Home ........ Blog ........ Travels ........ Software ........ Web 3D ........ LinkedIn

Sunday, December 10, 2006

Security Solutions for Uninterested Users

With the latest concerns of IT security being insider threats and the lack of user participation in security, Single Sign On (SSO) coupled with biometrics may become the most important technologies in securing your network.

The alternatives are rigorous user training on information security and policies that not only enforce, but provide penalties for non-conformance. User security awareness training is not new to the industry, but the seeming unwillingness of users to comply may be. A change in user attitudes towards corporate security may be a task rapidly approaching the impossible.

While network administrators try to mitigate weak user security habits with password controls such as uniqueness and complexity algorithms, these approaches are more counterproductive than beneficial. The more users are required to have complex and changing passwords, the more likely they are to write them down or share them with co-workers to prevent troublesome logons. Complicating matters is the many applications that are moving to web based interfaces that do not integrate with a user's desktop environment. These individual applications require a unique sign on that in many cases differs from the user’s normal username/password combination for desktop access.

While SSO can minimize the user frustration of multiple passwords, it does provide the "keys to the kingdom" if a user's password is compromised. The elimination of the "what you know" form of authentication addresses this.

Biometrics, a form of authentication based on "what you are" – such as a fingerprint or retina scan – is unique per user and does not require the user to remember a complex or changing set of criteria. Single or dual factor biometric authentication methods – such as fingerprint with or without voice recognition – provide a secure, easy authentication method while proving more robust and reducing false positives.

The main hurdle is the cost of deployment. Integrating biometrics into the user desktop logon procedure is not an inexpensive proposition especially with a large install base. Some laptop models provide integrated biometrics in the form of a fingerprint scanner; however, this requires a one-for-one swap of all installed models. Furthermore, the deployment of new applications – either those developed in house or those from external vendors – is seriously limited to applications that support integrated token authorization based on the biometric authentication method.

Still, when weighed against the potential losses of a data compromise, a technically feasible authentication scheme that addresses the crux of the problem – users that do not have the same priority for information security as those enforcing it – is the best approach.

No comments :

 

Copyright © VinsWorld. All Rights Reserved.