Combining SSO with strong authentication devices provides two-factor authentication for improved security

Technology has evolved to address the challenges of the modern business market. Mobile working and round-the-clock communication have tested information security, as has the need to lock down data from the inside-out. Securing the firewall was previously top of the CISO agenda, but today, securing internal access to applications by employees is equally important.

Internal and external regulations exist to protect personal data and restrict employee access to information. As a result, staff are often required to input multiple passwords a number of times each day. To avoid locking themselves out of critical applications by forgetting complex passwords, employees resort to jotting down information which has an adverse effect on security. Users that attempt to fully comply with password policies often find themselves locked out of applications after forgetting credentials. This leads to disrupted workflow and pressure on the IT helpdesk.

To avoid security challenges caused by multiple passwords, technologies such as single sign-on (SSO) have emerged to allow users to log-on with one set of details. The single point through which users can authenticate alleviates the problem of disparate passwords/forgetful users. Combining SSO with strong authentication devices including fingerprint biometrics, smart cards and password tokens, results in two-factor authentication and improved security. By opting for SA that compliments the working practices of the staff, business can take advantage of the extra benefit of improved productivity. So what are the various methods on offer?

ID tokens

One-time-password tokens are often used for online banking facilities. The customer/employee enters a string of numbers uniquely generated by the token, which is valid for a short period of time. Password tokens are particularly useful where employees work remotely and can authenticate users while preventing any shoulder surfing that is more likely to occur outside the office environment. Password tokens improve security employee workflow by safely avoiding multiple passwords.

Biometrics

Biometric devices provide hardened security for compliance, and streamlined end-user access. As security threats and regulations become more rigid, organisations choose biometrics to comply with regulatory demands. Biometric authentication has become increasingly affordable and effective, particularly as many modern laptops are equipped with biometric readers as standard. Biometrics are steadfast and non re-creatable, proving popular environments like healthcare where speed and ease are essential.

Smart Card Technology

Facility access badges or smart cards from simple swipe cards to passive proximity and chip cards have traditionally been used to enter the office building. The card grants access by communicating with the PC to authenticate the user to the IT network, used alongside a PIN. Smart cards can be linked into other projects meaning extra information is hosted on the card. This saves hardware costs and further eases the working life of staff. Additionally, the physical access system can be programmed to grant access to a PC only if the user has physically entered a specific room or operation work area.

Technology is available to help organisations face IT access management challenges head on. Providing a centralised tool for security staff to manage and provision IT access, integrated with better levels of authentication and user tracking, go a long way to improving access management.

Imprivata, Inc is exhibiting at Infosecurity Europe 2010, on 27th – 29th April, Earl’s Court, London - www.infosec.co.uk.

Print version | Email to a friend | View other articles

Latest Access Control articles

 Payne Security to supply Smart Cards to West Yorkshire Passenger Transport Executive

 Multi-biometric electronic security kiosks used for passport control at Madrid and Barcelona airports

 Synectics-based camera system reduces security incidents in the West Midlands

 5 year hardware warranty for the TRU650 Biometric Access Control System

 4iSecurity's software protects Sleepmasters' headquarters

 CEM Systems secure access to the new Midlothian Community Hospital

 Atos Origin secures and manages the IT systems for Singapore 2010 Youth Olympic Games

 OmniPerception facial biometric technology can accurately identify a face without the person having to look directly into the camera

 Northshore Utility District deploys IndigoVision's IP Video surveillance system to prevent terrorism and improve public and staff safety

 ISS' acquisition of CitySync will give them critical mass in the ANPR's EMEA marketplace

...[view more Access Control articles]...

Other Access Control Resources

Security websites for specific products:

Access control and RFID systems - Burglar alarm, intruder alarm and fire alarm systems - Biometric recognition and identification systems - CCTV cameras and systems - IT, computer and network security systems - Health and safety - Security guard services - Surveillance and remote monitoring systems

Security websites for specific markets:

Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security