Tighten Security with Multifactor Authentication
Unauthorized access to, or misuse of, personal or corporate information continues to be pressing source of concern worldwide. According to the 2014 Unisys Security Index, a global study conducted to gauge consumer attitudes on security issues, identity theft is the number one threat in five countries and the number two threat in five more. Bankcard fraud is also a major source of concern and the top threat among adults in four countries and the number two threat in six more countries.
The growth of both personal and business multi-channel and multi-device access to information exposes everyone to new vulnerabilities and risks. News of security breaches has occurred across all industry sectors increasing the fear factor that everyone is at risk. These types of security breaches can damage reputations, incur high monetary losses and can take a significant amount of time and effort to resolve. Companies and government agencies can no longer secure just the entry points (doors); they must also secure the identity of their customers, constituents, and users. These trends are driving consumer, citizen and employee desire for innovative new methods and safeguards for increasing the security of their devices to safeguard information.
“The Identity strength of access credentials and the 3 Factor approach must progress from just normal password authentication (Factor 1: something you know) and token or smart card access (Factor 2: something you have) to biometric usage (Factor 3: something you are),” says Dhimant Desai, director for Identity and Physical Security Solutions at Unisys. This model infers the more factors used naturally increases security, but it is a “build model” meaning start with Factor 1, add Factor 2 for more security, and then add Factor 3 for highest level of security. Mobile devices enable a potential 4th Factor “something you do” (like never use a Free Wi-FI network) along with contextual “where you are” (such as GPS location, date/time, IP addresses).
“Using biometrics and contextual information can significantly reduce or even eliminate the need for tokens or credentials greatly reducing costs while increasing individual experience,” says Dhimant. Biometric modalities are easily integrated within the mobile, online, and internal user channels such as face, voice, keystroke, fingerprint and IRIS. Contextual information can be passively captured requiring no additional actions by the user.
“Any smart phone with a camera is already equipped to collect at least two biometrics — voice and facial,” says Terry Hartmann, vice president for Security Solutions and Industry Applications at Unisys. “It’s all already in your pocket and I’m going to know I’ve lost my phone before I know I’ve lost my credit,” adds Terry. And unlike a wallet or a credit card, a smart phone that gets stolen, if secured with biometric technology, cannot be used by the thief. “The key to mobile security is mobile identity. Your identity will be in the cloud, your phone is the lock, you are the key,” Terry summed up.
Mobile device manufacturers are starting to bring more secure products to market including the recently Apple iPhone5s that has Touch ID capabilities incorporating a fingerprint identity sensor to be used in lieu of a passcode to secure the device. “The end of passwords for critical applications is in sight,” says Terry.
To strengthen security, you must move away from a binary pass/fail approach for authentication to identity confidence levels that drive the authentication requirements. Identity confidence levels need to be driven by real-time risk engines which understand customer behavior and adapt the means of authentication dynamically. Organizations must review and enhance their existing security measures on a continuous basis and begin to adopt new innovative technologies and approaches that provide the right mix of convenience and risk for their business. Business and government agencies have a unique opportunity to be proactive and educate customers and constituents providing tips and techniques that encourage secure online habits.
As an experienced biometrics software and services systems integrator and service provider with deployments throughout the world, Unisys offers security solutions for mobility, national identification, and immigration and border security programs. Our highly experienced consultants have certifications such as CISSP, CISA, CISM, CEH and GWAS. We partner with leading security solution vendors to offer best-in-class solutions. Our layered security approach leverages rules-based profiling to address the right mix of convenience and risk for your business or organization. Our solutions come wrapped with best-in-class enterprise-grade security giving you the assurance of a secure and mobile enterprise.
For additional information and insight on multifactor authentication watch the Applied Innovation Webinar on demand with Dhimant Desai, Director, Identity & Physical Security Solutions, Unisys and featured speaker, Ed Ferrara of Forrester Research.
You’re encouraged to comment on this blog or ask questions and get additional information on Unisys security and multifactor authentication strategies by emailing us at AIWebinars@unisys.com.