Upping your network and data security with two-factor authentication

03 August 2015 | Andy Kemshall

Cover

Andy Kemshall

Blog Author | SecurEnvoy; Co-founder and CTO


With the frequency and severity of data breaches, networks and data are becoming more and more vulnerable. And a change in attitude is taking place with Security 2.0 coming to the fore.

With the frequency and severity of data breaches, networks and data are becoming more and more vulnerable. And a change in attitude is taking place with Security 2.0 coming to the fore.

According to the Ponemon, “2015 Cost of Data Breach Study: Global Analysis,” the average total cost of a data breach increased from $3.52 in 2014 to $3.79 million this year. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study.

Because the way we are protecting company data and systems is continually changing with today’s evolving IT infrastructure, companies are seeking an enhanced and future-proofed approach to internal security. Some have realised that a multi-factor authentication approach is key to protect their critical data and resources remotely and easily.  

 

The past: physical tokens

Most companies have been utilising standard security measures with a simple username and password or a physical token to enable employees to access important data and applications. 

However, passwords met an impasse five years ago. Today, they require 12 characters as a result of Moore’s law. An analogy: every two years the amount of time it takes to crack a password using a brute force attack is cut in half. 

We’ve now reached the point where a password can be cracked in minutes, sometimes seconds. A lot of companies still use physical tokens, but there are downsides: contractors and employees can misplace them then they overload IT with replacements; they do not scale well, are expensive, and the deployment of a newer version can take a while (three months to a year). 

The antidote is a multi-factor approach or two-factor authentication (2FA). Incorporating something you know, such as a password or PIN, something you are, such as a fingerprint or retinal scan, and something you own, which can either be a physical token or a soft token on a device you use every day, such as a mobile phone. 

The idea behind 2FA is to bring two of these separate methods together for a stronger level of security, should one of the methods become compromised.

  

The future: 2FA

Two-factor authentication is key to preventing breaches that can occur from within. However, change from the old into the new is difficult. So companies are increasingly turning to a two-factor authentication approach coupled with a mobile device.

Considering how attached people are to their mobile devices, this enables a simple deployment, use and adoption, very quickly. A mobile 2FA approach simply leverages devices employees already have with them, saving companies money and time to change over new systems. 

Companies can deploy a mobile 2FA approach for their network architecture three different ways: on-premise, managed service provisioning (MSP) or via the cloud.

On-premise is the ideal approach providing the most control and the most secure approach as the seed records are under the control of your company security as security providers do not hold these.

Overall, IT decision makers are changing the way they think about internal security and the way they allow their employees to access data, networks and infrastructure and the key is to think ahead to stay ahead.