Protect cloud with cloud
Neil Hollister says more resellers should consider cloud-based authentication
Customers are demanding greater assurances from their technology partners. Banks, financial services organisations, health services, education and local government are already under regulatory pressure regarding data and information security.
Anxiety about identify theft is growing. The growth in mobility and remote working has already made it harder to verify user identities and putting apps and services into the cloud makes it even more complicated.
End-user organisations are looking for smart, robust security strategies for the cloud. To date, the channel has struggled to show how it will authenticate those accessing the network in a cost-effective and scalable way.
But how about if we used the cloud to protect the cloud? Previously, authentication processes have been somewhat complex because physical tokens were required. For companies that continue to use hardware-based systems, they still can be.
Earlier this year, I visited a large service provider that has been offering two-factor authentication for some time. It was using about 80 servers to manage the authentication and had about 60 people administering hardware-based tokens. This simply does not make business sense.
The process of managing hardware tokens – retrieving them from people leaving the business or unsubscribing from a service, taking them off the system, requesting new tokens for new starters or customers, sending out those tokens and verifying them on the network, and sorting out any problems – took a large number of people.
Done in the cloud, it would not use any of the customer's own servers and would take just five people. There is no need for capital funding for new hardware, no maintenance and infrastructure management costs, no more "Patch Mondays", and a lot of resources would be set free.
SaaS-based authentication also offers more robust perimeter security.
And over time, there will be more companies and people storing more information in datacentres, and more users accessing information and apps from more locations, on more devices.
Against this backdrop, if you are not offering strong authentication, you are missing quite a trick. You are also arguably not giving your customers the protection they deserve and are already starting to demand.
Offering stronger authentication can also drive higher average revenue per user.
Not many resellers offer it as standard at the moment because they perceive it to be complicated and expensive. I disagree; I think it is simple, easy and affordable. It can be implemented easily and you can manage hundreds of thousands of tokens with just a few people.
If the cloud is the future for infrastructure and apps, surely it is also the future for authentication.
Neil Hollister is chief executive officer of CryptoCard