Strong Authentication: Today's Challenge
One critical pillar in any security system is authentication—the process of verifying the identity of users, applications, or devices before giving them access to sensitive data or systems. Today’s authentication schemes range from a simple user ID and password to multi-factor approaches that include smart cards, PINs, mobile devices, and biometrics. The reason for this variety in authentication approaches is simple—firstly, applications require different degrees of assurance that users are who they claim to be and secondly, the costs associated with different forms of authentication can vary significantly. As a result, organizations are forced to make a choice between a single universal approach and a fragmented set of authentication silos designed to suit individual needs.
Although simple passwords are still used for many applications, the expanding use of web-based technology has driven the stakes higher, spawned more sophisticated and complex threats, and led to stricter regulation. New products and services must be delivered with suitable and appropriate security from the outset and legacy systems must be reappraised. For these reasons and others, more organizations are implementing strong authentication solutions that go beyond passwords.
To find an approach that aligns with the specific requirements of their applications, organizations can choose from a broad range of vendor products or assemble their own solutions. But whether they are authenticating employees or mobile customers on a busy web site, organizations are challenged to:
- Support industry specific mandates and authentication schemes. In the payment industry, for example, organizations must roll out support for EMV cards and support for online authentication schemes such as the 3D Secure protocol, better known by its widespread implementations Verified by Visa and MasterCard SecureCode.
- Provide support for emerging multi-factor authentication technologies. No authentication technology represents a silver bullet and most organizations are forced to support a range of mechanisms that evolve over time as new technologies hit the market.
- Maintain a consistent security posture across the authentication infrastructure. As stronger authentication technologies in the form of user tokens and biometrics are introduced, the organization needs to increase the level of security of back-end systems in order to avoid exposing inconsistencies that might represent new points of attack.
- Keep authentication manageable. Given that many different authentication technologies can be used within a single organization, some organizations are improving efficiency by consolidating authentication systems with centralized, multi-protocol authentication systems.
Risks Associated with Strong Authentication
- As strong authentication tokens and biometrics proliferate, the attention of attackers and malicious insiders will shift from the theft of credentials to the subversion of the back-end authentication systems. Purely software-based authentication systems may require hardening to bolster security and satisfy compliance obligations.
- The use of multiple different authentication schemes in one organization, while often necessary, can be costly if not efficiently administered.
Strong Authentication: Thales e-Security Solutions
Products and services from Thales e-Security can help you reduce risk by strengthening authentication security and efficiency. By adding nShield Hardware Security Modules (HSMs) to your current authentication processes, you can create high-assurance systems to authenticate users paying for products and services through web sites and mobile devices, employees using internal systems, and a variety of connected devices accessing the network. Expertise in a wide range of authentication schemes and partnerships with major vendors ensure you that your chosen systems will integrate easily with nShield HSMs.
In addition, for organizations that employ a wide range of authentication mechanisms, SafeSign Authentication Server from Thales enables the organization to centralize authentication services on a common security platform, minimizing administration and operating costs. Designed to handle a wide range of authentication systems and approaches, SafeSign Authentication Server supports encrypted passwords, EMV authentication, smart cards, PKI based digital certificates, a wide range of one-time password (OTP) tokens, and SMS or mobile text based authentication.
- Easily strengthen many different types of commercial authentication solutions with pre-tested integration with nShield HSMs.
- Harden proprietary authentication processes to protect intellectual property and guard against malicious attack.
- Consolidate and centralize many different types of authentication into a single, flexible platform.
- Adopt a cross-token or multi-vendor approach to authentication, avoiding vendor lock-in and enabling technology migration without requiring the churn of back-end authentication systems.
- Select the most appropriate authentication scheme from a range of choices based on business requirements—while ensuring consistency in the areas of application integration, system protection and policy enforcement.