Digital identities are an extension of every employee, user or vendor — and enterprises have to change the way they secure these identities and protect data.
During an exclusive forum on Wednesday at the CARTES Secure Connexions conference in Paris, Entrust security experts Lindsay Kent and Chris Taylor discussed real-world use cases where new takes on mobile, credentialing, payment and digital identities are used to effect change in any environment.
This open workshop explored multiple issues, including continued BYOD momentum, weaknesses of password-only schemes, the critical need for more secure digital identities and how to implement solutions to these challenges in complex environments.
What is at the core of these issues? Identities are growing across multiple devices in the enterprise, threats are evolving and new attacks all target identities. Some of the most popular threats include:
- MITB/MITM/DDoS — An integrity attack to appear as the real identity via man-in-the-middle/browser or denial of service strategy.
- HTML Injection — The identity is stolen through injected fields.
- Session-Riding/Token-Stealing — Identity integrity is compromised.
- ZITMO/MITMO — Short for Zeus/Man in the Mobile, this threat compromises mobile SMS, photos and contacts.
- Key-Logging — Identity and actions are compromised via malicious malware that intercepts keystrokes.
- DNS Poisoning — The URL identity is compromised.
Understanding the above threat landscape, it’s easy to see why password systems simply aren’t strong or secure enough to hold up against advanced attacks. Passwords not only put identities at risk, but they add additional costs as identities spread across multiple devices and applications in various environments. It’s critical that authentication moves from a burden to being both easy to use and deploy.
[caption id="attachment_33951" align="alignleft" width="650"]
Entrust security experts Lindsay Kent, left, and Chris Taylor host an exclusive mobile security workshop Nov. 5 during CARTES Paris 2014.[/caption]
Joynes and Taylor also explained why employees need authentication that spans a wide range of physical, logical and cloud systems. To realize the true value of mobility, applications need to be accessible outside the enterprise as easily as if they were in the enterprise.
While mobile deployment is rapidly growing, the enterprise
or consumer needs a platform which can provide other options and an easy transaction for when mobile is available.
To realize this secure flexibility, seek a software platform that provides a wide range of authentication solutions
. It should include both basic and advanced authenticators (e.g., soft, non-intrusive options to advanced mobile, smartcards and biometrics). And, it’s critical that organization select a future-proof security solution that evolves as security goals change and grow.
More advanced approaches will include automated mechanisms to derive trusted mobile identities
from existing credentials like a smartcard. This helps organizations extend their investment in legacy smartcard security deployments.
This smart, tactful approach may be successfully deployed and trust in a number of environments and verticals, including financial
, utility/critical infrastructure, SMBs, citizen