Mobile and cloud computing will continue to increase the importance of a secure access management system. This means access control will have to become an even larger part of any organization’s data security strategy. Companies with deep technical talent may be tempted to develop and implement their own integrated access management system, but a comprehensive password management system will be more secure than one cobbled together in-house. Here’s a look at what will matter most in access management in 2014.
Software over hardware
While hardware security is still an important part of the data security strategy for organizations, software has to be the real protector of the data. The CIO shouldn’t have any reason to panic if a server goes missing. He shouldn’t even worry if he gets a late night phone call from the CEO saying his laptop was stolen. Sensitive data should be encrypted with strong enough protection that it is unreadable and useless without the corresponding encryption keys (which should not be stored with the data they decrypt).
Learning to live with BYOD
BYOD (Bring Your Own Device) is not going away, and IT security departments are learning to live with it. They have discovered that the security of the system will rest more on the implementation of the security software, since it is becoming impossible to control and enforce hardware security requirements on employees’ personal devices, especially on mobile devices, which are often upgraded every 12 to 24 months. IT security departments will need to keep evolving to keep the data on the “uncontrolled” devices as secure as the data locked up in server rooms in the data center though better authentication practices.
Two-factor authentication everywhere
When employees started wanting to use their own mobile devices to manage their work email and applications, IT security professionals were understandably concerned. However, the security on those devices and the software controls IT can use have come a long way. In addition to the software security on mobile devices, the cell phone will become increasingly more important to access control as more organizations implement two-factor authentication. The phone serves as a very good second authentication factor, since it is something the user will nearly always have with them and it is unlikely that a hacker will be able to steal both a password and phone without the user’s knowledge. Anyone could know a password, which is why it is so important to have another authentication factor to establish a user’s identity before giving them access to sensitive data.
Access management as marketing
Access management will become a big opportunity for marketing. An organization will have an incredibly difficult time maintaining its credibility and keeping a reputation as a secure partner if it suffers a massive data breach. It is difficult to recover from the misfortune of customer data theft. However, beyond avoiding disasters, marketing is also interested in seeing access management systems that are user-friendly and work consistently. An identity management system that locks out users unnecessarily or crashes under a heavy load creates a negative customer experience. Users are so accustomed to logging into a wide variety of services that any one that works unreliably will be sure to stand out as a negative experience. A well-implemented access management system should make it easy for the right people to get in, but impossible for everyone else.
Implementing risk-based authentication requirements makes it possible to employ security measures like multi-factor authentication without requiring the extra steps for each session. For example, if a user attempts to login from the same machine and the same network on which he created the account, the system could bypass additional security questions or authentication factors. On the other hand, if the user attempts to login on a different computer on a different network (or in a different country) he would be prompted to answer additional security questions or enter a code from a text message.
If you’re looking for ways to implement or improve the access management on your systems in 2014, sign up for a free trial of ReACT by ASPG. You’ll be glad you did.