For decades now corporations have been in a battle to protect the business while at the same time striving to improve business processes and make information readily and easily available to employees, customers, partners, and other stakeholders. Applications are now Internet-enabled and allowing employee access to intra- and extra-nets through mobile devices has become an essential component of doing business. Compounding that, business partners are often provided entry to ensure everything from immediate access to information to the attainment of service level agreements.
The downside of all this has been the rapid erosion of the once relatively secure perimeter. Companies must now ensure the integrity of their data against all of the threats of the last generation (viruses, etc.) as well as all of the modern-day threats associated with having information available to various parties all over the world at all times, and with an unprecedented number of venues through which one may gain access to that information. This is especially critical today as employees are proving just as vulnerable to attacks as consumers are. Further, if knowledgeable workers fall victim to an attack, everything from intellectual property to sensitive customer information is at risk of being exposed.
Protecting the confidential data of employees, customers, and partners is not only good business practice, but for many organisations is governed by industry regulations. Recent guidelines by Sebi (Securities and Exchange Board of India) mandates all online brokers offering Internet based trading platforms to enforce a two-factor authentication (2FA) system as an enhanced security mechanism.
Controlling access to data and applications is an important part of regulations, and information security concerns revolve around poor data protection mechanisms for credit cards, debit cards, and other forms of payment. The concern stems from the fact that Passwords and user IDs system of authentication is commonly considered to be one of the weakest security links in modern day computing. This system is subject to a number of flaws, including poor user password choices, password harvesting, phishing and man-in-browser attacks, among others.
The most common and compelling solution to authen¬tication problems is the use of Strong Authentication, otherwise referred to as Two-Factor Authentication. A Two-Factor Authentication system works by requir¬ing two simultaneous but independent authentication methods commonly referred to as “something you have and something you know.” Normally, the first factor (something you have) involves hardware or software that provides the user with an electronically. This dual-level mechanism delivers the level of security that businesses need to protect confidential data and applications and meet compliance requirements.
As more Indians get online to conduct their daily transactions, it is imperative for businesses that enable digital financial transactions to ensure a level of confidence in users’ connected experiences. According to experts, Two-Factor Authentication dramatically reduces the incidence of online identity theft, phishing attacks, and other online fraud, because the victim’s password is simply no longer sufficient to give a thief access to their information.
Following are some factors to consider while implementing Two-Factor Authentication in the enterprise.
• Freedom of Choice: Look for support for a broad range of credentials and ensure vendor independence by implementing solutions that support any open-standards based (OATH) security credential.
• Convenience and ease of use: Simplify the experience for users by offering a single, portable credential (such as mobile application, a keyfob token, credit card, or cell phone enabled for an OTP) that serves as a second authenticating factor for any network site—similar to those used in ATM networks.
• Cost Efficiency: Use a cloud-based authentication model and Web services integration to minimise costs of deployment and shared maintenance. A consistent user experience also minimises support costs.
• Faster Time to Market: By using two-factor authentication (2FA) as a service, it is easy, fast, and cost-effective to offer strong authentication to customers. It speeds time to market, enabling companies to reduce fraud and increase revenue by building customer trust.
Authentication through the mobile
The latest trends in 2FA include authentication through the mobile. As mobile devices become increasingly ubiquitous and powerful – particularly in India which has over 700 million mobile subscribers, according to TRAI – businesses can use 2FA more conveniently and effectively.
Consumers have already embraced the fact that the mobile phone offers far more than wireless communications. Today’s handsets deliver entertainment, communications, personal organisers, navigation, and many other desirable capabilities. Adding the ability to issue onetime passwords (OTPs) for strong authentication simply extends the versatility and usefulness of the mobile phone for consumers. It eliminates the need to carry an additional device and makes 2FA even more attractive and easy-to-use for consumers.
Businesses issuing credentials to their customers benefit as well. The business can now choose to offer a wide variety of credential form factors—with something to suit nearly every consumer’s personal preference. A large jump in consumer uptake as a result of offering a convenient mobile form factor lowers costs and risks for all participants in a shared authentication network.
With a mobile phone as a secure credential, we can marry security and cost-effectiveness with convenience to deliver a significant impact on the industry—dramatically increasing uptake of 2FA capabilities to protect online transactions.
Trust and identity are key to the future of securing and managing the world’s information. As new IT models are adopted, from cloud computing to social networking to mobile computing to user-owned devices, businesses can leverage their operational efficiencies and freedom without compromising on identity security through authentication.
Authentication: The process of confirming that something is genuine. In computer security, authentication is usually an automated process of verifying the identity of someone or something, such as a computer or application.
2-Factor/ Multi-factor/ Strong Authentication :- These terms refer to the authentication practice of requiring confirmation of something you know such as a username and password and something you have such as a smart card, token or certificate.
Credential Proof of qualification, competence, or clearance that is attached to a person. A digital certificate, token, smart card, mobile phone, or installed software are credentials that may be used to enable strong or multi-factor authentication.
(The author is Director, Development, at Symantec)
