Strong Authentication isn't for the future, it's all about now.
I recently read an article by one of my favourite reporters in high tech; Ashley Carman from SC Magazine, wherein she was discussing the USA Governments 'Cyber Security Sprint' initiative.
I genuinely had to read the piece twice before I could comprehend the madness that I was reading, not because I disagreed with Ashley’s narrative, but because the data and stats that were being expressed were mind-boggling. You can read the piece HERE and see all the data laid out in front of you but the key point for me was that something as simple as true two-form factor strong authentication has not been fully adopted in a central government body.
I understand that 100% of anything is difficult, improbable even, but to be jogging along at 33% coverage when tokens, key cards and dongles have been available for well over 10 years and widely used in the private sector for at least two thirds of that time is staggering.
Most of the banks I have worked with offer free tokens to normal consumers that require the “something you have and something you know” adage to access your current account, make transfers etc. In this instance for someone who is likely going to transfer fifty bucks, five pounds or twenty Euros for an online transaction, a train ticket or the latest kindle book download using a token to secure that transaction makes sense to me and is prudent.
I can't imagine many companies - even a one or two man band - wanting access to their hard earned cash and only requiring a pets name or the town they grew up in as the only question before making unauthorised withdrawals start to occur! All of those people and businesses have embraced strong authentication across multiple vectors of their daily life, not only accessing bank accounts but also entering and leaving buildings, controlling network access availability and much more.
So why do we hear about local and central governments still having unsecured, unencrypted easy to access systems, files, folders, PC’s and more. Particularly, when the solution to this issue is not only simple to employ but no longer costs the earth and near integrates with your entire world at the flick of a switch or press of a button.
Thank you for the interesting (and worrying article) Ashley and please catch up US Government, lead by example and “sprint” towards where you should already be.
For more information on how Strong Authentication could benefit you or your organisation you can always take 10 minutes to respond to AssessMy Strong Authentication HERE. As a reward AssessMy and HID Global will send you a bespoke executive report identifying your Authentication operational strengths and weaknesses to help you 'get to great'.