How Advanced Authentication Can Be Used at Your Organization

In this mobile world, information, applications and users no longer stay within the company but work from where the business needs them. Security must exist in this world of disappearing perimeters. Organizations must embrace and secure open enterprise. Unfortunately, passwords are often a critical weak link in a web-based security system, and do not comply with many industry best practices and regulatory guidelines for the protection of identities and data.

The current approach of relying solely on a credential to validate the user’s identity has proven to be vulnerable to attack. Organizations need a more secure way to protect access to corporate applications and data and protect your users from account takeover.

The advanced authentication section of the CJIS security policy requires that any solution used be Out-Of-Band. This means that the authentication method cannot be sent to the same device that is being protected. By using a USB key, it would be impossible to violate this section. When using a phone app the same thing happens as it is not possible to generate and view a key on the same phone you would be trying to access. Therefore, both methods provided by CJIS Solutions meet this requirement. In fact, Section 5.6.2.2 of the CJIS Security Policy requires that agencies use Advanced Authentication when accessing CJI from a non-secured location. Hosted 2 Factor Authentication from CJIS Solutions addresses the entire section and meets the Out-Of-Band requirement as well.

Advanced authentication means an alternative method of verifying the identity of a computer system user. These methods are ways of confirming a user’s identity that go beyond a simple user ID and password by incorporating at least one more dimension of authentication, often called multi-factor authentication (MFA). Typically, MFAs include: passwords, secret questions, previous addresses, hiring dates, bank deposit data, etc.

Why Are Advanced Authentication Methods Important?

As companies seek to achieve greater revenue and efficiencies from e-commerce and mobility channels, the degree of information security risk increases. With the growth of users, applications, devices and access channels comes an inevitable increase in the amount and types of sensitive data they access. This generally encompasses a spectrum of personally identifiable information about employees that must be handled with care, to a wide range of business data that must be protected from inappropriate access. Much of this sensitive information is protected by internal security policies, privacy guidelines, or regulatory compliance, but each new app potentially brings a new and different way to access confidential, proprietary or regulated data. A critical success factor for companies doing business on top of these new channels is the ability to authenticate and authorize users in a unified, consistent, and convenient and cost-effective way.

Often there is nothing more than a simple username and password that protects access to applications. When used as the only form of authentication, passwords can be a weak link in security. Recent attacks, such as phishing, man-in-the-middle (MITM), brute force, spyware, and social engineering, show how passwords can easily be compromised. Once login credentials have been compromised, attackers can get easy access to your organization’s internal network and the wealth of valuable information it contains. To reduce this risk, most security experts recommend replacing the simple username/password combinations with stronger authentication and various regulations recommend, or require, multi factor authentication. Factors may include the following:

  • Something you know (like a password or PIN)
  • Something you have (such as a smart card, digital ID or one-time password generator, or mobile device)
  • Something you are (a biometric factor such as a fingerprint or voice print or user behavior)

For your most critical systems, advanced authentication methods may be required. Our expert consultants can help you prioritize and identify systems that require advanced authentication and guide you to the types of advanced authentication that best fit your organization’s needs, culture, and environment.

Benefits of Advanced Authentication

The CJIS Security Policy States “Advanced Authentication” for a reason. As 2 Factor Authentication is the most common method, it is not the only method of meeting the policy’s requirement. Therefore, instead of the title of 2 Factor Authentication, the FBI uses Advanced Authentication to broaden the solutions available to meet the authentication challenge. Verifying a user’s identity before granting access to sensitive information reduces the risk of inappropriate access. Additionally, it provides additional security for all sensitive applications and data that may be accessed through a browser or mobile device and therefore helps reduce the risk of employee identity theft, corporate espionage, intellectual property theft, and other data breaches. Providing this protection in a familiar and easy-to-use way enables organizations to improve security and reduce fraudulent activity without hindering the productivity of employees or partners.

Takeaway

Organizations need to take a look at the full spectrum of data and resources that users can access through their applications and develop an authentication strategy appropriate to the risk. In many situations this will reveal the need for risk-based authentication along with strong credentials. The next challenge is to select the best combination of security, cost, and user convenience to meet these needs. CJIS Solutions offers a wide range of strong authentication solutions, such as Law Lock, that provide additional security in an easy-to-use and affordably effective way.

CJIS Solutions provides a secure, user-friendly, and cost-effective way to protect many sensitive corporate resources, including cloud-based services, privileged accounts, remote access, virtual
desktops and web resources.We provide a wide variety of software-based multi-factor authentication credentials, as well as transparent, real-time risk assessment based on user behavior, device characteristics and geolocation data. Together they enable an intelligent, layered security approach to protect user identities and organizational data.