Last updated: 16 May 2016
This post originally appeared on SafeNet’s The Art of Data Protection blog prior to Gemalto’s acquisition of SafeNet.
This is Not your Father’s Authentication
On this blog, we often discuss the limitations of password-based authentication and the need for strong authentication. For most people, this conjures images of a one-time-password (OTP) hardware device.
Security professionals of course understand the value of hardening their authentication process , but nevertheless, many still have this love/hate relationship (well, mostly hate) associated with keeping a token on a key chain and typing in a password every time I need to get something done.
The good news is that how we authenticate securely continues to evolve rapidly, transforming far beyond the hassle of hardware gizmos to the next generation of strong authentication – which is surprisingly user friendly.
The 2013 Gartner Magic Quadrant for User Authentication report does a great job in explaining the new strong authentication landscape, the forces that are driving this change, and predicting its impact in coming years. I’m proud that SafeNet has been positioned in the Leaders Quadrant two years in a row, but I won’t focus on individual solutions here. What interested me most is Gartner’s analysis and how it is affecting organizations. Here are some things that stood out to me.
First and foremost: cloud. In the cloud, your credentials are effectively the only barrier between an attacker and your information. Therefore, cloud-based applications and SaaS solutions require better authentication to cloud resources, and are increasing the need for identify federation technology such as SAML , OAUTH and API-based authentication.
Even more importantly, cloud technologies now enable the delivery authentication from the cloud. authentication-as-a-service now brings in strong authentication technologies with the appealing flexibility of subscription and pay-as-you-go models. Indeed, Gartner predicts that, by 2017, more than 50% of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations — up from less than 10% today.*
Secondly, the wide spread use mobile devices – smartphones and tablets in particular, are fueling the move to new authentication methods and form factors. Hardware form factor are no longer the only option – phone, Out-of-Band (OOB) authentication, and software OTP implementation are taking the role of what traditionally used to be a hardware device. Using the mobile phone as the token is creating happier users and reducing costs associated with purchasing, delivery and maintaining hardware devices.
Mobile devices, of course, are not just a means to authentication, but are also the new endpoint. Enabling user-friendly and highly secure authentication for a broad range of use cases, within a diverse community of users, across a wide variety of devices and platforms, requires solutions with wide focus and agility.
Forward looking solutions call for 1) the use of contextual authentication methods that involve transparent recognition and behavioral approaches, and 2) the ability to combine diverse authentication methods to enforce step-up authentication with the risk-based approaches that contextual authentication facilitates.
This means leveraging the traditional one-time-passwords schemes, x5.09 certificates to phone based authentication and knowledge based authentication methods to complement the transparent contextual authentication factors. Once again, Gartner predicts that, by year-end 2016, more than 30% of enterprises will use contextual authentication for workforce remote access — up from less than 2% today.*
So from now on, we really need to move the conversation past old school authentication methods. Going forward, our conversations need to focus on agility and delivery of user authentication at cloud speed. Today’s IT landscape, business environment and personal lifestyles demand it.
Ready to update your approach to strong authentication? Visit the SafeNet Authentication Service site to learn how this solution can help.
*Gartner “Magic Quadrant for User Authentication” by Ant Allan, Ph.D, Vice President, Gartner Inc., March 2013.