Nearly every enterprise around the globe is conducting business electronically and storing sensitive data on laptops workstations and servers. Are these applications, networks and computers protected? Recent and well-publicised breaches suggest that they are not. We spoke to Jerome Becquart, vice president and general manager at ActivIdentity, to discuss the issues around hacking and what potential steps organisations should take to prevent data breaches.
What has the recent headline news taught us about enterprise security breaches? And what steps are potential or not being implemented by enterprises to increase security?
The security landscape continues to change with threats becoming more and more sophisticated. The perception that organisations are untouchable and their security cannot be breached is something of the past. The visibility and risks within an organisation has risen to the CSO and CFO, and tough questions are being asked by the CEO on “are we next?”
So far in 2011, we have seen 178 million to 218 million user accounts, e-mail addresses, token seed files or “records” stolen by companies that have been breached. With the sophistication and frequency of the threats, the traditional security steps such as traditional OTP’s are not sufficient to stay on top of the potential threats, implementing a multi-layered approach with a combination of smart cards and advanced OTP tokens can increase security within the organisation and provide the trust for online users.
For the security teams, implementing a comprehensive identity assurance security approach can address the tough security questions being asked by the CEO.
Why do you think that enterprises are more vulnerable today, and where are these vulnerabilities within the organisation?
Several trends in the market today are affecting this. The hackers are now more and more sophisticated and have better resources available to them. In fact, some of the most dangerous hacker types will take great pains to conceal their successful data thefts, rather than advertise them.
The publicity around hacking highly visible organisations, such as government bodies or big organisations, is great for the hacker’s ego and they enjoy the publicity and being able to say “I hacked so and so”.
The traditional security procedures, such as static passwords and authentication won’t meet the expectations of CSOs, as these security measures are almost obsolete for protecting organisations’ data. CSOs must understand that new security steps have to be implemented to minimise data breaches and the potential impact to the business.
What is your advice do you provide customers looking to deploy a sophisticated enterprise security solution that will address the global scope, frequency and sophistication of today’s threats? What are the key secrets to success?
To create an environment where employees could establish trust in their online activity and feel confident that they have taken the steps to protect their network and data, the answer is to introduce an enterprise identity assurance solution. This provides superior perimeter defences and a broader use of authentication across the organisation. Security organisations can make this transition by moving beyond just using traditional OTP tokens to smart cards. Smart cards reduce the vulnerabilities within the network as the technology is based on an asymmetric key model.
With some organisations it appears that they are more concerned about the higher likelihood of security breach and are implementing perimeter defence systems and smart tokens. Do you believe this strategy is addressing the Advanced Persistent Threats? And how?
Yes, multi-layered strong authentication inhibits an attacker’s ability to escalate account privileges or leap laterally to compromise other users’ accounts. Using more secure and easily deployable smart cards, secure VPN, Windows login and server access could prevent almost 50 per cent of current and future breaches. Employing stronger OTP tokens with algorithms based on multiple variables as well as employing multiple access paths when the primary authentication method is not available (e.g. smart card not present).
As a member of the HID Global Family, how can ActivIdentity help organisations strengthen their security strategy?
As part of HID Global Family, ActivIdentity provides security solutions for controlling access to information technology and physical access with one card or credential. A converged solution will enable the use of a single credential to authenticate to a PC, network, applications, digitally sign emails, encrypt data and open a facility door. ActivIdentity also offers the strongest Enterprise Identity Assurance and broadest range of strong authentication systems and devices. As innovators we continue to provide customers with solutions that can help them solve their security challenges.
Please share your vision for the future of enterprise security
Enterprises will continue to look for ways to more effectively secure their networks, data, applications and the physical access to their facilities. The CSOs know that to be secure in a digital world, new security procedures and technologies will need to implemented, such as multi-layered authentication defence, an advanced credential management system to manage credentials, smart cards and OTP tokens.
CSOs are also looking for partners that are innovative and can provide IT security that will be adaptive to their needs at all levels, assurance, usability requirements and cost effective. The primary mission for the CSO will be “how to do I keep all my assets secure and enable my employees to be highly effective without comprising the business?”