Feeds

Who are you? Can you prove it?

Findings from the Reg reader study

Securing Web Applications Made Simple and Scalable

You've probably heard the stories of employees who are prepared to part with logon and password information for a free café latté, Easter egg or some other form of instant gratification.

It makes for some fun headlines, but highlights the serious point that security of information systems is not just about technology, the human factor is important too, and one of the obvious places in which security meets the user is authentication.

This is an area that has become a very hot topic. A recent Reg reader study sponsored by RSA Security looking at trends in access and authentication, for example, attracted nearly 1,500 respondents.

The study was designed by Freeform Dynamics and revealed that despite advances in authentication technologies, the majority of organisations still rely primarily on user names and passwords for application access. The study also confirms the proliferation of systems requiring secure access, typically tens in small and mid-size organisations and hundreds in larger enterprises.

Added to this, an increasingly mobile and gadget-equipped workforce is expecting unfettered access to key applications from any location, taking advantage of Wi-Fi hotpots, 3G, and the latest broadband HSDPA services recently launched by the likes of from T-Mobile, Orange and Vodafone. The study confirms that the era of the always-on roaming business user is now very much a reality.

Looking beyond the workforce, access to business applications is increasingly extending backwards to materials suppliers and onwards to downstream customers through web portals and VPNs. As a result of this, two thirds of large and mid-size organisations are already allowing some form of access to their systems by third parties. Evolution here will be further driven by the concept of Service Oriented Architecture (SOA), which allows separate systems to be linked together much more easily using standard service and data interfaces.

Put these trends together and you have more users from more organisations connecting to more applications that exchange data in more sophisticated ways.

The strains on the human side of the business are clear. Internal and external users are often left to cope with the proliferation of authentication methods themselves, while network managers have to struggle with new forms of vulnerability that arise with each new application and method of remote access introduced.

Clearly, the older practices of leaving users to remember all their credentials and their consequent use of yellow stickies doesn't scale to fit this model, and this, along with the multiple modes of access, has much broader security implications for the organisation, as well as ramifications within the new compliance culture sweeping through business.

In order to address these issues, organisations are increasingly looking to Single Sign On (SSO) as a way to manage the proliferation of passwords, with 55 per cent already adopting this approach to some extent, and the majority planning to increase its use. Additionally, companies are recognising the need to overcome the vulnerability of a simple user name/password logon and are planning to ramp up their use of multi-factor authentication using biometrics, smartcards, and traditional tokens in the future.

It is also interesting to note that nearly half of respondents plan to start using digital signatures on documents, which helps to explain the current lively discussion between Microsoft and Adobe about the former's inclusion (or not) of a "save as pdf" function in the upcoming Office Systems 2007 release. As the Redmond giant looks to integrate digital signatures and rights management into its new file formats, it is going to be seen increasingly toe to toe with the evolving capability of Adobe and other established players in this area.

All in all, it looks like corporate IT departments are becoming increasingly aware of the security implications of proliferating applications, workforce mobility and the growing need for integration of systems with suppliers and customers. This is not always reflected by the measures actually in place, but as organisations look for help in managing the trends we have been discussing, we can anticipate continued vendor competition and lively debate in areas such as network access control, SSO, authentication and document control.

In the meantime, results from the reader study mentioned above have been summarised in a report entitled Managing Access Securely, which is available from the Register research library here. ®

The Essential Guide to IT Transformation

More from The Register

next story
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Intel teaches Oracle how to become the latest and greatest Xeon Whisperer
E7-8895 v2 chips are best of the bunch, and with firmware-unlocked speed control
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.