A strong authentication solution that validates the identities of users and computing devices that access the non-public areas of an organisation’s network is the first step in building a secure and robust information protection system.
1. Match Your Authentication Solution to Your Business, Users, and Risk
A flexible approach that enables an organisation to implement different authentication methods based on different risk levels may ensure a robust system that can be efficiently and cost-effectively deployed.
Technologies for multi-factor authentication include:
• One-Time Passwords (OTP): OTP technology is based on a shared secret or seed that is stored on the authentication device and the authentication backend. This method ensures authentication by generating a one-time passcode based on the token’s secret.
• Certificate-based Authentication (CBA): This method ensures authentication using a public and private encryption key that is unique to the authentication device and the person who possesses it. CBA tokens can also be used to digitally sign transactions and to ensure non-repudiation. SafeNet for example delivers certificate-based authentication via USB tokens and smart cards.
• Context-based Authentication: Context-based authentication uses contextual information to ascertain whether a user’s identity is authentic or not, and is recommended as a complement to other strong authentication technologies. In order to develop a robust authentication solution, organisations should consider their business, users, and risk, and select a solution that provides them with the flexibility to adapt as needed. For example, if organisations are interested in implementing additional security solutions that rely on PKI technology, such as full-disk encryption, network logon, and digital signatures, or are thinking about adding such solutions in the future, they should consider CBA, as it enables these applications.
2. Prefer Solutions That Adhere to Standards-Based Security and Certifications
Products that are built upon standards-based crypto-algorithms and authentication protocols are preferred. Unlike proprietary algorithms, standards-based algorithms have gone through public scrutiny by industry and security experts that reduces the chance of any inherent weaknesses or vulnerabilities. Moreover, they enjoy broad industry support.
3. Consider All Access Points
Organisations need to ensure that access to all sensitive information is authenticated, whether the information resides on premise or in the cloud. Organisations should implement the same security mechanisms for cloud resources as they would for remote access to the corporate network. In addition, organisations should deploy security mechanisms to ensure that users accessing network resources from their mobile consumer devices (e.g., tablets, smart phones) are securely authenticated.
4. Ensure the Solution Reduces IT Administrative and Management Overhead
Authentication environments have to offer convenience and transparency for end users and administrators alike. Following are several guidelines that can help organisations achieve these goals:
• Administrative Controls: Administrators need to be able to manage all users across all devices and resources. To meet this charter, they need automation, central management, and visibility into user access across multiple resources. To ensure users have an optimal experience, administrators need to be equipped with granular controls and comprehensive reporting capabilities.
• End-User Convenience: To ensure security controls are enforced, while streamlining user access, organisations should have the ability to offer users the type of authentication device that most suits their role and security profile. Organisations can offer their users several authentication methods, ranging from context-based authentication, through SMS, phone tokens or hardware tokens – ensuring user acceptance and compliance with corporate security policies
If you’re unsure of the best multi-factor authentication solution for your company contact Net-Ctrl on 01473 281 211, or email [email protected].