How does an increasingly mobile workforce shape the way an organization deals with authentication issues?
This is a great question as it’s a rarity when the growth of a mobile workforce actually makes a task easier.
In authentication, we know there are three ways to authenticate you. We’ve already discussed these to some degree, but it’s something you know (passwords), something you are (biometrics), or something you have (key). We’ve already put the first two through the ringer, so let’s chat about the “something you have.” Historically the something you have for the enterprise workforce has been a hard token – you know, that little plastic key fob with the code that changes every 30 to 60 seconds. These present unique challenges to use and administer, which has opened the door to transform the “something you have” from this separate piece of hardware to the user’s mobile device.
The use of the mobile device as the second factor of authentication is the logical way forward. With this newly minted and fast growing mobile workforce, large organizations can take advantage of their workforce’s willingness to carry authentication technology with them everywhere they go. The next logical extension is to harness the additional low hanging fruits. If a mobile workforce is willing to carry a mobile device with them everywhere they go, shouldn’t we be able to leverage the technology embedded in these mobile devices to create authentication decisions based on the contextual-awareness of these mobile devices?
What advice would you give to a CISO with the task of upgrading an outdated authentication infrastructure?
You can do a whole lot with very little time and money.
Gone are the days of needing months to scope and integrate an authentication infrastructure. Sure, do your homework, prove the concept, and phase in the new technology, but changes to authentication do not have to come in one fell swoop, nor do they need to involve months or even weeks of integration and setup. If you can’t make changes to an enterprise authentication scheme in a matter of days, then someone is doing something wrong. Additionally, I recommend you option into the new platform; unless the legacy platform has failed, there’s no rush to immediately abandon the existing platform. Phasing into a new platform as you rely less and less on a previous infrastructure allows for comparative analytics and a fail-safe if any issues are encountered in a phased deployment.
What are the essential building blocks of a successful authentication infrastructure for a large organization?
I think even before we get to the building blocks of authentication, we should outline why authentication plays such an important role within a large organization.