User authentication and identity management step up to counter risk in a world of proliferating devices and systems
Until fairly recently, information security was built on firewalls, passwords and locking down systems. But times have changed. Organisations today have to secure a plethora of different devices, applications and systems, and this challenge is set to grow as enterprise mobility and Internet of Things adoption increases.
The traditional approach to security – to deploy AV software and firewalls – must now evolve to accommodate multiple networks and systems, including mobile device management and mobile application management systems. Although firewalls are still important and necessary, point solitions will not protect consumers, brands and their data. This complex and disparate environment is challenging to manage; and adding to the complexity is the fact that cyber criminals are increasingly targeting user login details. The digital identity stakes are rising. In an environment where users tend to use the same login details for multiple applications and devices, and where employees are eternally vulnerable to phishing attacks, this poses a serious risk. Identity is the real chink in the security armour today, and when it is compromised, there is a lot more at stake than just personal email. Every employer, healthcare provider, bank and retailer with sensitive information or backend systems accessed by users must take steps to address this chink in the armour.
The time has come to focus less on multiple firewalls and move security closer to the user. By prioritising multi-factor user authentication and identity management, organisations mitigate the risks of identity theft and the theft and loss of devices used to access enterprise applications. As a now-critical component of overall risk management and cyber security, the identity and access management market alone will be worth $14.82 billion by 2021 as enterprises pay renewed attention to this area, says a recent Markets & Markets report. Not only is identity key to locking down existing systems; it is also crucial for harnessing new networking trends such as micro-segmentation and software-defined perimeters.
Access to sensitive IT systems and digital transactions can be more effectively secured using second channel (out of band) authentication, one time passwords, unique global tokens and even SIM swap detection technologies. Adding to this arsenal of authentication technologies are biometrics, voice biometrics and in future, also location-based technologies and behaviour analytics.
CISOs have to take action now to secure their systems across all endpoints and access points. They need to implement multi-factor authentication now, to ensure that the user logging on to the mission critical systems, is in fact the user authorised to do so.