Remote use: Authentication important
Smartphones, tablets and cloud computing have become an integral part of everyday working life. This has also led to employees having an increasingly large number of applications available for remote use. For companies, however, this results in the need to take measures to protect all critical data.
Today's employees want unrestricted access to corporate applications and data - from any location and any device, i.e. from home with a desktop PC and on the road with a smartphone, tablet or notebook. For companies, this means that they must develop and implement strategies to reliably rule out data theft or misuse without restricting employees' access to data they need for their work.
Traditional authentication methods such as the use of static passwords cannot eliminate the risk to the security of mission-critical systems and data, because they do not adequately protect against keyloggers or phishing attacks. IT managers looking for a reliable solution to eliminate security risks must therefore look at implementing a strong two- or multi-factor authentication solution that also supports mobile access to networks and data.
It should also not be ignored that such authentication methods may soon become mandatory requirements for companies in Europe. In light of increasing cybercrime, the European Union is planning to adopt the NIS (Network and Information Security) Directive. It will result in many companies having to implement procedures to ensure and demonstrate effective implementation of security policies. Failure to do so may result in a breach of European data protection and information security requirements and may also result in sanctions for the companies concerned.
However, many companies often face a dilemma when introducing a new security solution. The reason: the application for mobile authentication must not lead to a reduction in user comfort. If security is the primary concern and measures such as the mandatory use of multiple passwords or additional authentication devices are therefore taken, this can result in time-consuming processes for employees before they are even granted access to company data. As a consequence, they may also use alternative channels beyond the official authentication path. In other words, companies expose themselves to dangers if they do not consider the process-relevant issue of user-friendliness when implementing an authentication solution.
Solution combination of security token and NFC-enabled mobile devices
However, new strong authentication techniques and the capabilities of current mobile devices can circumvent this problem. Tap authentication, for example, a combination of strong authentication security tokens and NFC-enabled mobile devices, offers a high level of user convenience. With such a solution, users only need to hold their smartcard - the same card they use to open doors - to their smartphone or tablet to gain direct, secure access to corporate data or even cloud applications.
Such authentication models offer the following advantages, among others:
- Ability to implement converged solutions that provide not only secure logical access to the network and cloud-based services, but also controlled physical access to buildings
- Support for mobile security tokens that users can use for convenient and secure data access on smartphones or tablets
- Possibility to use additional security features including device identification or geolocation
- Efficient protection against security threats using multifactor authentication as part of a layered security strategy
Strong authentication must be a central component of any security strategy today in light of an increasingly mobile working world.
Author: Dirk Losse is Pre-Sales Manager Central Europe and Turkey Identity Assurance at HID Global in Walluf, Germany.