GSN Dec 2015/Jan 2016 Digital Edition
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Access Control, ID, Insider Threats<br />
security dramatically, organizations<br />
should utilize two or even three<br />
forms of authentication.<br />
Beyond the password:<br />
Multi-factor authentication<br />
Multi-factor authentication is vital<br />
to both securing access to networks<br />
and protecting users’ identities.<br />
After all, the more factors used to<br />
determine a person’s identity, the<br />
greater the trust of authenticity.<br />
With multi-factor authentication,<br />
an organization can be sure that users<br />
are who they claim to be.<br />
Because multi-factor authentication<br />
security requires multiple<br />
means of identification at login, it<br />
is widely recognized as the most secure<br />
method for authenticating access<br />
to data and applications.<br />
The best way to achieve multifactor<br />
authentication is by using a<br />
combination of the following factors:<br />
• Something You Know – password<br />
or PIN<br />
• Something You Have – token or<br />
smart card (two-factor authentication)<br />
• Something You Are – biometrics,<br />
such as a fingerprint (threefactor<br />
authentication)<br />
A strong authentication solution<br />
that validates the identities of users<br />
and computing devices that access<br />
the non-public areas of an organization’s<br />
network is the first step in<br />
building a secure and robust information<br />
protection system.<br />
How to put strong<br />
authentication to work<br />
Practically speaking, there are two<br />
aspects to follow when putting<br />
strong authentication to work:<br />
• Consider all access points<br />
• Ensure the solution reduces IT<br />
administrative and management<br />
overhead<br />
Consider all access points. Organizations<br />
need to be sure that they<br />
authenticate access to all sensitive<br />
information, whether that information<br />
is on premise or in the cloud.<br />
When it comes to the cloud, the<br />
same security mechanisms should<br />
be in place as in remote network access.<br />
Additionally, organizations should<br />
deploy security mechanisms to make<br />
sure that users are securely authenticated<br />
when accessing network resources<br />
from their mobile consumer<br />
devices (such as tablets and smart<br />
phones).<br />
Ensure the solution reduces<br />
IT administrative and<br />
management overhead.<br />
Authentication environments have<br />
to offer convenience and transparency<br />
for end users and administrators<br />
alike.<br />
23<br />
Administrators need to be able<br />
to manage all users across all devices<br />
and resources. That requires<br />
automation, central management,<br />
and visibility into user access across<br />
multiple resources. To ensure users<br />
have an optimal experience, administrators<br />
need to be equipped with<br />
granular controls and comprehensive<br />
reporting capabilities.<br />
On the end-user side of things,<br />
organizations should be able to offer<br />
users the type of authentication<br />
device that most suits their role and<br />
security profile. Organizations can<br />
offer users several authentication<br />
methods, ranging from contextbased<br />
authentication, through SMS,<br />
phone tokens or hardware tokens.<br />
This improves user acceptance and<br />
compliance with security requirements.<br />
Multi-factor authentication is not<br />
particularly complicated, but it surpasses<br />
passwords by a considerable<br />
margin when protecting your infrastructure<br />
and information from being<br />
compromised – especially from<br />
insider threats.<br />
Shawn Campbell, a nationally recognized<br />
cryptology expert, is VP of Product<br />
Management, SafeNet Assured<br />
Technologies. He can be reached at<br />
Shawn.Campbell@safenetat.com