Today’s mobile workforce demands instant, ubiquitous access to information. Gone are the days when IT teams can restrict access to sensitive information based on physical presence in an office. The challenge today is enabling anytime, anywhere access to information without compromising on security considerations.
At the RSA Conference 2018 in San Francisco last month, mobile security was a major topic of conversation. Organizations are looking for ways to enable more effective authentication of users and secure BYOD devices. Fortunately, mobile authentication and security solutions provide the ability to actually strengthen security while enabling mobile access.
Authentication Beyond Passwords
The era of the password is drawing to an end. While we’ve relied on secret pieces of information to safeguard our access to information and systems for decades, it’s clear that password security is no longer adequate to protect against increasingly sophisticated attacks. We’ve witnessed a series of major security breaches that relied on a simple technique — using social engineering to steal a legitimate user’s password and then employing that password to compromise a network.
The threat of password theft is only growing. In 2017, security researchers discovered 1.4 billion stolen username and password combinations on the Dark Web. The 2018 Verizon Data Breach Investigations Report rated the use of stolen credentials as the number one cause of data breaches.
Fortunately, we already have a strong technical solution to this problem: multifactor authentication. Organizations can couple a knowledge-based authentication technique with either biometric or token-based approaches to provide a much higher degree of confidence in a user’s identity. Biometric approaches use facial recognition, fingerprints, voice analysis and other physical characteristics to verify a user’s identity. Token-based approaches use a physical object carried by the user to confirm identity. The most common token-based approach today is the use of smartphone apps that ask the user to confirm login requests. Some organizations now allow users to select the most appealing multifactor technique from a menu of available options, improving user satisfaction.
Securing Devices in a BYOD World
In addition to providing strong confirmation of user identity, IT teams should also carefully consider the devices used to store and process sensitive corporate information. In the era of BYOD policies, users want a single device for both business and personal use. Corporate IT teams find themselves charged with the task of ensuring that this access occurs in a secure manner.