Authentication in the cloud
Hosted authentication offers several causes for confidence
With an ever-increasing number of users wanting to access an ever-increasing number of company applications from an ever-increasing number of endpoints, secure access has become critically important.
Couple that with a growth in pressure on companies to conform to standards such as those from the Payment Card Industry (PCI) and the Information Commissioner's Office (ICO), and it's not surprising there has been a strong growth in two-factor authentication (2FA), with a one-time password (OTP) on a hardware or software token, plus a PIN.
Another trend over the last couple of years has been towards hosted services - yes, cloud computing. According to some surveys, many companies are now using externally hosted solutions in some part of their business.
Hosted authentication is a cloud-based service where strong 2FA is provided by an outside supplier instead of being done in house.
Managing 2FA
While recognising the need to improve their access security, some companies don't have the desire, the expertise, or the extra finance necessary to implement and manage a 2FA system themselves.
A hosted solution means there is no up front investment, no servers to buy, no extensive training, no network implementation or complicated integration and no heavy ongoing cost in managing the solution and associated infrastructure. In times of financial uncertainty, paying a fixed sum on a regular basis to a third party can be seen as an advantage.
Hosted authentication, in my view, offers instant and easier implementation. Hosted authentication takes all the complexity out of implementation, and can be typically carried out in just a few hours, compared to several days for a traditional server based solution.
Doing the ongoing support is easier. A high percentage of help desk calls, I believe, are related to password and authentication problems. Hosted authentication provides for easier ongoing support, freeing helpdesk staff and system administrators to focus on other more urgent matters.
No special skills are required either.
The adoption of in-house authentication may mean hiring qualified staff to install and manage the system, or the training of existing staff, but hosted authentication is managed by specialists, so no additional special skills need to be sourced.
It also promises a lower total cost of ownership for users, as a result of a combination of these factors, including not having to hire extra staff or train existing staff, instant and easier implementation, less help desk calls, less time spent on token logistics and less security incidents.
There is also the additional advantage of scalability. Hosted services are easily scaled up or down to accommodate more users or offer more diverse access to networks.
How does a hosted authentication service work in practice and how does it provide the access security you need?
A hosted service is accessible from anywhere via a standard web browser. When trying to connect to the corporate network over a VPN, for example, users are asked to identify themselves using their unique OTP and PIN. This request is then sent to the hosted service and the user is authorised and given access to the enterprise network.
The service provides the strongest 2FA, and encryption algorithms as strong as AES 256. The OTP is as strong as eight character Base 64, which I believe is the most secure type of password available.
Portal of call
A secure managed authentication portal may let users carry out all the administrative tasks associated with organising access and assigning tokens, without having to contact the supplier. Additionally, a service desk can be provided to give advice, answers, and assistance in planning, implementing, and managing the service.
A service level agreement can also be put in place to make sure a high level of service is provided. The cloud facility is hosted in a Class A data centre with high availability and redundancy.
The increase in end points needing access to the company network coupled with the current financial insecurity suggest that the hosted authentication market is set to grow. In my opinion, it is likely to prove the best current option for many companies wanting to improve their access security.
David Phillips is business development manager at Wick Hill