Avatar photo

Author Bio ▼

With over 15 years of experience in the security and smart card industries, Radstaak has a wealth of strategic sales and business development experience and has a long-standing career in the security and smart card industries.
August 28, 2014

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Requirements for Effective, Strong Authentication in Access Control

security key and binary codeAs mentioned in my previous blog entry, this time I’ll look at the requirements for effective strong authentication and address the pros and cons of legacy solutions.

Let’s begin by looking at legacy solutions. We know that one-time-passwords (OTPs) and tokens offer greater security, because the password they generate is only valid for a single session or transaction, but if implemented incorrectly they can create other issues.

Many legacy solutions don’t give you control over the token seed record, which is the “key” to that token; rather the seed records for the tokens are housed in the vendor’s databases, which means a data breach at that vendor could damage your company’s security.

In addition, legacy solutions that assume once you’re in, you’re okay simply aren’t comprehensive or versatile enough to consider the user’s role, location and access device type to establish trust and grant access across a wide range of enterprise and cloud applications.

It’s not enough to use strong authentication when you first enter the building or network – as we know, a defensible perimeter is no longer sufficient.

With this in mind, strong authentication needs to be extended across the organisation to include access to desktops, servers, mobile phones, data, and enterprise and cloud-based applications in a way that enables you to truly increase the overall security and accountability of your environment.

An effective strong authentication solution must be able to add security without adding significant costs or complexity. For today’s enterprise environments, only an easy to use, simple to manage, strong authentication solution stands a chance to work with the wide variety of users your organisation must support to protect you against the many known and yet to be discovered attacks out there. Here is a list of what a strong authentication solution provides:

  1. Two-factor or multi-factor authentication to increase the confidence you have in your user’s identities, so you can grant them appropriate access
  2. Differing levels of access based on the risks associated with different types of users and transactions. You should be able to deliver transparent, layered security capabilities to significantly increase your security, without impacting the user experience (at least not for users connecting from their trusted devices and locations). It can be achieved by solutions capable of doing
  3. Advanced fraud detection capabilities thatconsider factors such as geographic location and device information when authenticating users, so you can limit access to trusted devices in trusted countries. Alternatively, users can be asked to use a supplementary, or more secure, method of authentication, such as a One Time Password sent over SMS, when connecting from devices or locations that are not on the trusted list.
  4. Ongoing behavioural analysis: For on-going authentication and improved forensics capabilities, the user activity is constantly monitored and analysed, to learn how a specific user behaves, so that deviations from that behaviour can be detected and alerted, without impacting user experience or compromising privacy. If a deviation occurs (e.g. someone else took over the computer), the application can choose to reauthenticate the user and/or add the event to an audit database for later forensic study. This method can actually be used to reduce the number of times a user actively needs to authenticate to a system for increased user convenience.

Accommodating the different access needs of your users while simultaneously protecting your resources from threats may seem like a constant challenge. However, as detailed above, strong authentication can deliver on both fronts. In my next post, we’ll look at the benefits of having a converged credential that delivers both secure logical and physical access control.

Subscribe to the IFSEC Insider weekly newsletters

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments