Organisations are grappling with the challenge of managing secure access to information and applications scattered across a range of internal and external computing systems.
For a start, they have to provide access to a growing number of users, both internal and external, without lowering security standards or exposing sensitive information. The management of multiple versions of user identities across multiple applications makes the task even more daunting.
However, there`s hope on the horizon, believes Andrew Ochse, Product Manager at Nanoteq, Comparex Holdings` managed security services arm, with the infrastructure for providing dedicated access control in a distributed environment evolving rapidly.
One example of this is LDAP and the universality of directory services. Via a protocol, a directory service provides information about users and resources and their access rights to multiple applications in a seamless, integrated way. Another is Security Assertion Markup Language (SAML), an interoperable protocol that can exchange information about access control in a more distributed context.
The downside, as Ochse sees it, is that while authorisation products have come of age to a large degree, organisations still forget the amount of work they need to customise their channels to work with these products.
"Access control problems don`t get fixed overnight. It will take time, just as it took time for computer systems to evolve from mainframes to distributed networks."
However, meta-directories and standards suggest that there`s a way to position access control where it belongs: an integral part of an infrastructure that`s universally available to the application level.
Ochse is a vociferous opponent of the current trend towards single sign-on (SSO), saying SSO is being wrongly touted as the answer to all security problems.
"SSO vendors are spreading the line that SSO will solve all ID management problems, and that it will save money and increase productivity, but all they`re doing is creating a heinous misconception," says Ochse.
"Fact is, in SA we lose more productivity to people going outside to smoke than we do to having to re-authenticate every so often. Question is, isn`t the marginal inconvenience of having to re-authenticate worth the risk when you consider the value of the information being dealt with in some instances?"
Access control nirvana, according to Ochse, is the migration towards the adoption of PKI solutions, working with smart cards, which are secured by biometrics.
"The main drawback of PKI is its cost, and even biometrics are fairly expensive for single desktop applications, but in high-risk applications, it`s often worth it. Government has certainly been a very strong adopter of biometrics in its departments. Biometrics is the only real way to accurately identify someone to a digital system."
Ochse believes biometrics could even play a major role in reducing ATM fraud at a marginal cost per ATM. Instead of typing in a pin code - "a security manager`s nightmare" - a user would insert their card, and then authenticate them by putting their finger on a biometric scanner.
"The general trend in South African business is still the staggering degree to which organisations underestimate the value of their information," says Ochse. "We can`t even start to guess the amount of fraud in areas like finance, medicine and government - and the bottom line is that most of it is preventable with modern access control technologies."
Share