individual's ing the resources and information on your networks (both identity and access rights, two-factor authentication provides wired and wireless), you need identity and access manage- stronger security for even the most sensitive information. ment (IAM). IAM systems authenticate a user's identity and Typically, this type of system requires "something you control access to specified network resources. have," such as a token or smart card, and "something you But even some IAM systems are not enough to protect know," such as a PIN (personal identification number) or mission-critical and confidential information - especially password. This way, even if a thief steals a token or a pass-when users are accessing networks remotely. Systems that are word, the network is still protected. protected only with passwords are at risk from the growing Tokens, which are small pieces of hardware that often fit number of hackers and tools that can 'break' passwords, as on a keychain, provide a unique passcode each time a user
logs in to the system. The user simply... [download for more]