Page 7 - Publication6
P. 7
Adding some friction to the security process to apply exactly the right level of visible security as is
appropriate to the access being requested, serving to
Friction, in IT security terms, relates to the level of remind the user of the security risks associated with
difficulty which authentication adds to user access. whatever it is they are doing. Applying an appropriate level
Although obvious in its user appeal, �single sign-on� with of �friction� to the authentication process will ensure that a
its offering of convenient and almost-instant access to daily user is conscious that are moving into a secure
applications means that the user is no longer challenged to environment and must proceed in accordance with
confirm their identity, nor are they reminded, implicitly or whatever enterprise security policies have been defined for
otherwise, that the data they are handling online is sensitive that environment.
or restricted. The same goes when accessing this type of
data with the overly-familiar UNP system too. This is an Enterprises can deploy different authentication
important point to note. parameters for different users and services within the
same installation and under the same license, applying
As a sensible first step, those responsible for corporate
exactly the right level of authentication to any given
security must take a holistic view of their company data,
scenario. This is based on a series of pre-determined
assess what is �business-critical� and develop a strict policy
factors, such as who the user is, what service the user is
document that must be adhered to. Organizations can then
define the access control parameters that work best for their trying to access and what IP address they are using. This
business structure, keeping the gateways to certain capability can also be used to implement single-sign-on
information accessible only to those with the right across a range of VPN, cloud and on-premises services.
permissions. Laying down such a policy will, however, only
get you so far. As a next step, Swivel Secure Inc.�s advice to Those in charge of IT security must draw a hard line and
businesses is to deliver authentication through a standalone
employees themselves must accept that if they want the
platform which redirects users back to the corporate
freedoms and benefits of working from home, or accessing
domain so that their credentials can be validated using a
their emails remotely on their own device, their access will
corporate authentication solution before access is granted.
be predicated by some degree of secure authentication.
“There is no ‘one It�s beyond time that action is taken on password reliant
size fits all’ and convenience-led security protocols. Adaptive, flexible
and risk-based authentication will ensure that small
barriers can and should be put in place that are appropriate
solution to IT to the sensitivity of the data in question, without
compromising the overall user experience.
security”
Swivel Secure Inc will be at RSA USA 2015. Visit booth
There is no �one size fits all� solution to IT security and number 2719 to meet the team and discover more about the
there is certainly no �one password secures all� solution. But Swivel adaptive authentication solution.
neither is it the case that non-UNP based authentication
should be viewed as the enemy of user experience. On the
contrary, new adaptive authentication solutions can help
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
