IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
With over 15 years of experience in the security and smart card industries, Radstaak has a wealth of strategic sales and business development experience and has a long-standing career in the security and smart card industries.
Today’s employees are increasingly distributed, mobile and varied, requiring many enterprises to take a new look at how to establish trust in a user’s identity and control their access accordingly.
In the past, most focused on perimeter defences, putting controls in place to determine who could enter the building, with physical access systems, and who could get into the network, with firewalls and VPNs. Once inside, however, users had fairly unfettered access to all the applications and resources in these facilities and networks.
Now, recognising the threats from users “inside their walls” – 81% of organisations have experienced a data breach as a result of negligent or malicious employees or other insiders – and watching the walls, themselves, crumble, because of the dynamic, global nature of today’s businesses, many enterprises are re-evaluating their approach to access.
If you are like most enterprises, you are struggling to simultaneously accommodate all the different needs of all your different users AND minimise the risks their access can pose to your organisation, which is complicated by the ever-changing threat landscape and user population.
Advanced persistent threats
Attacks continue to evolve and become progressively sophisticated, as evidenced by the rise of advanced persistent threats (APTs) that use customised malware to conduct targeted, long-term attacks.
At the same time, users who need access to information and resources are expanding beyond employees to include a wide variety of consultants and third-party contractors, and so on.
All these users want is to be able to access what they need from wherever they are, using whatever device they want, whether personal phones, laptops or tablet. These variables can increase risks to your environment.
What’s needed is a way to trust the identity of all these different users and then appropriately control their access as they move throughout the organisation.
Applying strong authentication to each application is one of the most effective ways you can enable the productivity your business requires, while reducing the risks to your organisation. By securing the individual enterprise and cloud-based applications and data resources, whether they are on a laptop or mobile phone, you can effectively manage access and secure your informational assets.
Strong authentication goes beyond a single password to authenticate. It requires additional factors to establish the user is who they say they are.
Behavioural intelligence
It may be something the user knows, such as a unique password or personal identification number (PIN); something the user has, such as a smartcard, token, or cell phone; or even something the authentication system gathers, such as fraud and behavioural intelligence, that’s used to bring the authentication to a more secure level.
Why is this important? Hackers continue to target the credentials of insiders because they give the attacker access to the facilities and network, enabling them to “look like they belong,” so they can move around the organisation undetected. As such, increasing the strength of the way your users authenticate themselves can help increase the overall security of the enterprise.
The reality is that the use of traditional static passwords, while convenient, simply aren’t enough to protect against today’s dynamic threats – keystroke logging tools, phishing attacks, eavesdropping, and even guessing can be used to easily crack them.
For today’s enterprise environments, an easy to use, simple to manage, strong authentication solution is recommended when protecting the wide variety of users against the many known and yet to be discovered attacks out there.
In my next blog entry, I’ll look at the requirements for effective strong authentication and address the pros and cons of legacy solutions.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Access Control: Introducing and Defining Strong AuthenticationHID Global MD Harm Radstaak offers some words of advice to facilities managers and business owners.
Harm Radstaak
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Security benefits of installing mesh networks
The Body Shop boosts operational efficiency with locker solution
