It’s essential for organizations to defend their IT infrastructures with cybersecurity that is sufficiently robust to deal with relevant threat levels and avoid unauthorized access to company assets. They must protect business-critical applications and vulnerable data from hackers, with highly secure, scalable solutions that are also applicable for lower-risk areas of the business. Failure to protect against vulnerability to malware can lead to serious damage.
As a first step to securing networks and access to company IT systems, identity proofing is necessary to establish whether an employee is who they claim to be. Once the employee’s identity is verified, the company can issue them with an account and credentials allowing the employee to authenticate to the system based on this validated ID.
In the past, an employee had an email and password to access their work-based IT systems. Today, organizations are rolling out more sophisticated identity-proofing and authentication services and solutions as part of their cybersecurity, including additional interactive user-verification methods that can be applied when accessing the most sensitive and confidential parts of a company’s IT systems.
Public key infrastructure (PKI) offers very strong security levels to protect from the modern hacker’s malware, using a public and a private key for encrypting and signing data. Authentication based on PKI credentials is the most stringent way to protect systems. These credentials can also serve for encryption and digital signatures at the highest level, if they are deployed on smart card technology. FIDO authentication is based on free and open standards from the FIDO Alliance. FIDO protocols use standard public key cryptography to provide stronger authentication, enabling password-only logins to be replaced with secure, fast login experiences across websites and apps.
During registration with an online service, the user’s client device creates a new key pair, retaining the private key and registers the public key with the online service. Authentication is carried out by the client device proving possession of the private key by signing a challenge. The client’s private keys can only be used after they are unlocked locally on the device by the user, with a secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second-factor device or pressing a button. If biometric information is used, it never leaves the user’s device.
The beauty of password-less authentication is that it’s easy to use and reduces the need for a helpdesk to provide password reset functions. This type of authentication can include something you are (a biometric) or something you have (an ID token). Password-less authentication based on biometric authentication minimizes the risk of hacking. It’s convenient and easy to use because, for example, an end user may only need to place their fingerprint on a fingerprint sensor. G+D has developed a wide range of biometric-enabled products that allow a secure and convenient way to authenticate, eliminating the need for passwords. Going a step further, a fingerprint sensor can be integrated on a smart card. The user’s fingerprint template is securely stored on the smart card; the fingerprint never leaves the card and the fingerprint matching is performed on the card.
These relatively new cards and devices are expected to see a quick uptake to support the need for secure authentication. G+D is the future-proof partner for secure and seamless authentication solutions that can be adapted to the individual security needs comprising FIDO and PKI authentication, a broad range of form factors including cards, tokens, wearables and key fobs and secure OS and services. The home office of the future will be a permanent fixture in many of our lives, and securing it with robust yet easy-to-use technologies, such as fingerprint-capable cards and devices, will be essential.
