As more and more workers become mobile, remote access needs are rapidly growing. However, companies are discovering their traditional authentication systems can only scale up to meet these demands at great expense. Yet there is another far more cost-effective and intelligent option, argues Hennie Moolman, Managing Director of network security expert, AfricaSD, which brilliantly exploits a company's existing infrastructure.
Mobility and cloud computing are changing the way we do business. Being able to access and interact with critical systems and resources from anywhere at anytime can produce significant competitive advantage for an organisation and its increasingly mobile workforce, but it also makes securing the network a more imperative and complex task.
Most organisations have adapted to this new landscape by using two-factor authentication to secure their network perimeters. In other words, requiring remote users to provide two factors of proof, for example, a secret (something they know) and a token (something they own) as proof of their identity. These are, typically, a password or pin and either a hardware or 'physical' token, like a smartcard, key fob or USB device, or a software token, like an RSA SoftID.
As more and more firms are discovering, though, traditional tokens like these can only meet their growing authentication needs and scale at great expense. Hardware tokens have always been very expensive to purchase, deploy and maintain. Today, however, the costs and administrative burdens associated with such systems are becoming exorbitant as they endeavour to handle the large numbers of mobile workers within organisations. Simply replacing lost, stolen or damaged tokens can prove to be an onerous logistical task.
Software token-based systems are usually cheaper to deploy, but typically require personnel to be sent on more intensive training. Such systems are also inherently less secure because the token resides on the remote user's device (laptop, workstation etc), which is the equivalent of sticking the keys on the side of the car. These systems are also becoming attractive targets for cyber-criminals - a fact that is reflected in the growing amounts of malicious code designed to call token APIs that is being detected.
Eliminate escalating expenses
The ingenious solution to this dilemma is mobile phone-based authentication. By using the remote user's mobile phone as a 'virtual token', an organisation can continue to benefit from two-factor authentication, without the escalating expenses associated with traditional token methods.
Studies suggest that adopting mobile phone-based authentication can reduce an organisation's remote access security overheads by up to 60%. Obviously, equipment is an area where firms can make considerable savings because their mobile workers already own the devices they need and no other costly device 'readers' need to be installed.
Deployment and ongoing administration are also areas where companies can cut overheads, since enrolment processes are straightforward and automated - end-users simply register their phone numbers - and such solutions can, usually, be deployed to a 1 000-plus users in less than five minutes.
One challenge was how to take advantage of these benefits without requiring software to be installed on workers' phones, since supporting software across the wide range of manufacturers and models would be arduous. The way to overcome this proved to be elegantly simple: to use SMS.
The authentication process is straightforward. A one-time passcode is sent to a worker's mobile phone and they simply enter it when prompted, together with their normal username and password to login. Once the passcode has been used, a new one is sent and the previous passcode is overwritten. The worker will, therefore, only ever see one passcode on their phone and doesn't have to install any other software.
Not only is mobile phone-based authentication extremely cost-effective and secure, it is easier to manage because owners tend to more consciously look after and protect the token-issuing devices. We use our mobile phones all the time and so stolen or lost devices tend to be noticed and reported promptly, which helps to prevent breaches and escalating costs.
As trends like mobility and cloud computing continue to expand our remote access requirements and the multiple environments mobile workers operate across become ever more complex, two-factor authentication has become an essential part of network perimeter security. Yet many firms find themselves hamstrung by traditional systems that are only able to meet their growing needs at huge expense. For many such organisations, the obvious solution is to intelligently exploit their existing infrastructure and use their mobile workers' phones as convenient, cost-effective identity tokens.
Share
AfricaSD
Operating throughout the sub-Saharan region, AfricaSD provides organisations with a comprehensive network security service that includes security investigations, audits and threat analyses, as well as configurations and deployments.
AfricaSD supplies and supports a comprehensive range of market-leading products, covering every aspect of network security from anti-virus, authentication, content filtering, encryption, biometrics, firewalls and intrusion detection/prevention to unified threat management and wireless and mobile security.
AfricaSD also offers customers and reseller partners 24x7x365 support on all of its network security solutions. As one of the country's foremost security training and certification centres, the company's technical staff are all fully certified and trained on the entire product range and offer a convenient combination of one-to-one help and a wealth of technological resources.
AfricaSD offers its partners the very best products, training, support, leads and free product certifications. It is committed to keeping partners empowered and up-to-date with the latest relevant information and practices by making available, on an ongoing basis, a network of local and international third-party specialists and leaders.
For further information, visit the company's Web site www.africasd.com or contact AfricaSD directly on +27(0)86-111-1737 or +27(0)12-665-2513.
Editorial contacts