GrIDsure and Field Fisher Waterhouse launch White Paper on Data Security Law and Authentication
July 2011 by Marc Jacob
GrIDsure has launched a white paper on the legal aspects surrounding user authentication in IT environments. Written by European law firm Field Fisher Waterhouse, the paper reviews key aspects of the legal framework for data security, including the law of confidence and the law of negligence, the EU Data Protection Directive, and rules on corporate governance. It also examines the legal meaning of ‘state of the art’ in the context of selecting an adequate technology solution for user authentication.
The authors explain why some of the most commonly used authentication technologies are open to security threats, and evaluate the concept of Pattern Based Authentication against key criteria for choosing an authentication method as well as compliance criteria.
“Protecting information is a business critical interest and a legal obligation,” said Daniel Mothersdale, CEO at GrIDsure. “But as many of the recent data breaches have shown, traditional authentication methods such as passwords and ID tokens aren’t secure enough to keep up with the requirements of cloud computing and mobile access.”
“With the European Union now planning to make it mandatory for all businesses to notify customers of data breaches, companies find themselves under immense pressure to implement ubiquitous strong authentication – every day, for every user, for every service, irrespective of the endpoints used. It’s a matter of compliance with data security law, but also a matter of adequately protecting you employees’ and customers’ identities,” he added.
The white paper is titled ‘GrIDsure Pattern Based Authentication: A perspective from a data security law point of view’, and is available for free download from the GrIDsure website