Solving the problem of data protection with MyID
CyberTech and Intercede set to change SA’s data security landscape.
MyID Credential Management Software is now available in South Africa following the recent partnership announcement between cyber security company CyberTech, a division of Altron, and UK-based security software company, Intercede.
According to Allen Storey, Digital Identity Specialist for Intercede, 81% of data breaches in organisations are caused by weak or compromised user credentials. These breaches are primarily due to the use of passwords that can easily be stolen or shared.
The tactics hackers are using to steal company data continues to change, but the primary target remains employees using weak methods of authentication, notes Storey.
“Most organisations nowadays understand the need to shield themselves from reputational damages by protecting against data breaches, and are aware of the need to strengthen their data protection beyond the use of passwords. They just aren’t sure about which of the many available alternatives to choose from,” he explains.
Herman Kriel, General Manager of CyberTech, a division of Altron, highlights a further challenge facing organisations, particularly in South Africa. “The Protection of Personal Information Act (POPIA) is high on the agenda of South African organisations. They’ve become acutely aware of the need to keep personal data private and even more so to ensure that all information is traceable and ready for auditing.”
Thus, the majority of organisations require a credential management system that is deployable with minimal disruption and is simple to use. “Running and integrating a public key infrastructure (PKI) system has a reputation for being complex, as it’s used at the highest levels of defence in areas such as government, military and aerospace. But this is not necessarily the case,” says Storey.
“MyID utilises PKI to authenticate users with a cryptographic key. This key cannot be cloned or copied and is combined with a second factor of authentication, such as a PIN or fingerprint, adding an additional layer of security for highly sensitive operations such as financial institutions, governmental agencies, or any organisation where different users need different levels of secure access,” Kriel explains.
Storey adds: “At Intercede, we describe authentication options as a pyramid – a simple metaphor for levels of authentication where the weaker options are at the bottom, with stronger, more secure solutions the further up the pyramid you go.”
The bottom layer consists of passwords, the next is one-time passwords (OTPs) via SMS, followed by one-time devices, then Fast Identity Online (FIDO), with the topmost security option being PKI.
“The PKI digital identity is the strongest form of authentication, as it is linked to a private key which can’t be copied or cloned, and a unique authentication which can’t be replayed. It’s considered the gold standard in data protection globally.”
Kriel elaborates: “MyID also offers a good experience for users, as they can use a pin or fingerprint and don’t need to remember a password. It basically provides a lock on the front door against the number one cause of data breaches.”
“MyID can be deployed by integrating the solution easily with existing infrastructure,” explains Storey.
Once deployed, the credential management system gives the organisation complete policy control, ensuring the right people are provided with the correct digital identities and life cycle management so they can update or remove any security certificates, and have complete visibility and audit reporting capabilities.
Storey says organisations will have the advantage of being able to “monitor with certainty who had access to which specific data, who issued credentials to whom, where credentials were revoked, and to ascertain if any rogue employees accessed data or gave permission to others to access data.”
MyID provides more than just ‘simple authentication’. While the first thing organisations are usually concerned about is authenticating who has access to data, there are other uses and benefits. MyID can also allow users to sign documents and e-mails, ensuring the certified person/s are the only ones able to do so. It can also be used to encrypt e-mails or be used in identity cards.
“The potential is scalable and can be used for more than binding a digital identity for a person,” Kriel explains.
MyID makes it easier for organisations to manage their human resource environment as it relates to POPI. By providing each member of the organisation with an unclonable PKI digital identity, access to information is traceable.
Organisations will be able to ensure that only the intended parties have access to personal data.
“This provides auditable data ensuring privacy cannot be breached. There can be no ambiguity and the information in your environment remains in a higher level of security. This means organisations can be POPI compliant, making use of state-of-the-art software that can be easily deployed at all user levels with support to match,” says Kriel.
With MyID organisations operate the most secure type of authentication management system available and it is simple to deploy at a company level. It also supports remote work and could effectively be rolled out across South Africa and other African markets.
Kriel concludes: “This is a government grade level protection solution made available to organisations around the country.”
Join Intercede and CyberTech for their upcoming webinar on 22 September 2020: 'Securing the financial workforce with strong authentication', where experts from both organisations will outline the key considerations that Africa’s banking and finance organisations’ IT leaders must take when securing workforce authentication. Register here.