This article first appeared in the Winter 2015 issue of OnWindows.
They’re needed to access everything from bank accounts to online stores, social networks, smartphones, and systems in the workplace, yet single passwords aren’t always the safest way of protecting critical data. Some are so complicated they are quickly forgotten, while others are so weak that they’re easy for hackers to guess, particularly if they are replicated in multiple places. Although personal security breaches can be distressing for consumers, the financial and reputational damage associated with a widespread corporate data breach can be devastating. Yet many organisations still rely on traditional processes to secure IT networks and provide employees with access to devices and documents.
“Enterprises only tend to improve security following a network breach, so many of the current security processes have been implemented in silos, forcing employees to remember separate passwords layered with multifactor authentication for everything, especially if they work remotely or use a personal device,” explains Jackson Shaw, senior product director at Dell Software. “However, this obstructs productivity and exposes the business to risk from employee workarounds. For example, a recent Dell survey found that 92% of business respondents were negatively impacted when required to use additional security for remote work, while more than 90% use multiple passwords on a daily basis.”
Noting that security always wins in the battle with employee convenience, Shaw explains that today’s employees require any-time, any-device and any-location access to their corporate network. “This can’t be facilitated using static security processes,” he says. “To remain competitive, businesses require a fluid security process that also allows end user to remain productive.”
Shaw recommends that enterprises adopt a context-aware identity and access management (IAM) security strategy, which enables the IT team to evaluate the context surrounding each access request and adapt security requirements accordingly in real time.
“Establishing effective IAM strategies is a great way to take a proactive stance to security, particularly because factors such as time, location and end-point device are analysed before access is granted or denied,” explains Shaw. “For example, if an employee logs in to the network from a London office at 9am and a second request is received from the same user at 2pm in Singapore, the network would flag a potential threat because it wouldn’t be possible for them to reach Singapore in that time. The user would then have to pass through additional authentication levels before being granted access.”
Focusing on the context of the access request also prevents access issues from being mismanaged. “If the context dictates that an informed, priority-based decision specific to the situation needs to be made, IT can ramp up to multifactor authentication,” says Shaw. “End users must then pass this in one go, providing them with a seamless access experience and ensuring that they can remain productive while keeping the business secure. In effect, this type of approach changes security from a productivity barrier to a business enabler.”
Implementing a context-aware security and IAM strategy is relatively easy, says Shaw, particularly if senior executives start by thinking about their employees, customers, contractors and partners.
“If everyone is in one office or the same geographic location, then context-aware security may not be the best solution, but if employees work remotely on a regular basis, or are spread across multiple offices, senior management should definitely consider context-aware authentication,” he advises. “It’s easy to start by establishing basic rules to pinpoint individual employee’s regular log-in patterns and ensure that they receive an additional authentication request if they deviate from those average times after 30 days. Dell’s SonicWall firewall and context-aware authentication products enable organisations to take this type of modular approach to their IAM strategy – they can start with the most at-risk area and build on it as their needs change.”
Over the next 12 months, Shaw predicts the industry will move towards an even stronger IAM and data security approach – ‘continuous’ authentication.
“Just like a radioactive isotope that loses potency over time, continuous authentication will ‘decay’ a user’s access over a set period of time to protect the IT network from being hacked by another user,” he explains. “For example, if an employee logged in to their desktop using context-aware authentication processes in the morning, but forgot to sign out before leaving for lunch, they would need to reauthenticate themselves when they returned to prove that an imposter has not stolen their device.”
Shaw is also hopeful that progress towards completely eliminating passwords will continue over the next year. “Currently, this is a kind of Holy Grail, but with the recent online identification advances made by the Fast Identity Online Alliance and solutions like Microsoft Passport – a new certificate-based authentication approach – we expect that the industry will make some significant inroads into reducing the password hell we’re all in.”
Share this story