Making Authentication and Access Easier while Increasing the Protection of your Critical Assets

By Jordan Cullis, Head of Identity Assurance, Asia Pacific, HID Global

People authenticate themselves numerous times a day, whether you realize it or not. That’s especially true in the workplace. You probably use a badge or smartcard to get through the door. When you get to your desk, you log-in to or unlock your system – and probably need to do some sort of log-in several more times to access the applications you need to do your job.

These steps, while potentially cumbersome to your workforce, are necessary to secure your critical resources. This is the balancing act we all ask from our IT groups – protect what’s important while minimizing the burden on employees. As you can imagine, the more you try and lock something down, the bigger the productivity impact on the people that need that access.

These conflicting needs are continuing to drive convergence in the identity assurance space. When I say convergence in this context, I’m referring to the ability to leverage existing authenticators and channels to simplify access to more services. For instance, what if you could use the same badge or smartcard to unlock both the physical doors at the office, but also log-in to your computer and gain access to corporate applications? Or what if you could do all those things with something you already always have with you…like your smartphone?

Occasionally, I get a nervous reaction to this concept of convergence or seamless access, be it questions about changing organizational structures, integrating infrastructure and systems, and evaluating requirements to support the appropriate level of security. But in truth, consolidating authentication of many things into one solution can open up the opportunity for increased security.  There are several benefits that convergence could allow. One example is only allowing on-site corporate network access after the user has been authenticated at the door.Or comparing geo-location to travel plans when granting remote access to a corporate VPN.All of the sudden by incorporating additional contextual information, you have higher, assurance that the person requesting access is who you think it is.

These advances are important because cybercrime continues to rise. According to the Cost of a Data Breach Study India by IBM and the Ponemon Institute, India is now a hot target for cyber hackers. Though Indian firms are steadily moving towards having digitised records and being a fully online world, security concerns over data stored online is on the rise. It was also noted that malicious software attacks in India have had significant traction this year with more than 180 countries becoming a victim of online extortion schemes. So stronger authentication is a must- and strong authentication requires trust. Given the scale of credential theft, passwords alone are not enough to protect your employees, and the valuable information and assets tied to your business. This probably isn’t news to you, but maybe the various opportunities to increase security measures without making things harder for your employees is.

And this is only the beginning. Smartphones and chip-enhanced smart cards are introducing new means to deliver greater security with even more convenience. Technologies like mobile push authentication deliver additional channels to enable trust between your employees and the services they require. Other emerging technology advances in wearables and biometrics could potentially open the door or unlock your computer through a seamless authentication experience.