By Phil Turner, vice president for EMEA, Okta
The adoption of cloud services and mobile devices is not slowing down anytime soon, with Gartner stating that the worldwide public cloud services market is projected to grow 16.5% in 2016 to total $204 billion, up from $175 billion in 2015. Not only are users accessing an increasing range of apps for work and at home, but businesses are encouraging their employees to bring their own mobile devices to work. At the same time, protecting sensitive, personal information is a top priority for businesses and users alike (Accenture 2015).
In the past, security approaches involved establishing network perimeters and then architecting layers of firewalls and anti-virus systems to segment and secure users and data. The rapid adoption of cloud and mobile technology is rendering this model obsolete.
The applications used in daily life exist outside of the firewall and passwords have become a liability, as recent high-profile breaches, such as that of MySpace and Tumblr, have proven. With more and more breaches taking place every year, we need to rethink the traditional security perimeter. In order to do so it’s important to look at the past, present and future of authentication.
So what can users do to make sure they are adapting to this rapidly changing environment? Reckless security behaviours — such as using weak passwords — play a huge role in many large scale breaches. But this doesn’t have to be the case. The new reality is that the network security perimeter is defined by the user, and more specifically, by their identity.
Securing this ‘identity perimeter’ has become a complicated task. As a result, many companies – ranging from Gatwick Airport to Peterborough City Council, both in the UK – are now protecting themselves from attacks that rely on stealing a user’s credentials by adopting multi-factor authentication (MFA).
MFA requires more than one method of authentication, such as a password and a temporary key, which is sent to a user’s phone, dongle, email address, or app, to ensure users are who they say they are, reducing the risk of unauthorised access. While traditionally, MFA solutions were purpose-built for large enterprises, the cloud is democratising MFA for companies of all sizes, enabling smaller companies to adopt implement this technology as well.
The future is biometrics
The fact is, cyber criminals are always one step ahead, and the methods they are using to steal user identities are becoming more and more creative. While MFA is still the most secure, widely available way to secure information, it’s important to consider the direction that security technology is headed. What’s next for multi-factor authentication?
We’re now seeing an increase in the popularity of biometric technology as a method for securing personal devices. This is seen as more secure than traditional authentication methods, as it is far more difficult for a cyber criminal to replicate aspects of a victim’s physical profile to access mobile devices than it is to replicate a password.
But even biometrics has weaknesses, as criminals devise ever more sophisticated ways to steal a victim’s fingerprints, requiring as little as a photograph of the finger in order to forge copies and compromise a single victim or even a large enterprise. Perhaps finger vein technology such as the one used by FingoPay, which offers ‘proof of life’ authentication, is the next stage of high level authentication that could benefit consumers and businesses alike.
Facial recognition verification is an alternative for fingerprint technology, as algorithms are becoming smarter and can account for weight, age, and certain feature changes. Plus, facial recognition can be adapted from official identification sources (such as a user’s driver’s license or passport). MasterCard is already using this technology, and it’s likely that more enterprises and developers will invest in facial recognition as an alternative means of biometric authentication. These investments are going to pay off for users, enabling ease of use as well as strong security.
Networks under control
When it comes to security, human error is often the weak spot that cyber criminals look to exploit. By adding extra layers of security, be it through the use of MFA or biometrics that are harder to replicate, users and businesses can be certain that their sensitive data is safe.
MFA remains the most secure way to protect devices, and any form of multi-layered authentication can only be a good thing. But users should be aware of how the mobile security market is changing. The full extent of the impact that biometrics will have on the consumer market is still unclear, but as more and more users are opting to download biometric authentication apps to protect their devices, with Juniper Research stating that more than 770 million biometric authentication applications will be downloaded per annum by 2019, up from just six million in 2015, it is safe to say that consumers and businesses are moving forward to a safer, more secure future.
Okta’s IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections.