Current Filter: Security>>>>>>

   

The year 2013 has already been a pivotal one for the two-factor authentication market. As the mobile device becomes king, authentication technology providers have had to adapt to deliver solutions that meet an increasingly diverse set of requirements, such as secure log-in to multiple cloud-based applications and the consideration of whether to allow authentication from the same device being used to log in to the corporate resource.

This year, I have been monitoring the analysts' views on two-factor authentication, in the context of the wider Identity and Access Management (IAM) market, and there is one emerging consideration that I urge every reader to consider. I am talking specifically about the convergence between two-factor authentication and mobile device management.

With the proliferation of the mobile device in the workplace, it is perhaps no surprise that Gartner perceive a synergy between these two markets and MDM was a regular discussion topic at their IAM summit this year.

This is not as unusual as it may at first seem, because mobile devices have identities, just like the user, and with advances in mobile computing come advances in mobile risk.

Authentication solutions typically only help to identity the user, but they provide little or no identity details about the device being used to access corporate content. The ability to identify both the user and the device being used to access corporate resources is an important requirement for the authentication vendors to address.

DUAL BENEFITS
But what if an authentication solution could allow you to prevent access to corporate resources from distrusted devices? Furthermore, what if you could enforce device registration for any device before it is granted network access? If that were possible, then an organisation would have the dual benefit of knowing the identity of all devices authorised to work on the network and the ability to apply some simple policies, such as wireless access for those trusted devices.

Once an authentication solution is capable of addressing a level of trust for both the user and their device, it also then provides an ideal foundation to enforce adaptive authentication concepts. For instance, when a trusted user logs in for the first time from an unknown device, he or she may be prompted to enter additional identifiers, such as answering personal or secret questions.

These are simple mobile device management concepts, but, for organisations that cannot justify the cost and complexity of the market-leading MDM solutions, there are advantages to considering authentication solutions that address the device and not just the user.

Analyst coverage of the convergence of two-factor authentication and MDM markets is thought-provoking, but, in the real world, many organisations do not need enterprise-class MDM features. I perceive a new breed of forward-thinking authentication providers who will bring converged solutions to market that will provide a greater level of identify proofing through the extension of simple authentication logic. CS

In the next Masterclass, Tim Ager will talk about the emergence of risk-based authentication and its impact on security.