Hans Zandbelt, Senior Technical Architect at Ping Identity, discusses the role identity will play in securing and enabling broader internet in 2015.
In 2014 we saw connected homes and mobile wallets became a reality. The Internet of Things (IoT) well and truly entered the mainstream, with high profile events such as the Consumer Electronics Show bringing everything ‘IoT’ to the forefront of the news agenda.
However, last year was also the year of large-scale vulnerabilities and high profile security breaches. Relentless hacking led to significant breaches including Sony Pictures and Snapchat, to name but a few. As IoT developments hit our headlines, so too do Cyber security breaches. Will the hackers be able to infiltrate any IoT network? This is something business, and indeed consumers can no longer ignore.
As our personal and professional worlds become more connected with the emergence of new technologies, organisations of all sizes need to bolster their cyber defences. Identity management will be at the heart of this defence, enabling companies to thrive and offer innovative and secure services to their customers.
The death of the password
It’s becoming clear to both businesses and consumers that passwords on their own are no longer fit for purpose. The recent hack of Centcom’s Twitter account for example, demonstrates the ease with which modern-day hackers can bypass traditional password security measures and compromise company databases, emails and social media accounts.
Multi-factor authentication (MFA) is set to take a big bite out of passwords, tokens and fobs- the old, dusty ‘typewriters’ of authentication. MFA essentially allows users to authenticate to different applications by using various ‘factors’ like biometrics or owned devices, such as smartphones. MFA is extremely beneficial for large companies operating a Bring Your Own Device (BYOD) system because it can selectively control access without relying solely on risky and insecure passwords.
The post-password era is becoming a reality with MFA and emerging authentication technologies. For example, the US military created a cognitive biometric system that can recognise users by the rhythms and speed of their typing. Identity authentication technologies such as this, alongside the use of MFA, will become the standard means of security and identity access. This will be even more so as consumers and organisations move into the world of IoT.
Internet of Things becomes Identity of Things
The future will be inter-connected where we can control the heating in our homes from our car, our kettles can connect to our fridges and more. As objects become more inter-connected, we’ll need to secure more access points. IoT only amplifies complexity because many of the interactions between things and applications occur without real-time user involvement. At the heart of securing the IoT explosion though, must be identity.
Just think about the number of passwords you would need to remember to secure each and every device in an inter-connected network. The password-security model isn’t going to solve problems here, and would cause multiple headaches for IT managers and consumers alike.
MFA and Single Sign On (SSO) tackle the password problem by reducing the number of passwords needed to authenticate across different applications. They allow users to directly authenticate with an existing credential and be issued with a token that allows it to authenticate to other phones, computers or laptops.
Federated SSO technology, secures and enables login to multiple applications across different administrative domains from a browser with just one set of credentials that may be built with MFA. – keeping the password nightmare at bay and greatly improving the experience for users.
This type of technology also caters for the authentication of a specific device tied to a user by issuing tokens specific to a ‘relationship’. As IoT is moving in the direction of many devices operating on a behalf of a particular human, or set of human beings, this kind of distinction will be a necessity in 2015 and beyond.
Make no mistake: the world of connected companies, people, homes and devices is well and truly upon us. There will be security challenges ahead for both organisations and consumers this year. However, as long as identity is placed at the heart of any security policy, you can safeguard against many of the modern day cyber hacks and breaches.
About Ping Identity | The Identity Security Company
Ping Identity is the pioneer and largest independent provider of next generation identity security solutions, with more than 1,200 customers worldwide, including half of the Fortune 100. Ping Identity is transforming the way hundreds of millions of people live and work every day by making their apps more convenient and secure to access from any device, anywhere. Visit pingidentity.com for more information.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.