Making the Case for Multi-Factor Authentication
Not so long ago, protecting your company involved physically securing your business – a lock on your door to prevent access to your building, an alarm system to chase away the burglars and a safe to protect money and valuables. In 2016 these thing are still of some importance, but need to be combined with further considerations.
Burglars don't only try to enter your company through the backdoor, they also look at virtual access to your organization. Money is no longer only stored in a safe or at the bank, but is more than often handled through online banking. And what has come to be more valuable than money itself? Data.
The dilemma is easy to see: on the one hand you want to give easy access to anyone that requires access to company resources, e.g. employees, suppliers, customers, partners or other stake holders, but on the other hand you want to minimize the risk of unauthorized people gaining access to your organization's resources. How do you find the balance?
One way to achieve the balance of easy access and maximum security is by using multi-factor authentication.
What Is Multi-Factor Authentication and How Does It Help?
Multi-factor authentication is the process by which a person or computer proves its identity to gain access to information or data using multiple authentication methods.
Multi-factor authentication can be achieved by combing multiple pieces of evidence from multiple categories to an authentication mechanism including:
- A password
- A smartcard or token
- Biometrics like your retina or fingerprint
This provides a layered security model where an attacker would have to know/have all required information to gain access.
Many popular websites are now implementing multi-factor authentication methods to protect their customers. For example, Instagram just introduced multi-factor authentication where users can have a code texted to them which must be entered in order to gain access to their Instagram account.
You can learn about other websites and the different types of multi-factor authentication being used here.
With a combination of 'something you know' (passwords and pins), 'something you have' (smartcards and tokens) and 'something you are' (biometrics), you can ensure that access to your data and portals is as hard as possible to achieve for unauthorized users.
The Key Players in Authentication
There are several key players that need to be considered when setting up authentication methods and each have their own set of objectives that should be considered.
- Employees – Require secure access to online resources for their job from multiple devices.
- Partners – Require access to connecting systems that communicate with your solutions and will require access to your data.
- Customers - Require convenient access to your online services as well as need to be aware of what security measures you are taking to protect their data.
- Administrators - Need to set up and manage ways to reduce risks and threats and manage the authentication process.
4 Reasons to Consider Multi-Factor Authentication
- Your company resources are your biggest asset. Hence, it makes sense to protect them with the best available security mechanisms.
- People tend to be lazy and use the same password for different platforms. If one service gets compromised, other services could also vulnerable to attacks. Using different factors for authentication ensures that accounts remain safe.
- Employees themselves are often being targeted directly – hackers have realized that humans are easy to trick in comparison to the difficulty of hacking technology. Sophisticated phishing emails are used to get their hands on passwords and information. Multi-factor authentication adds an additional level of protection against unwanted access and data theft.
- As new authentication methods, services and tools become available on the market multi-factor authentication is becoming easier and easier to implement.
Authentication is an important factor for many industries and sectors, but especially crucial for critical infrastructures like financial services, governments, utilities and energy providers, health services or communications services.
With every new user, machine, mobile device, sensor and meter added to the equation the risk of an attack increases significantly. By implementing multi-factor authentication you can ensure your company reduces its level of vulnerability, plus also meets best practices and complies with regulations.
Look for solutions with pre-configured and out of the box deployment methods that allow for rapid deployment in as little as four weeks such as GlobalSign’s IAM EASY.
Manage Identities for Authentication
In a previous blog we touched on the benefits of identity & access management solutions. They simplify the management of identities for authentication and automate many aspects of it.
You can read up more around the topic of IAM in How to Ensure a Successful IAM Project or IAM for business