Multi-factor improves security and convenience

Access & Identity Management Handbook 2015 Access Control & Identity Management

An effective strong authentication solution must be able to add security without adding significant costs or complexity. For today’s enterprise environments, an easy to use, simple to manage, strong authentication solution is ideal when working with the wide variety of users your organisation must support to protect you against the many known and yet to be discovered attacks out there. Here is a list of what a strong authentication solution provides:

• Two-factor or multi-factor authentication (MFA) to increase the confidence you have in your user’s identities, so you can grant them appropriate access.

• Differing levels of access based on the risks associated with different types of users and transactions. You should be able to deliver transparent, layered security capabilities to significantly increase your security, without impacting the user experience (at least not for users connecting from their trusted devices and locations). It can be achieved by solutions capable of doing:

o Advanced fraud detection capabilities that consider factors such as geographic location and device information when authenticating users, so you can limit access to trusted devices in trusted countries. Alternatively, users can be asked to use a supplementary, or more secure, method of authentication, such as a One Time Password sent over SMS, when connecting from devices or locations that are not on the trusted list.

o On-going behavioural analysis: For on-going authentication and improved forensics capabilities, the user activity is constantly monitored and analysed, to learn how a specific user behaves, so that deviations from that behaviour can be detected and alerted without impacting user experience or compromising privacy.

If a deviation occurs (e.g. someone else took over the computer), the application can choose to re-authenticate the user and/or add the event to an audit database for later forensic study. This method can actually be used to reduce the number of times a user actively needs to authenticate to a system for increased user convenience.

Accommodating the different access needs of your users while simultaneously protecting your resources from threats may seem like a constant challenge. However, as detailed above, strong authentication can deliver on both fronts.

Furthermore, today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and secure access to buildings. Alongside this, it supports mobile security tokens that give users a convenient and secure access solution for smartphones or tablet use, enables the integration of intelligence for enhanced security, including device identification, and it also enables effective threat protection using multi-factor authentication as part of a multi-layered security strategy.

Strong authentication is gaining traction as an alternative, since it takes advantage of short-range connectivity technology such as Near Field Communications (NFC), popular in smart cards and a standard feature in smartphones and laptops. These devices can be used to gain access to resources by simply 'tapping in' to facilities, virtual private networks (VPNs), wireless networks, corporate intranets, cloud and web-based applications, and single sign-on (SSO) clients.

A data breach can be one of the top events most harmful to a corporation’s reputation and its customers’ privacy. It is highly recommended that organisations should take necessary steps to combat the threat environment in order to protect their assets and customers. In order to combat the plethora of cyber threats that are able to gain unauthorised access to sensitive customer data, it is critical to adopt flexible, intelligent authentication and credentialing solutions that protect access to everything from the cloud, to data, to the door.

Why is MFA necessary?

Concentrating on securing the network perimeter and relying on static passwords is no longer an adequate option for enterprises as IT administrators grapple with challenges including Advanced Persistent Threats (APTs) and the vulnerabilities created by the Bring Your Own Device (BYOD) mobility model. Increasingly, the only reliable way to combat these escalating threats is to employ strong authentication and a multi-layered security strategy that spans remote access, key applications and servers, and cloud-based systems.

Past solutions did not provide sufficient security, were difficult to use, and their implementation was costly and complex. This has changed with the adoption of smartphones, smartcards and other smart devices that can carry secure credentials. Today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and control physical access to buildings.

Besides improving cost, security and convenience with the tap-in strong authentication model enabling enterprises to achieve true access control convergence via the same smartcard or phone, it also makes it possible to use many applications such as secure print management, cashless vending, and biometric templates for additional factors of authentication.

Steps to prevent data theft

1. Move past simple passwords to strong authentication

When hackers steal an employee’s access credentials – like their username and password – they can then move through the network, often undetected, and upload malware programmes. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows, like memorised passwords. There should be at least one other authentication factor, such as something the user has (like a computer logon token) and/or is, like a biometric or behaviour-metric solution.

2. Take advantage of the improved convenience of a 'tap-in' strong authentication model

Users increasingly want a faster and more seamless and convenient identity authentication solution than possible with dedicated hardware, one-time passwords (OTPs), display cards and other physical devices. Now tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users can simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password.

3. Employ a layered IT security strategy that ensures appropriate risk mitigation levels

For optimum effectiveness, organisations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an antivirus solution provides the highest possible security against today’s threats.

Pros and cons

Strong authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity so they can gain risk-appropriate, secure access to corporate resources. However, not all authentication solutions are alike.

To be effective, the solution must be versatile enough to support a layered approach capable of optimally meeting an organisation’s unique needs. It should be able to support multi-factor authentication for all of an enterprise’s different users, and all of their different devices, such as personal phones, tablets, etc., so they can be granted permission to ensure secure access to an organisation’s resources (internal applications, VPNs, terminal services, as well as resources residing in public and private clouds). Enterprises need a solution that offers the flexibility to balance convenience with security and cost requirements – this is what strong authentication offers.

Furthermore, a strong authentication solution coupled with a single credential solution can streamline efficiencies and lower cost, while increasing security at the same time. Such a credential can take the form of single ID badge, smart card or even the user’s mobile phone, and can be used for both physical and logical access – with nothing extra to carry or remember.

For example, this credential can be used to gain remote access to secure networks, replacing the need for a one time password (OTP) token or key fob. As mentioned, strong authentication enables users to securely connect to applications via multi-factor authentication to protect against breaches. A single, converged credential eliminates investments in separate physical and online security infrastructures, simplifies processes, reduces paperwork, and streamlines the overall management of your access control solution.

It also can eliminate the need for passwords and all the processes associated with password resets, etc. Having a strong authentication combined with a converged access credential enables you to minimise the time and costs associated with deploying and maintaining multiple credentials on smart cards, smart USB tokens, mobile phones and other devices for various functions. In doing so, security spend can be focused on those users and applications that need it most.

For today’s dynamic environments, an easy to use, simple to manage, strong authentication solution can best deliver on both the requirements of your users and organisation. Choosing a strong authentication solution gives you the flexibility you need to support and secure the wide variety of users in your organisation, who are using a range of devices to access a number of resources and applications. Through its deployment, you can increase the trust you have in your user’s identity and effectively protect your organisation from the risks of today and tomorrow. As a result, you can securely connect users from any location through a variety of devices and authentication methods to help them conveniently get what they need, when they need it, to confidently drive your business forward.

For more information contact HID Global, +27 (0)82 449 9398, [email protected], www.hidglobal.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Smart intercoms are transforming access control
Access Control & Identity Management Products & Solutions
Smart intercoms have emerged as a pivotal tool in modern access control. They provide a seamless and secure way to manage entry points without the need for traditional security guards to validate visitors before granting them access.

Read more...
Easy, secure access for student apartments
Paxton Access Control & Identity Management Surveillance
Enhancing Security and Convenience at Beau Vie II Student Accommodation, a student apartment block located at Banghoek Road, Stellenbosch, with Paxton's access control and video management solution

Read more...
Invixium acquires Triax Technologies
News & Events Access Control & Identity Management
Invixium has announced it has acquired Triax Technologies to expand its biometric solutions with AI-based RTLS (Real-Time Location Systems) offering for improved safety and productivity at industrial sites and critical infrastructure.

Read more...
ControliD's iDFace receives ICASA certification
Impro Technologies News & Events Access Control & Identity Management
The introduction of Control iD's iDFace facial biometric reader, backed by mandatory ICASA certification, underscores the commitment to quality, compliance, and innovation.

Read more...
The future of workplace access
HID Global Access Control & Identity Management
Mobile credentials are considerably more secure than physical access control, because they eliminate the need for physical cards or badges, support multiple security protocols, and add layers of protection on top of basic card encryption.

Read more...
Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Read more...
Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Read more...
Long-distance vehicle identification
STid Security Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Read more...