Earlier this month, The Commission on Enhancing National Cybersecurity, released its final Report on Securing and Growing the Digital Economy. The report provides actionable recommendations for strengthening cybersecurity in both public and private sectors and covers a range of technologies and attack vectors.
One of the attack vectors they focus on is particularly near and dear to our hearts here at GlobalSign – identity. Specifically, the report calls out how identity, especially the use of passwords, is a primary vector for data breaches and recommends increasing the use of strong authentication to improve Identity Management.
The report cites the current barriers to reducing the use of passwords in large scale commercial deployments include:
- Convenience – if the new solutions aren’t easy for end users, identity will continue to be an attack vector. The report calls on designers and cybersecurity technology providers to focus on making strong authentication simple to use.
- Lack of uniform standards – despite widespread knowledge that passwords are unreliable, without uniform standards or existing large scale identity management frameworks, many organizations struggle to implement alternative authentication solutions. The report highlights the recent work of groups like NSTIC and FIDO to create identity frameworks and open-source standards that should help bring stronger and more usable authentication to the masses.
- Need to include identity in connected devices (not just users and traditional IT machines) – the proliferation of internet connected devices, or the Internet of Things (IoT), is of particular focus within the report. The next generation of identity management and authentication solutions will need to accommodate an ever-increasing number and variety of endpoints.
Eliminating these barriers, through the ongoing support and creation of standards groups, new technologies, and user education will help achieve the ultimate objective posed by the committee - “an ambitious but important goal for the next administration should be to see no major breaches by 2021 in which identity—especially the use of passwords—is the primary vector of attack.”
PKI technology, backed by strong identity verification solutions that range from publicly trusted identities to private trust models, is the leading technology to support the commission’s goals of creating a wide spread password-free identity approach that is scalable and interoperable and ups the ante for cybersecurity.
GlobalSign endorses the commission’s report and looks forward to evolving our identity and large scale cloud key management solutions to support traditional online uses cases as well as the billions of interconnected devices requiring strong assurances.
You can read the report in detail here - Commission on Enhancing National Cybersecurity December 1, 2016 Report on Securing and Growing the Digital Economy