Feeds

Who are you? Can you prove it?

Findings from the Reg reader study

High performance access to file storage

You've probably heard the stories of employees who are prepared to part with logon and password information for a free café latté, Easter egg or some other form of instant gratification.

It makes for some fun headlines, but highlights the serious point that security of information systems is not just about technology, the human factor is important too, and one of the obvious places in which security meets the user is authentication.

This is an area that has become a very hot topic. A recent Reg reader study sponsored by RSA Security looking at trends in access and authentication, for example, attracted nearly 1,500 respondents.

The study was designed by Freeform Dynamics and revealed that despite advances in authentication technologies, the majority of organisations still rely primarily on user names and passwords for application access. The study also confirms the proliferation of systems requiring secure access, typically tens in small and mid-size organisations and hundreds in larger enterprises.

Added to this, an increasingly mobile and gadget-equipped workforce is expecting unfettered access to key applications from any location, taking advantage of Wi-Fi hotpots, 3G, and the latest broadband HSDPA services recently launched by the likes of from T-Mobile, Orange and Vodafone. The study confirms that the era of the always-on roaming business user is now very much a reality.

Looking beyond the workforce, access to business applications is increasingly extending backwards to materials suppliers and onwards to downstream customers through web portals and VPNs. As a result of this, two thirds of large and mid-size organisations are already allowing some form of access to their systems by third parties. Evolution here will be further driven by the concept of Service Oriented Architecture (SOA), which allows separate systems to be linked together much more easily using standard service and data interfaces.

Put these trends together and you have more users from more organisations connecting to more applications that exchange data in more sophisticated ways.

The strains on the human side of the business are clear. Internal and external users are often left to cope with the proliferation of authentication methods themselves, while network managers have to struggle with new forms of vulnerability that arise with each new application and method of remote access introduced.

Clearly, the older practices of leaving users to remember all their credentials and their consequent use of yellow stickies doesn't scale to fit this model, and this, along with the multiple modes of access, has much broader security implications for the organisation, as well as ramifications within the new compliance culture sweeping through business.

In order to address these issues, organisations are increasingly looking to Single Sign On (SSO) as a way to manage the proliferation of passwords, with 55 per cent already adopting this approach to some extent, and the majority planning to increase its use. Additionally, companies are recognising the need to overcome the vulnerability of a simple user name/password logon and are planning to ramp up their use of multi-factor authentication using biometrics, smartcards, and traditional tokens in the future.

It is also interesting to note that nearly half of respondents plan to start using digital signatures on documents, which helps to explain the current lively discussion between Microsoft and Adobe about the former's inclusion (or not) of a "save as pdf" function in the upcoming Office Systems 2007 release. As the Redmond giant looks to integrate digital signatures and rights management into its new file formats, it is going to be seen increasingly toe to toe with the evolving capability of Adobe and other established players in this area.

All in all, it looks like corporate IT departments are becoming increasingly aware of the security implications of proliferating applications, workforce mobility and the growing need for integration of systems with suppliers and customers. This is not always reflected by the measures actually in place, but as organisations look for help in managing the trends we have been discussing, we can anticipate continued vendor competition and lively debate in areas such as network access control, SSO, authentication and document control.

In the meantime, results from the reader study mentioned above have been summarised in a report entitled Managing Access Securely, which is available from the Register research library here. ®

High performance access to file storage

More from The Register

next story
Seagate brings out 6TB HDD, did not need NO STEENKIN' SHINGLES
Or helium filling either, according to reports
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.