Multi-factor improves security and convenience

Access & Identity Management Handbook 2015 Access Control & Identity Management

An effective strong authentication solution must be able to add security without adding significant costs or complexity. For today’s enterprise environments, an easy to use, simple to manage, strong authentication solution is ideal when working with the wide variety of users your organisation must support to protect you against the many known and yet to be discovered attacks out there. Here is a list of what a strong authentication solution provides:

• Two-factor or multi-factor authentication (MFA) to increase the confidence you have in your user’s identities, so you can grant them appropriate access.

• Differing levels of access based on the risks associated with different types of users and transactions. You should be able to deliver transparent, layered security capabilities to significantly increase your security, without impacting the user experience (at least not for users connecting from their trusted devices and locations). It can be achieved by solutions capable of doing:

o Advanced fraud detection capabilities that consider factors such as geographic location and device information when authenticating users, so you can limit access to trusted devices in trusted countries. Alternatively, users can be asked to use a supplementary, or more secure, method of authentication, such as a One Time Password sent over SMS, when connecting from devices or locations that are not on the trusted list.

o On-going behavioural analysis: For on-going authentication and improved forensics capabilities, the user activity is constantly monitored and analysed, to learn how a specific user behaves, so that deviations from that behaviour can be detected and alerted without impacting user experience or compromising privacy.

If a deviation occurs (e.g. someone else took over the computer), the application can choose to re-authenticate the user and/or add the event to an audit database for later forensic study. This method can actually be used to reduce the number of times a user actively needs to authenticate to a system for increased user convenience.

Accommodating the different access needs of your users while simultaneously protecting your resources from threats may seem like a constant challenge. However, as detailed above, strong authentication can deliver on both fronts.

Furthermore, today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and secure access to buildings. Alongside this, it supports mobile security tokens that give users a convenient and secure access solution for smartphones or tablet use, enables the integration of intelligence for enhanced security, including device identification, and it also enables effective threat protection using multi-factor authentication as part of a multi-layered security strategy.

Strong authentication is gaining traction as an alternative, since it takes advantage of short-range connectivity technology such as Near Field Communications (NFC), popular in smart cards and a standard feature in smartphones and laptops. These devices can be used to gain access to resources by simply 'tapping in' to facilities, virtual private networks (VPNs), wireless networks, corporate intranets, cloud and web-based applications, and single sign-on (SSO) clients.

A data breach can be one of the top events most harmful to a corporation’s reputation and its customers’ privacy. It is highly recommended that organisations should take necessary steps to combat the threat environment in order to protect their assets and customers. In order to combat the plethora of cyber threats that are able to gain unauthorised access to sensitive customer data, it is critical to adopt flexible, intelligent authentication and credentialing solutions that protect access to everything from the cloud, to data, to the door.

Why is MFA necessary?

Concentrating on securing the network perimeter and relying on static passwords is no longer an adequate option for enterprises as IT administrators grapple with challenges including Advanced Persistent Threats (APTs) and the vulnerabilities created by the Bring Your Own Device (BYOD) mobility model. Increasingly, the only reliable way to combat these escalating threats is to employ strong authentication and a multi-layered security strategy that spans remote access, key applications and servers, and cloud-based systems.

Past solutions did not provide sufficient security, were difficult to use, and their implementation was costly and complex. This has changed with the adoption of smartphones, smartcards and other smart devices that can carry secure credentials. Today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and control physical access to buildings.

Besides improving cost, security and convenience with the tap-in strong authentication model enabling enterprises to achieve true access control convergence via the same smartcard or phone, it also makes it possible to use many applications such as secure print management, cashless vending, and biometric templates for additional factors of authentication.

Steps to prevent data theft

1. Move past simple passwords to strong authentication

When hackers steal an employee’s access credentials – like their username and password – they can then move through the network, often undetected, and upload malware programmes. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows, like memorised passwords. There should be at least one other authentication factor, such as something the user has (like a computer logon token) and/or is, like a biometric or behaviour-metric solution.

2. Take advantage of the improved convenience of a 'tap-in' strong authentication model

Users increasingly want a faster and more seamless and convenient identity authentication solution than possible with dedicated hardware, one-time passwords (OTPs), display cards and other physical devices. Now tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users can simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password.

3. Employ a layered IT security strategy that ensures appropriate risk mitigation levels

For optimum effectiveness, organisations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an antivirus solution provides the highest possible security against today’s threats.

Pros and cons

Strong authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity so they can gain risk-appropriate, secure access to corporate resources. However, not all authentication solutions are alike.

To be effective, the solution must be versatile enough to support a layered approach capable of optimally meeting an organisation’s unique needs. It should be able to support multi-factor authentication for all of an enterprise’s different users, and all of their different devices, such as personal phones, tablets, etc., so they can be granted permission to ensure secure access to an organisation’s resources (internal applications, VPNs, terminal services, as well as resources residing in public and private clouds). Enterprises need a solution that offers the flexibility to balance convenience with security and cost requirements – this is what strong authentication offers.

Furthermore, a strong authentication solution coupled with a single credential solution can streamline efficiencies and lower cost, while increasing security at the same time. Such a credential can take the form of single ID badge, smart card or even the user’s mobile phone, and can be used for both physical and logical access – with nothing extra to carry or remember.

For example, this credential can be used to gain remote access to secure networks, replacing the need for a one time password (OTP) token or key fob. As mentioned, strong authentication enables users to securely connect to applications via multi-factor authentication to protect against breaches. A single, converged credential eliminates investments in separate physical and online security infrastructures, simplifies processes, reduces paperwork, and streamlines the overall management of your access control solution.

It also can eliminate the need for passwords and all the processes associated with password resets, etc. Having a strong authentication combined with a converged access credential enables you to minimise the time and costs associated with deploying and maintaining multiple credentials on smart cards, smart USB tokens, mobile phones and other devices for various functions. In doing so, security spend can be focused on those users and applications that need it most.

For today’s dynamic environments, an easy to use, simple to manage, strong authentication solution can best deliver on both the requirements of your users and organisation. Choosing a strong authentication solution gives you the flexibility you need to support and secure the wide variety of users in your organisation, who are using a range of devices to access a number of resources and applications. Through its deployment, you can increase the trust you have in your user’s identity and effectively protect your organisation from the risks of today and tomorrow. As a result, you can securely connect users from any location through a variety of devices and authentication methods to help them conveniently get what they need, when they need it, to confidently drive your business forward.

For more information contact HID Global, +27 (0)82 449 9398, [email protected], www.hidglobal.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Who has access to your face?
Access Control & Identity Management Residential Estate (Industry) AI & Data Analytics
While you may be adjusting your privacy settings on social media or thinking twice about who is recording you at public events, the reality is that your facial features may be used in other contexts,

Read more...
Advanced time & attendance solutions
Technews Publishing Access Control & Identity Management Products & Solutions
From biometric devices to a powerful mobile app, you will see how businesses of all sizes save time, cut costs, and improve productivity with BioSyn.

Read more...
Smarter security for safer estate living
neaMetrics Suprema Integrated Solutions Surveillance Access Control & Identity Management Residential Estate (Industry)
The expansion of residential estates has led to many communities being constructed with security as an afterthought. Unfortunately, fencing, cameras, and a guard at the gate only create a false sense of safety, which vanishes after the first incident.

Read more...
Visitor management views
Entry Pro ATG Digital Technews Publishing SMART Security Solutions Access Control & Identity Management Residential Estate (Industry)
Visitor management is always changing, taking technology and legislation into account. SMART Security Solutions examines the latest trends with input from ATG Digital and Entry Pro.

Read more...
Securing your estate beyond the gate
ATG Digital Access Control & Identity Management Residential Estate (Industry) AI & Data Analytics
Protecting gated communities and lifestyle estates requires a modern, intelligent approach. A truly intelligent system protects both physical and digital perimeters, it must be a fully integrated ecosystem.

Read more...
Reliability, innovation and flexibility
Entry Pro Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Through constant innovation and advancement in technology and systems, Entry Pro strives to provide its clients with not only the most suitable, but also the most advanced solution.

Read more...
Smarter security with automated visitor management
LD Africa Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Automated visitor management solutions, like LD Access, are transforming this process by reducing human workload, while enhancing security and efficiency.

Read more...
Paxton enhances installer loyalty programme
Paxton Access Control & Identity Management News & Events
Paxton has made it easier for security installers to benefit from its popular loyalty programme, Paxton Rewards, with points now added automatically when purchasing through approved distribution partners.

Read more...
Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
Rethinking access control in high-risk logistics environments
ATG Digital Access Control & Identity Management Transport (Industry) Logistics (Industry) Facilities & Building Management
South Africa’s logistics sector is under constant pressure, not only from external threats like hijackings and cargo theft, but also from internal vulnerabilities, operational blind spots, and limited support.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.