A Framework Approach to Authentication and Identity & Access Management

May 23, 2012 by David Mahdi     No Comments

Around a decade ago, I remember thinking of what it would be like if vendors kept pumping out point solutions to solve each individual problem. Luckily, that trend is not as bad as I may have thought — although I still see many vendors pushing hard for individual point solutions. Is this truly what customers want? Customers certainly want their problems solved — but they want it done and want us, the solution providers, to anticipate problems. Isn’t that what we are charged with? To innovate on their behalf, and ultimately solve real-world problems.

From an authentication standpoint, we’ve seen many vendors offering “all-in-one solutions” that end up relying on many disparate pieces. These pieces are typically built in silos and/or brought on through acquisition. Some of the most widely deployed are:

  • Username & password login
  • Mutual authentication
  • Device authentication
  • IP-Geolocation
  • SMS Out-of-Band
  • Knowledge Based
  • OTP Tokens (hard and soft)
  • Transaction Verification
  • Digital Certificates
  • USB Tokens
  • Smart cards
  • Biometrics

Organizations try to pick the most suitable authenticators typically determined by – user experience (UX), regulatory compliance (i.e. FFIEC), risk, cost, and many other factors. Take banks and other financial institutions for example, when dealing with their own internal staff; they may use authenticators such as username & password, OTP tokens, and in some cases smart cards. When it comes to the bank’s other lines of business, e.g. retail or wholesale, that’s when UX becomes critical, and might drive the bank to use simpler forms of authentication (while balancing risk, compliance, etc.). These financial institutions or banks make an interesting example, as they have many different use cases to cover their different facing channels. This situation requires them to use different forms of authentication (see above table). Should they stand up a different solution to meet each use case? Definitely not yet, that’s what many enterprises and financial institutions have done, and continue to do today. This often presents completely different user experiences, to both the end user and administrator. This causes increased complexity for all involved and leads to “multi-platform fatigue.” This arising from the increased management, maintenance, cost and complexity of deploying multiple solutions across various departments to address constantly changing needs.

How do you solve this “multi-platform fatigue?” An extensible framework. This extensible framework puts in place a foundation upon which current and future security needs can be met regardless of changes in technology, communication protocols, authenticators and use cases. As the first with this approach, Entrust is providing an authentication platform that is based on an extensible framework, allowing our customers to stay ahead of the innovation curve.

The framework approach has allowed our customers to increase security, while ensuring ease of use for their end-users. It’s not just about delivering authenticators, but the manner in which they are used — a framework that drives use-cases and ultimately solves business needs.

As organizations expand, more departments are becoming stakeholders in an organization’s cybersecurity. Addressing your obvious need for security is certainly important, but security is becoming more complex and affecting more departments’ ability to operate. With the proper framework in place, various departments can address their needs. Whether risk reduction, regulatory compliance standards, cost reduction, IT infrastructure complexity or one of a multitude of security related needs, organizations can leverage a single software authentication platform for a range of business needs.

A framework that connects to business needs

Today, businesses are struggling to keep pace with security threats, increased competition and squeezed budgets. Organizations are moving forward with cloud and mobile strategies aimed at increasing employee productivity, and ultimately enabling more business.Authentication & IAM Framework

Our pursuit is to constantly solve real-world problems while ensuring we aren’t rolling out point solutions to solve those needs. If it has to do with identity-based security, authentication and IAM, we strive to solve it with an extensible framework that connects to business needs. We will explore this framework approach in more depth in future posts.

That is unless you want it as a point-to-point solution. But I think not!

About

Entrust senior product manager David Mahdi specializes in Entrust’s mobile and cloud security solutions. He is an experienced IT security professional with more than 10 years in IT security, software engineering and product management. David played a key role in shaping Entrust’s mobile strategy, which included mobile authentication, strong mobile identity, mobile device management and mobile devices in the national ID/ePassport space. David spends most of his time conducting research on the mobile and cloud market, as well as conducting seminars on IT security. Prior to Entrust, David was a product strategist at Sophos, where he led efforts to increase Sophos' presence in the gateway security space. He is a well-versed information security professional for PKI, SSL, mobile, cloud, NFC, PACS/LACS, gateway security (Web/Email), malware, encryption and network security.

Add to the Conversation