Multi-factor improves security and convenience

Access & Identity Management Handbook 2015 Access Control & Identity Management

An effective strong authentication solution must be able to add security without adding significant costs or complexity. For today’s enterprise environments, an easy to use, simple to manage, strong authentication solution is ideal when working with the wide variety of users your organisation must support to protect you against the many known and yet to be discovered attacks out there. Here is a list of what a strong authentication solution provides:

• Two-factor or multi-factor authentication (MFA) to increase the confidence you have in your user’s identities, so you can grant them appropriate access.

• Differing levels of access based on the risks associated with different types of users and transactions. You should be able to deliver transparent, layered security capabilities to significantly increase your security, without impacting the user experience (at least not for users connecting from their trusted devices and locations). It can be achieved by solutions capable of doing:

o Advanced fraud detection capabilities that consider factors such as geographic location and device information when authenticating users, so you can limit access to trusted devices in trusted countries. Alternatively, users can be asked to use a supplementary, or more secure, method of authentication, such as a One Time Password sent over SMS, when connecting from devices or locations that are not on the trusted list.

o On-going behavioural analysis: For on-going authentication and improved forensics capabilities, the user activity is constantly monitored and analysed, to learn how a specific user behaves, so that deviations from that behaviour can be detected and alerted without impacting user experience or compromising privacy.

If a deviation occurs (e.g. someone else took over the computer), the application can choose to re-authenticate the user and/or add the event to an audit database for later forensic study. This method can actually be used to reduce the number of times a user actively needs to authenticate to a system for increased user convenience.

Accommodating the different access needs of your users while simultaneously protecting your resources from threats may seem like a constant challenge. However, as detailed above, strong authentication can deliver on both fronts.

Furthermore, today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and secure access to buildings. Alongside this, it supports mobile security tokens that give users a convenient and secure access solution for smartphones or tablet use, enables the integration of intelligence for enhanced security, including device identification, and it also enables effective threat protection using multi-factor authentication as part of a multi-layered security strategy.

Strong authentication is gaining traction as an alternative, since it takes advantage of short-range connectivity technology such as Near Field Communications (NFC), popular in smart cards and a standard feature in smartphones and laptops. These devices can be used to gain access to resources by simply 'tapping in' to facilities, virtual private networks (VPNs), wireless networks, corporate intranets, cloud and web-based applications, and single sign-on (SSO) clients.

A data breach can be one of the top events most harmful to a corporation’s reputation and its customers’ privacy. It is highly recommended that organisations should take necessary steps to combat the threat environment in order to protect their assets and customers. In order to combat the plethora of cyber threats that are able to gain unauthorised access to sensitive customer data, it is critical to adopt flexible, intelligent authentication and credentialing solutions that protect access to everything from the cloud, to data, to the door.

Why is MFA necessary?

Concentrating on securing the network perimeter and relying on static passwords is no longer an adequate option for enterprises as IT administrators grapple with challenges including Advanced Persistent Threats (APTs) and the vulnerabilities created by the Bring Your Own Device (BYOD) mobility model. Increasingly, the only reliable way to combat these escalating threats is to employ strong authentication and a multi-layered security strategy that spans remote access, key applications and servers, and cloud-based systems.

Past solutions did not provide sufficient security, were difficult to use, and their implementation was costly and complex. This has changed with the adoption of smartphones, smartcards and other smart devices that can carry secure credentials. Today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and control physical access to buildings.

Besides improving cost, security and convenience with the tap-in strong authentication model enabling enterprises to achieve true access control convergence via the same smartcard or phone, it also makes it possible to use many applications such as secure print management, cashless vending, and biometric templates for additional factors of authentication.

Steps to prevent data theft

1. Move past simple passwords to strong authentication

When hackers steal an employee’s access credentials – like their username and password – they can then move through the network, often undetected, and upload malware programmes. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows, like memorised passwords. There should be at least one other authentication factor, such as something the user has (like a computer logon token) and/or is, like a biometric or behaviour-metric solution.

2. Take advantage of the improved convenience of a 'tap-in' strong authentication model

Users increasingly want a faster and more seamless and convenient identity authentication solution than possible with dedicated hardware, one-time passwords (OTPs), display cards and other physical devices. Now tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users can simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password.

3. Employ a layered IT security strategy that ensures appropriate risk mitigation levels

For optimum effectiveness, organisations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an antivirus solution provides the highest possible security against today’s threats.

Pros and cons

Strong authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity so they can gain risk-appropriate, secure access to corporate resources. However, not all authentication solutions are alike.

To be effective, the solution must be versatile enough to support a layered approach capable of optimally meeting an organisation’s unique needs. It should be able to support multi-factor authentication for all of an enterprise’s different users, and all of their different devices, such as personal phones, tablets, etc., so they can be granted permission to ensure secure access to an organisation’s resources (internal applications, VPNs, terminal services, as well as resources residing in public and private clouds). Enterprises need a solution that offers the flexibility to balance convenience with security and cost requirements – this is what strong authentication offers.

Furthermore, a strong authentication solution coupled with a single credential solution can streamline efficiencies and lower cost, while increasing security at the same time. Such a credential can take the form of single ID badge, smart card or even the user’s mobile phone, and can be used for both physical and logical access – with nothing extra to carry or remember.

For example, this credential can be used to gain remote access to secure networks, replacing the need for a one time password (OTP) token or key fob. As mentioned, strong authentication enables users to securely connect to applications via multi-factor authentication to protect against breaches. A single, converged credential eliminates investments in separate physical and online security infrastructures, simplifies processes, reduces paperwork, and streamlines the overall management of your access control solution.

It also can eliminate the need for passwords and all the processes associated with password resets, etc. Having a strong authentication combined with a converged access credential enables you to minimise the time and costs associated with deploying and maintaining multiple credentials on smart cards, smart USB tokens, mobile phones and other devices for various functions. In doing so, security spend can be focused on those users and applications that need it most.

For today’s dynamic environments, an easy to use, simple to manage, strong authentication solution can best deliver on both the requirements of your users and organisation. Choosing a strong authentication solution gives you the flexibility you need to support and secure the wide variety of users in your organisation, who are using a range of devices to access a number of resources and applications. Through its deployment, you can increase the trust you have in your user’s identity and effectively protect your organisation from the risks of today and tomorrow. As a result, you can securely connect users from any location through a variety of devices and authentication methods to help them conveniently get what they need, when they need it, to confidently drive your business forward.

For more information contact HID Global, +27 (0)82 449 9398,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Turnstar ramps up countermeasures
Turnstar Systems Editor's Choice Access Control & Identity Management News Products
Turnstar has developed and patented an early warning and deterrent system which will alert security, and anyone nearby, of any attempt to place ramps over the raised spikes.

Suprema integrates biometric access control with Genetec
Suprema News CCTV, Surveillance & Remote Monitoring Access Control & Identity Management
Suprema has announced the successful integration of its biometric access control products with Genetec Security Center, a unified security platform that connects security systems, sensors and data in a single intuitive interface.

IDEMIA South Africa achieves level 1 B-BBEE status
IDEMIA News Access Control & Identity Management
As part of the action plan to improve its status to Level 1, IDEMIA now works with over 40 black-owned local suppliers, representing over 30% of IDEMIA’s local suppliers.

Suprema no. 1 in the global biometric market excluding China
Suprema News Access Control & Identity Management
According to the latest report by Omdia, a global market research firm, Suprema ranks first in global market share, excluding China, in the field of biometric readers.

Dahua and Yeastar PBX-intercom integration
Dahua Technology South Africa News Access Control & Identity Management
Dahua Technology and Yeastar announced their new ECO partnership on PBX-intercom integration to provide a comprehensive and unified communication solution for small- and medium-sized enterprises.

Traka launches experience centres
News Access Control & Identity Management
Traka launches inaugural Experience Centres in Australia and South Africa; aims to drive continuous collaboration and innovation.

New platform for keyless access
Access Control & Identity Management
The new ABLOY CUMULUS platform for keyless access combines locking hardware with secure access and management applications in a single ecosystem with a risk-free, integrated cloud service.

The importance of staying up to date
Access Control & Identity Management Government and Parastatal (Industry)
Africa’s cyber threat landscape is constantly evolving, with government’s facing a range of digital threats from espionage, critical infrastructure sabotage, organised crime and combat innovation.

Dynamic Drop Arm Barrier
Turnstar Systems Access Control & Identity Management
Suited to medium-volume access and medium-level security applications such as office reception areas, health clubs, universities and libraries, the Dynamic Drop Arm Barrier also allows special needs access.

Automatic tyre spike industrial vehicle barrier
Turnstar Systems Access Control & Identity Management
The Turnstar Velocity Raptor automatic tyre spike industrial barrier, with SwiftDrive technology, is aimed at high-volume and high-security access applications such as parkades, shopping centres, residential estates and airports.