Feeds

Who are you? Can you prove it?

Findings from the Reg reader study

Security for virtualized datacentres

You've probably heard the stories of employees who are prepared to part with logon and password information for a free café latté, Easter egg or some other form of instant gratification.

It makes for some fun headlines, but highlights the serious point that security of information systems is not just about technology, the human factor is important too, and one of the obvious places in which security meets the user is authentication.

This is an area that has become a very hot topic. A recent Reg reader study sponsored by RSA Security looking at trends in access and authentication, for example, attracted nearly 1,500 respondents.

The study was designed by Freeform Dynamics and revealed that despite advances in authentication technologies, the majority of organisations still rely primarily on user names and passwords for application access. The study also confirms the proliferation of systems requiring secure access, typically tens in small and mid-size organisations and hundreds in larger enterprises.

Added to this, an increasingly mobile and gadget-equipped workforce is expecting unfettered access to key applications from any location, taking advantage of Wi-Fi hotpots, 3G, and the latest broadband HSDPA services recently launched by the likes of from T-Mobile, Orange and Vodafone. The study confirms that the era of the always-on roaming business user is now very much a reality.

Looking beyond the workforce, access to business applications is increasingly extending backwards to materials suppliers and onwards to downstream customers through web portals and VPNs. As a result of this, two thirds of large and mid-size organisations are already allowing some form of access to their systems by third parties. Evolution here will be further driven by the concept of Service Oriented Architecture (SOA), which allows separate systems to be linked together much more easily using standard service and data interfaces.

Put these trends together and you have more users from more organisations connecting to more applications that exchange data in more sophisticated ways.

The strains on the human side of the business are clear. Internal and external users are often left to cope with the proliferation of authentication methods themselves, while network managers have to struggle with new forms of vulnerability that arise with each new application and method of remote access introduced.

Clearly, the older practices of leaving users to remember all their credentials and their consequent use of yellow stickies doesn't scale to fit this model, and this, along with the multiple modes of access, has much broader security implications for the organisation, as well as ramifications within the new compliance culture sweeping through business.

In order to address these issues, organisations are increasingly looking to Single Sign On (SSO) as a way to manage the proliferation of passwords, with 55 per cent already adopting this approach to some extent, and the majority planning to increase its use. Additionally, companies are recognising the need to overcome the vulnerability of a simple user name/password logon and are planning to ramp up their use of multi-factor authentication using biometrics, smartcards, and traditional tokens in the future.

It is also interesting to note that nearly half of respondents plan to start using digital signatures on documents, which helps to explain the current lively discussion between Microsoft and Adobe about the former's inclusion (or not) of a "save as pdf" function in the upcoming Office Systems 2007 release. As the Redmond giant looks to integrate digital signatures and rights management into its new file formats, it is going to be seen increasingly toe to toe with the evolving capability of Adobe and other established players in this area.

All in all, it looks like corporate IT departments are becoming increasingly aware of the security implications of proliferating applications, workforce mobility and the growing need for integration of systems with suppliers and customers. This is not always reflected by the measures actually in place, but as organisations look for help in managing the trends we have been discussing, we can anticipate continued vendor competition and lively debate in areas such as network access control, SSO, authentication and document control.

In the meantime, results from the reader study mentioned above have been summarised in a report entitled Managing Access Securely, which is available from the Register research library here. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.