With the recent high-profile breach of Global Payments, information is finally coming to light as to the cause of the breach. Sadly, it seems that ineffective security around authentication was to blame this time. This is in-line with my post the other day about how internal security policies need to educate employees about why passwords and verifying content is so important to maintaining a strong security posture. Unfortunately, it looks like an employee was impersonated through authentication verification questions, giving the unauthorized user access to confidential information including several million credit card numbers. So how can this type of solution be avoided, and more importantly, what kind of cloud solutions exist to help with this challenge?
Sadly authentication has had a bit of a bad rap over the last few years, with a few high-profile breaches, including one of an authentication vendor itself. As a result, organizations are looking for new ways to handle authentication, and cloud is proving to be a great option for this market. Several key players in the authentication market have been working behind the scene building new solutions and offers that allow for flexibility in delivery and detailed analytics, including SafeNet and their recent acquisition of Cryptocard.
When it comes to delivery models, cloud is a great method for authentication because new solutions allow for the distribution of tokens through mobile devices including smartphones, tablets and standard laptop/desktop deployment. Since there are no physical tokens, inventory management requirements are minimized, and tokens can be deployed from a central location across any network. This type of solution is ideal for widely dispursed organizations or for smaller organizations who have no desire to purchase authentication appliances to manage tokens. Additionally, because authentication is done securely (two-factor) through any device, there is no more headaches about leaving your token at home and needing to access the network remotely.
From a management standpoint, having a cloud-based authentication solution allows for the easy integration with LDAP or other directories, and can be updated automatically as new employees are added or removed from the directory. This eliminates a huge security gap associated with managing tokens and access as employees leave the organization. Additionally, sophisticated reporting (and think Big Data Analytics!) can be used to track users and access to various resources, allowing for more detailed security reviews and insight into potential unauthorized access.
As organizations start to look at updating their existing security infrastructure, cloud services are going to start playing a more important role in not just streamlining delivery and management, but also providing next generation data analytics to help security professionals keep up with the rapidly changing security landscape.