David Ting, Imprivata: Access management: How to authenticate users
January 2010 by David Ting, Imprivata
Technology has evolved to address the challenges of the modern business market. Mobile working and round-the-clock communication have tested information security, as has the need to lock down data from the inside-out. Securing the firewall was previously top of the CISO agenda, but today, securing internal access to applications by employees is equally important. Internal and external regulations exist to protect personal data and restrict employee access to information. As a result, staff are often required to input multiple passwords a number of times each day. To avoid locking themselves out of critical applications by forgetting complex passwords, employees resort to jotting down information which has an adverse effect on security. Users that attempt to fully comply with password policies often find themselves locked out of applications after forgetting credentials. This leads to disrupted workflow and pressure on the IT helpdesk.
To avoid security challenges caused by multiple passwords, technologies such as single sign-on (SSO) have emerged to allow users to log-on with one set of details. The single point through which users can authenticate alleviates the problem of disparate passwords/forgetful users. Combining SSO with strong authentication devices including fingerprint biometrics, smart cards and password tokens, results in two-factor authentication and improved security. By opting for SA that compliments the working practices of the staff, business can take advantage of the extra benefit of improved productivity. So what are the various methods on offer?
One-time-password tokens are often used for online banking facilities. The customer/employee enters a string of numbers uniquely generated by the token, which is valid for a short period of time. Password tokens are particularly useful where employees work remotely and can authenticate users while preventing any shoulder surfing that is more likely to occur outside the office environment. Password tokens improve security employee workflow by safely avoiding multiple passwords.
Biometric devices provide hardened security for compliance, and streamlined end-user access. As security threats and regulations become more rigid, organisations choose biometrics to comply with regulatory demands. Biometric authentication has become increasingly affordable and effective, particularly as many modern laptops are equipped with biometric readers as standard. Biometrics are steadfast and non re-creatable, proving popular environments like healthcare where speed and ease are essential.
Smart Card Technology
Facility access badges or smart cards from simple swipe cards to passive proximity and chip cards have traditionally been used to enter the office building. The card grants access by communicating with the PC to authenticate the user to the IT network, used alongside a PIN. Smart cards can be linked into other projects meaning extra information is hosted on the card. This saves hardware costs and further eases the working life of staff. Additionally, the physical access system can be programmed to grant access to a PC only if the user has physically entered a specific room or operation work area. Technology is available to help organisations face IT access management challenges head on. Providing a centralised tool for security staff to manage and provision IT access, integrated with better levels of authentication and user tracking, go a long way to improving access management.