Authentication methods keeping pace with BYOD, cloud

i-sprint-blog-12nov2014

Authentication methods keeping pace with BYOD, cloud

The consumerization of IT and bring your own device (BYOD) initiatives in the workplace are challenging IT leaders to deliver secure mobility without spoiling users’ mobile experience.

IDC Financial Insights projects that, by 2017, the value of purchases made through mobile devices will exceed USD1 trillion. Out of these mobile payment users, 48% of the users are concerned about security, while 22% do not fully trust in the technology to process transactions properly.

Authentication possibilities

Gartner, on the other hand, expects that through 2015, about one in two enterprises will take advantage of mobile device power-on passwords coupled with X.509 public key infrastructure (PKI) device credentials for remote-access authentication. Other authentication methods and technologies on mobile devices include OAuth, Near Field Communication (NFC) and one-time password (OTP).

Biometric factors – including fingerprint, voice or facial recognition – may gain traction next year as “30% of users accessing corporate networks or high-value web applications from smartphones or tablets will use biometric authentication, up from less than 5% today,” say Gartner’s analysts.

With the mobile operating systems and devices that support biometric authentication, implementations are becoming robust enough to support business use.

Meanwhile, both iOS and Android devices now incorporate NFC functionality and emulate an NFC card through a separate chip in the device. “People are using NFC not just for payments,” points out Priyesh Panchmatia, Director, Solutions at i-Sprint Innovations, which hosted a CIO roundtable discussion on the future of security and mobility in enterprises. “They often use NFC to turn the mobile phone into an authentication device, which will work in combination with their credit card.”

As these mobile authentication technologies mature, Gartner recommends that a password policy requiring at least six alphanumeric characters and prohibiting dictionary words be enforced on devices with access to corporate information. The large set of combinations provided by such a password would discourage hackers.

In addition, Gartner recommends a further authentication method or at least another password be used to access sensitive corporate applications and data. Here, software tokens such as the X.509 credentials on the endpoint offer one way to establish the higher-assurance authentication required by some organizations.

CUB’s versatile platform

For Taiwan-based Cathay United Bank (CUB), reliable security measures with stronger authentication and transaction-signing capacity is needed to encourage usage of its mobile banking services.

Besides meeting the security standard of the Bankers Association of the Republic of China (BAROC), the bank will have to safeguard customers’ online banking transactions while providing convenience and cross-country payment services for PC, smartphone and tablet users.

Therefore, CUB has taken the prudent approach of tackling an array of security threats through a proactive and comprehensive solution – i-Sprint Innovations’ strong and versatile two-factor authentication (2FA) platform.

i-Sprint’s 2FA solution includes transaction signing capabilities, which provides an additional layer of security for CUB to verify customer’s online identity. OTPs and static passwords generated by a hardware token enable CUB customers to access personal account details and perform online transactions. An extensible Pluggable Authentication Module (PAM) supports a wide range of current and emerging authentication methods – a key consideration for CUB in adopting i-Sprint’s solution.

As more users transact online securely and conveniently using the token, which is matched with their account, CUB can choose to deploy and maintain fewer physical ATMs.

Bridging mobility, cloud

With i-Sprint’s 2FA platform, tight integration between the AccessMatrix Universal Authentication Server (UAS)and the YESsafe Token+ enables organizations to rapidly introduce key capabilities such as synchronous and challenge response authentication; authorization; signature verification and host return code. In critical day-to-day operations, the platform simplifies management of token issuance, pin-mailers, lost tokens and out-of-sync tokens.

Another solution in i-Sprint’s mobile protection portfolio is the YESsafe AppPortal+ end-to-end virtual ID card management and verification system. It not only provides the security tokens but also a mobile single sign-on (SSO) platform, among other features.

Users on the mobile SSO platform can easily gain access to multiple applications from a portal via their mobile device. With increased adoption of software-as-a-service and native applications, the platform essentially bridges mobile and cloud security, eliminating the inconvenience of repetitive authentication for multiple apps.

The platform also provides encrypted data backup to cloud storage; AES 256-bit encryption; device fingerprinting for data encryption and prevention of device and application cloning; and contextual authentication leveraging identity-relevant data – geographic location, time-of-day, endpoint identity, etc. – in the authentication process.

Strategically, i-Sprint is delivering a comprehensive solution to enable organizations to transform existing cloud applications into mobile apps or turn them into responsive cloud applications that can even optimize the content for different display sizes of mobile devices. And this can be achieved on the strong authentication and transaction authorization capabilities of a future-proof all-in-one mobile security token using OTP and PKI or digital certificate technologies.

This is a QuestexAsia feature commissioned by i-Sprint Innovations.