Feeds

Who are you? Can you prove it?

Findings from the Reg reader study

Boost IT visibility and business value

You've probably heard the stories of employees who are prepared to part with logon and password information for a free café latté, Easter egg or some other form of instant gratification.

It makes for some fun headlines, but highlights the serious point that security of information systems is not just about technology, the human factor is important too, and one of the obvious places in which security meets the user is authentication.

This is an area that has become a very hot topic. A recent Reg reader study sponsored by RSA Security looking at trends in access and authentication, for example, attracted nearly 1,500 respondents.

The study was designed by Freeform Dynamics and revealed that despite advances in authentication technologies, the majority of organisations still rely primarily on user names and passwords for application access. The study also confirms the proliferation of systems requiring secure access, typically tens in small and mid-size organisations and hundreds in larger enterprises.

Added to this, an increasingly mobile and gadget-equipped workforce is expecting unfettered access to key applications from any location, taking advantage of Wi-Fi hotpots, 3G, and the latest broadband HSDPA services recently launched by the likes of from T-Mobile, Orange and Vodafone. The study confirms that the era of the always-on roaming business user is now very much a reality.

Looking beyond the workforce, access to business applications is increasingly extending backwards to materials suppliers and onwards to downstream customers through web portals and VPNs. As a result of this, two thirds of large and mid-size organisations are already allowing some form of access to their systems by third parties. Evolution here will be further driven by the concept of Service Oriented Architecture (SOA), which allows separate systems to be linked together much more easily using standard service and data interfaces.

Put these trends together and you have more users from more organisations connecting to more applications that exchange data in more sophisticated ways.

The strains on the human side of the business are clear. Internal and external users are often left to cope with the proliferation of authentication methods themselves, while network managers have to struggle with new forms of vulnerability that arise with each new application and method of remote access introduced.

Clearly, the older practices of leaving users to remember all their credentials and their consequent use of yellow stickies doesn't scale to fit this model, and this, along with the multiple modes of access, has much broader security implications for the organisation, as well as ramifications within the new compliance culture sweeping through business.

In order to address these issues, organisations are increasingly looking to Single Sign On (SSO) as a way to manage the proliferation of passwords, with 55 per cent already adopting this approach to some extent, and the majority planning to increase its use. Additionally, companies are recognising the need to overcome the vulnerability of a simple user name/password logon and are planning to ramp up their use of multi-factor authentication using biometrics, smartcards, and traditional tokens in the future.

It is also interesting to note that nearly half of respondents plan to start using digital signatures on documents, which helps to explain the current lively discussion between Microsoft and Adobe about the former's inclusion (or not) of a "save as pdf" function in the upcoming Office Systems 2007 release. As the Redmond giant looks to integrate digital signatures and rights management into its new file formats, it is going to be seen increasingly toe to toe with the evolving capability of Adobe and other established players in this area.

All in all, it looks like corporate IT departments are becoming increasingly aware of the security implications of proliferating applications, workforce mobility and the growing need for integration of systems with suppliers and customers. This is not always reflected by the measures actually in place, but as organisations look for help in managing the trends we have been discussing, we can anticipate continued vendor competition and lively debate in areas such as network access control, SSO, authentication and document control.

In the meantime, results from the reader study mentioned above have been summarised in a report entitled Managing Access Securely, which is available from the Register research library here. ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
Docker kicks KVM's butt in IBM tests
Big Blue finds containers are speedy, but may not have much room to improve
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Gartner's Special Report: Should you believe the hype?
Enough hot air to carry a balloon to the Moon
Flash could be CHEAPER than SAS DISK? Come off it, NetApp
Stats analysis reckons we'll hit that point in just three years
Dell The Man shrieks: 'We've got a Bitcoin order, we've got a Bitcoin order'
$50k of PowerEdge servers? That'll be 85 coins in digi-dosh
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.