Trust but verify

October 2013 Access Control & Identity Management

As both personal and corporate data and applications move to the cloud and mobile devices, the saying ‘trust but verify’ takes on new meaning. It captures the practical reality of a world in which so many of our interactions occur online. More than ever, we need mechanisms to verify the identity of the entities with whom we interact.

Among the most important best practices is authentication beyond simple passwords. Enterprises have typically focused on securing the network perimeter and relied on static passwords to authenticate users inside the firewall. This is insufficient given the multifarious nature of today’s Advanced Persistent Threats (APTs), ad hoc hacking, and internal risks associated with Bring Your Own Device (BYOD) adoption. Static passwords can be a recipe for disaster and must be extended with other authentication factors. Additionally, multi-factor authentication must be part of a multi-layered security strategy, including device authentication, browser protection, transaction authentication/pattern-based intelligence, and application security. This requires the use of an integrated multi-layered authentication and real-time threat detection platform.

Fraud detection technology has been used in on-line banking and e-commerce for quite some time. Significant changes in this landscape led the industry to institute stringent compliance and customer data protection requirements. Compliance requires the full gamut of authentication and fraud prevention strategies, as well as both on-line and mobile payment security. Solutions must also comply with multifactor authentication options including mobile One Time Password (OTP) soft tokens, transparent authentication, and Public Key Infrastructure (PKI) certificates, along with proactive fraud detection and tamper-evident audit reporting.

Fraud detection technology is expected to cross over into the corporate sector as a way to provide an additional layer of security for remote access use cases such as VPNs or virtual desktops. Meanwhile, two-factor authentication measures, which have typically been confined to OTP tokens, display cards and other physical devices, are now also being delivered through soft tokens that can be held on such user devices as mobile phones, tablets, and browser-based tokens. A phone app generates an OTP, or OTPs are sent to the phone via SMS. For greater security, the authentication credential is stored on the mobile device’s secure element or subscriber identity module (SIM) chip. Mobile tokens also can be combined with cloud app single-sign-on capabilities, blending classic two-factor authentication with streamlined access to multiple cloud apps on a single device.

As identity management moves to the cloud there are other critical considerations. Today, much of the security discussion is focused on securing the platform, but as enterprises continue to move applications into the cloud and take advantage of the Software as a Service (SaaS) model, it will be critical to resolve challenges around provisioning and revoking user identities across multiple cloud-based applications, while also enabling secure, frictionless user login to those applications.

In the BYOD environment, secure authentication becomes even more important, and several other security issues also emerge. IT departments won’t be managing these devices, so it won’t be possible to control other, potentially untrustworthy personal apps they may carry, or to load a standard image onto them with anti-virus and other protective software. Nor will organisations be able to retrieve devices when employees leave. We will need to find new and innovative ways to address these and other challenges

Notwithstanding the risks, the use of BYOD phones, tablets and laptops for access control opens opportunities for powerful new contactless authentication models, from tapping your corporate ID badge to a personal tablet for authenticating to a network, to using an NFC-enabled phone not only as your access credential but also the key for entering your building or apartment.


For more information contact HID Global, +27 (0)82 449 9398,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.

IAM has business on high alert
August 2019 , Access Control & Identity Management
Identity and Access Management (IAM) is now a must in commerce and the need to protect digital assets is driving the development of solutions and widespread adoption

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.