|
Whether your employees are working in an office or remotely, they need fast, secure access to networks, applications, files, and e-mail to do their jobs effectively. However, giving employees — and sometimes business partners and customers — remote access to your corporate networks can be dangerous, unless you have the right security technologies and processes in place.
To ensure that only authorized individuals are accessing the resources and information on your networks (both wired and wireless), you need identity and access management (IAM). IAM systems authenticate a user’s identity and control access to specified network resources.
But even some IAM systems are not enough to protect mission-critical and confidential information — especially when users are accessing networks remotely. Systems that are protected only with passwords are at risk from the growing number of hackers and tools that can ‘break’ passwords, as well as from careless employees who share password information online or who tape password information to their computer monitors or under their keyboards.
Organizations have too much to lose to take chances with their mission-critical information: Security breaches can cost an enterprise customers, revenue, and credibility, not to men-tion the damage that could result from a lawsuit or a government investigation. Gartner Research predicts that the cost of data breaches will increase 20 percent per year through 2009.
In an incident still unresolved as of November 2007, customers of CRM and on-demand application provider Salesforce.com are being plagued by a password phishing scam. Clients receive official-looking e-mail messages that, if opened, install malware on the recipient’s computer or direct them to an infected Web site that requests their Sales-force passwords. Armed with this data, criminals can steal significant amounts of sensitive business information. To counteract this threat, Salesforce.com advised its customers to add a second factor of authentication, such as tokens.
A 2007 report from FBR Research also underscores the need for more stringent security: “Customers and consultants with whom we have spoken echo a recurring theme, ‘Passwords are not sufficient anymore,’ as many organizations are looking for more safety nets to guard their network [and] intellectual property.”
Providing Stronger Security
Given the inadequacy of password-based security systems, organizations are turning to two-factor authentication. Be-cause it requires separate measures to establish an individual’s identity and access rights, two-factor authentication provides stronger security for even the most sensitive information.
Typically, this type of system requires “something you have,” such as a token or smart card, and “something you know,” such as a PIN (personal identification number) or password. This way, even if a thief steals a token or a pass-word, the network is still protected.
Tokens, which are small pieces of hardware that often fit on a keychain, provide a unique passcode each time a user logs in to the system. The user simply activates the token — usually by pushing a button or inserting it into a USB port — and a one-time-use passcode appears on the display. After entering the passcode, the individual follows up with his or her PIN to access applications and data.
In general, tokens are used in conjunction with server-side software that validates the user’s identity and authorizes access. No software is installed on the endpoint device, so tokens can be used anywhere, on any computing system, including desk-tops, laptops, and personal digital assistants (PDAs), as well as public terminals in airports and other locations.
Other types of two-factor authentication technologies include smart cards and biometrics, where a fingerprint or retina scan provides the second factor. One drawback of smart cards, which are embedded with microprocessors, is that most work only with devices that have smart card readers, which can add substantially to the expense of the security system. Also, many of these cards work with applications that utilize public key technology, which requires companies to deploy certificate-handling procedures, thus adding complexity to the system.
Biometrics, on the other hand, represents a “something you are” form of authentication. Though this technology is growing in popularity, it’s not yet ready for widespread use. Biometric scanners are expensive, and they’re not portable, as the scanning devices are often tied to one computer.
|
