- Security TWENTY
- Women in Security Awards
With major breaches making headlines on a weekly basis, enterprises are more focused than ever on securing corporate data. And with reports showing that more than half of senior IT decision-makers see security as a challenge for adopting digital technologies, it’s no wonder that investments in information security have increased year-on-year, and will continue to do so through 2019, writes Phil Turner, pictured, VP EMEA, Okta, an IT access product company.
Businesses increasingly understand that, in a time when employees use phones and tablets to access both personal and work related information, it is more important than ever that they protect cloud applications and the sensitive data in those applications. Ultimately leakage of any sensitive information can affect their bottom line. While businesses are choosing a variety of ways to secure their environments, data from Okta’s new Businesses @ Work Report reveals that nearly one-third (30%) are turning towards the use of multi factor authentication (MFA) in order to address these security challenges. Let’s discuss why.
The rapid adoption of cloud and mobile technology is changing the idea of the enterprise network boundary. While traditional security approaches have focused on establishing network perimeters and then putting measures in place to protect them –firewalls, virtual private networks, intrusion detection and data loss prevention systems – the new reality is that applications exist outside of the firewall, passwords have become a liability, and IT no longer controls every device that accesses corporate data. The network perimeter is now defined by the user, and more specifically, by their identity.
Securing this “Identity Perimeter” and managing identities’ access to applications has become a complicated calculus, which is why many companies are focusing on maximising the security of user identities, whether internal or external, and data rather than just devices and infrastructure. For many organisations, this translates into using contextual data about users, devices, and patterns of behaviour in order to accurately detect unauthorised attempts to access corporate information.
Leaving Passwords Behind
With the changing environment, the likes of Snapchat, Ofcom and even Mossack Fonseca have seen how users themselves have become a potential threat to companies’ data security.
Web applications have traditionally been protected by a username and password, but these can be difficult to remember, so users often utilise the same insecure password across all personal and professional channels, or leave passwords written on pieces of paper for all to see. Consequently, both individuals and large groups of users are vulnerable to password theft, the effect of which is magnified by the fact that users frequently reuse passwords across multiple applications. This means that a stolen Facebook or Financial Times password may compromise a user’s Salesforce.com or Active Directory account. That’s why more and more businesses are moving away from the traditional security questions — such as “What’s your mother’s maiden name?” or “What was the name of your first pet?”—as a second form of verification. A growing number of businesses are implementing MFA to protect against the range of attacks that rely on stealing user credentials. This highly secure mechanism involves the use of two or more different types of authentication — such as a password plus a temporary key which is sent to a user’s phone, dongle, email address, or app to ensure users are who they say they are.
This is particularly useful when trying to avoid highly targeted social engineering attacks, such as phishing or pretexting. Using single-use, expiring tokens to exchange authentication and authorisation data between a trusted identity provider and an application, MFA eliminates the need for people using the service to remember their usernames and passwords. That way, businesses can ensure the right people have the right access to sensitive information, and reduce the risk of unauthorised access.
Like Tata Consultancy services, organisations around the world have suffered consequences when they don’t properly manage access to sensitive information. In addition to MFA, managing identity with single sign-on (SSO) and provisioning provides businesses with a better way to secure and control access for a magnitude of more users, and to devices and applications that span traditional company and network boundaries.
Bringing on an identity solution enables IT to make real-time updates as employees and contractors come and go. With automated deprovisioning tools, the IT team can deactivate a corporate identity across all enterprise resources within seconds, with the peace of mind that once an employee or contractor has left the company, crucial data won’t leave with them. In addition, IT can also use these tools to easily manage intermittent access to critical business systems, as needed for partners and contractors. Ultimately, these solutions provide a simple way for businesses to protect sensitive information, by giving IT more control over the different applications, access points and user types that will be connected to its cloud systems.
With companies of all sizes going digital, the number of applications, access points and user types within organisations will continue to grow and diversify, creating an increasingly urgent need to gain visibility and control whilst also simplifying user access to cloud systems. For businesses to keep their environment secure while giving people access to the best tools, organisations need to know who has access to what applications and where they are accessing them from. Organisations looking to maintain control of their applications and data, are realising that understanding of the network and its surroundings is imperative. By adopting services such as MFA, they can reduce concerns over visibility of users, devices and applications, giving employees secure access to the apps they need, when and where they want them.