Passwords are not enoughWritten by Tarun Khandelwal Thursday, 13 September 2012 09:53
A username and password login process is no longer a sufficient means to protect corporate data, no matter what the size of the organization.
Table of contents
(Page 2 of 2)
Integrating a transparent layer of protection against identity theft, data breaches and fraud can help an organization measure and block fraud in real-time, without burdening the user. Solutions that integrate with web-facing applications, like a VPN or web portal, can analyze the risk of online access attempts and transactions by examining a wide range of contextual data, scoring it based on preset rules, comparing it to historical data and conducting statistical analysis to calculate an overall risk score. The score is then used to either approve or decline the activity, ask for additional authentication, or alert a customer service representative, depending on the transaction and calculated risk score. The best solutions are flexible, meaning that IT managers can easily adjust existing rules and quickly add new ones to adapt to the evolving threat landscape. Additional solutions can be layered on in order to integrate verification steps.
For example, Facebook’s optional ‘Login Notifications’ give users a chance to keep tabs on where their accounts are being accessed in order to actively manage any sort of suspicious activity. If ‘Login Notifications’ are enabled, Facebook auto-alerts the user each time their account is accessed from a new device. If the user were to ever receive a ‘Login Notification’ from an unfamiliar device or location, Facebook provides instructions to reset the password and secure the account. There’s also an option for ‘Login Approvals’ – which would require the user to enter a security code each time an unrecognized computer or device tries to access the account. While these are both optional features, they provide users with the flexibility to increase security to a level that they feel most comfortable with, and to actively monitor their account for security breaches rather than fall victim to unauthorized access.
The benefits of integrating this type of added security layer are well–documented. Not only are risks of unauthorized access, data breaches and identity theft reduced, but so is fraud, providing an opportunity to block high-risk transactions or require step-up authentication for suspicious activities. Risk-based authentication measures can also help organizations meet ever-changing regulatory requirements. But best of all, it’s transparent – meaning that the risk evaluation process doesn’t have to effect the user experience in most cases.
The biggest mistake a business can make when it comes to security is to assume that their business is safe. No matter what the size of your organization is, security matters. It’s much more cost effective to take steps to prevent a potential breach than to be caught picking up the pieces after the fact.
Tarun Khandelwal is a senior solution strategist for security solutions with CA Technologies in Canada.
Published in Editorial