By Doug Ramos, Security Practice Manager, Groupware Technology
Today user identity is the number one concern when securing a corporate network. With malware and hacks being focused on stealing identities, it is the most critical point of security to lockdown.
Companies are requiring stronger and more complex passwords but are that enough? Some companies are adding two-factor authentication with the use of one time passwords.
With the recent breach of a cloud-based identity management company, even that is not good enough.
The use of biometric authentication measures such as finger scans or iris/voice recognition may offer better security for access control in the workplace than passwords, swipe cards, door codes, PINs and other conventional workplace security implementations, since they can’t be stolen, forgotten, etc.
The cost of biometric technology has also dropped significantly to enable this category to become a very cost-effective solution.
And with advancements in accuracy, size, and form, biometrics are becoming a more common means of two-factor authentication, especially as the need for a more secure form of secondary authentication is on the rise.
Two-factor authentication is the use of something else besides just a username and password to identify yourself in the workplace.
Organizations are increasingly adopting secondary authentication as a means of providing an extra level of security that has become a necessity in workplaces now more vulnerable to sophisticated data breaches.
Breaches are no longer just a mere isolated technology concern. They have become a priority for all businesses to proactively prevent before they happen.
However, most business breaches do not happen not because of disingenuous cyberthieves cunningly coming with up with all manners of security terrorism and threats. Lost or stolen employee credentials are the most common causes of organizational data breaches.
Compromised employee credentials as a factor in breaches have indeed become a big caused of concern for organizations. Forty percent of companies in a 2015 survey say they expect a data breach resulting from employee behavior in the next 12 months
In December 2016, Gemalto, an international digital security company who is the world’s largest manufacturer of SIM cards, released an Authentication and Identity Management Index based on a survey of 1150 IT managers from 13 countries around the world, including the US, UK, France, Germany, Japan, and India.
Results of the survey showed that employee expectations around usability and mobility, are affecting how enterprise companies deploy authentication and access management.
Almost 50% of the IT managers surveyed noted that they are increasing resources and spending on access management. The time to implement has speeded up as well: 62% expect to implement strong authentication in two years’ time, an uptick from 51% of respondents who said the same thing in the previous year’s survey.
Of the survey respondents, 94% reported they are using two-factor authentication to protect at least one application and nearly all of the respondents (96%) expect to use it at some point in the future.
Biometrics is a great form of secondary authentication. The problem occurs when an employee leaves the company. For biometric or any authentication, there are different repositories that end-user credentials might be left active on.
The majority of companies still do not have any method of detecting, enforcing or canceling a user’s biometric authentication. Today most companies still manually disable accounts. This is not only an ineffective time waster but leaves a business vulnerable to major security risks.
It can take weeks for a user to be removed and during that time they can still access confidential information. To avoid errors that could result from the manual offboarding procedure, I suggest automating the process.
In my case when I left a big tech company, my email access and badge access stopped that same day but my VPN access to internal servers was still enabled. My user credential was still able to access internal resources.
It took the company two weeks to completely shut me out. Companies need to deploy a solution that automates the process of onboarding and offboarding users quickly and efficiently and that can integrate with all internal resources like AD, LDAP or other identity stores.
User accounts and credentials need to be disabled all at the same time. This will minimize security breaches from ex-employees and from lost or stolen credentials.
Value partners have a depth of experience and knowledge about secondary authentication security solutions such as biometrics and the best ways of access management in onboarding and offboarding scenarios.
Resellers listen to their customers so that they can quickly understand which solutions are the most appropriate for their unique needs. They are ideally positioned to support businesses and offer sound advice.
There is a plethora of solutions out there that alleviate the angst of manual onboarding and offboarding. These solutions all onboard devices and can disable accounts instantly when needed from all the different identity locations. Additionally, with the advent of compliance standards, it is necessary for businesses in many industries to audit and evaluate their user access processes regularly to meet regulations.
Companies don’t have the best interests of their own organization in mind is not doing away with manual procedures that are more open to error.
Automated processes that disable accounts instantly will not only alleviate the security risks of former employees still able to access company information, they also alleviate the possibility of organizations inadvertently falling short of compliance regulations.
Identity management is a rapidly growing field in the age of security and data breaches—with secondary authentication becoming a necessity and secondary technologies like biometrics becoming more cost feasible and common.
With the identity management category soaring in relevance, so too must the identity and access management market with organizations needing to adopt efficient automated processes to relieve the stress of slow, manual and complex access management that can still leave organizations with secondary authentication open to security risks when users are not offboarded instantly.
About the Author
Doug Ramos is Security Practice Manager at Groupware Technology, where he is growing and expanding the company’s security business by evaluating and adding the latest security solutions that will offer the best protection for Groupware Technology customers. He has over 20 years of experience in the technology industry in security and networks.
Doug started his career at Lucent and became one of its first VoIP specialists, building out voice networks in eight different countries. He has also worked at Cisco in its wireless and security divisions and as Manager of Cisco Enterprise Networking for CANCOM-HPM Networks. Prior to joining Groupware Technology, he was Director of Wireless Product Marketing at Fortinet.