Reports & Whitepapers: Landscape

Raconteur: Future of Authentication

Issue link: https://onfido.com/resources/i/1244439

Contents of this Issue

Navigation

Page 0 of 9

R A C O N T E U R . N E T 03 /authentication-2020 s the coronavirus outbreak rewrites corporate rule- books across the globe, businesses are starting to shift the way they work. Offices are being abandoned and more employees are working from home. Ensuring continuity of business isn't simply a case of sending staff home with a work phone and laptop. Authentication methods that keep data secure and corporate networks safe are high on the list of all board- room members, not just chief infor- mation security officers. While business IT capabilities have been advancing at a pace, the COVID- 19 pandemic is the catalyst for wider, faster change. It is set to be a tipping point for widespread adoption of strong authentication options. "The world largely has the com- munications infrastructure in place to enable this unprecedented shift from in-office to remote work," says Andrew Shikiar, executive director of the FIDO Alliance, a non-profit consortium including big tech firms like Apple, Google, Facebook and Microsoft, which develops strong authentication methods for home working. But there is a risk. "In this rush to enable remote work, it can be easy to overlook formal training and imple - mentation of security best prac- tices," he says. Proven authentica- tion is important. Network systems provider Cisco has helped businesses big and small move 17.5 million workers to safe home-working practices during the COVID-19 lockdown. Twelve million of those employees have used one of the company's multi-factor authenti - cation (MFA) methods, while Cisco's Duo Security MFA product has seen double-digit percentage increases in the number of weekly sign-ups, according to John Maynard, Cisco's vice president of global security sales. When employees largely accessed files and data from devices based in the office, it was easy to ensure they weren't compromised. Now, people are working from home, often on laptops and mobile phones that are also personal devices, and logging on to work networks through home broadband connections that could be compromised. So businesses have to adapt the way they work by providing employees with a method to prove it's them. "There's a paradigm shift that has been happening in the secu - rity industry for some time, which is the concept of zero trust," says Maynard. Traditionally, anyone who was able to access a corpo- rate network was given the keys to the castle because they must be trusted if they could get there. With home working, a rise in phish- ing attacks and a general increased awareness of cybersecurity issues, that's changing. "In a zero-trust world, the default position for any user is they are untrusted until I can verify their identify and the health of their device," says Maynard. The key question any number of authentication methods asks users is simple: "Are you really you?" Traditionally, we've relied on pass - words to prove that. "The first thing people think of is the longer your password, the better it's going to be," says Mike Johnstone, cybersecurity researcher at Western Australia's Edith Cowan University. But long passwords are unpopular. The alternative is MFA to verify users. This can take the form of a text code sent to a user's mobile phone for them to enter once they've inserted their password or physical code generators that cre - ate single-use codes. Google and Microsoft have authen- ticator apps, while biometrics such as fingerprints or facial recognition, are also useful authentication methods. "If having a single point or mecha- nism of authentication is a bad thing because it can be compromised in some way, having multiple means is generally better," says Johnstone. That's something Thales Group, the international conglomerate that protects seven in ten credit and debit card transactions world- wide, knows too well. "We've never been in this situation before," says Howard Berg, senior vice president at Gemalto, a Thales company. "If you had something highly confi- dential to discuss, you'd arrange a meeting and see them face to face. Suddenly that's not available to us." Thales employees have long used a smartcard similar to a credit card, inserted into a reader or directly into a PC, to authenticate users. The card cross-checks certificates with the device. If there's a match, the connection to Thales' internal net- work is made. It's not just working from home, but also approving vital loans that now require alternative authentica- tion methods. Hitachi Capital, one of the UK's leading business finance providers and a partner in disburs- ing the UK government's corona- virus business interruption loans scheme (CBILS), used legally to ver- ify applicants for loans in person. Now that's not possible. "As a partner in CBILS, we knew we needed a digital way to vali- date applicant identity for the vast majority of our business, which is handled indirectly via partners," says Jo Morris of Hitachi Capital Business Finance. Hitachi has started using a two- step verification system, which cross-checks an identification docu - ment such as a passport with a "live" video selfie on a web-based platform provided by Nomidio, a biometric authentication service. The video prevents scamming the system. The approval process takes a minute. "We're able to deliver a consistent ID check that's comparable to, if not even more convenient and secure, than our face-to-face process used pre-coronavirus," says Morris, who expects to use the Nomidio system after COVID-19. She's not alone. "I think behav - iour will change dramatically after this," says Berg. "We will probably have a different understanding of how we communicate when we're not face to face." There'll be extra layers of authen- tication, whether using biometrics, codes or external devices like cards, more security built into the devices that we use to access communi- cations systems and servers, and even other indicators, such as geo- location or behavioural biometrics, including the way we type or talk, to verify the person accessing systems is who they claim to be. "We're suddenly in a situation where we're totally reliant on the world around us," says Berg, "and we're not able to do things physically as we always have." A catalyst for change FUTURE OF AUTHENTICATION @raconteur /raconteur.net @raconteur_london Government-mandated home working has forced companies to reassess how they identify and onboard employees, and could prove to be a catalyst for strong growth in the authentication sector Nick Easen Award-winning writer and broadcaster, he covers science, tech, economics and business, producing content for BBC World News, CNN and Time. Marina Gerner Award-winning arts, philosophy and finance writer, contributing to The Economist's 1843, The Times Literary Supplement and Standpoint. Christine Horton Long-term contributor to specialist IT titles, including Channel Pro and Microscope, she writes about technology's impact on business. Ed Jefferson Journalist and creative technologist, his writing has been published in The Guardian, New Statesman and CityMetric. Alexandra Leonards Journalist, specialising in-depth features on a range of subjects, from current affairs and culture, to healthcare, technology and logistics. Josh Sims Journalist and editor contributing to a wide range of publications such as Wallpaper, Spectator Life, Robb Report and Esquire. Chris Stokel-Walker Technology and culture journalist and author, his work has been published in The New York Times, The Guardian and Wired. Distributed in Chris Stokel-Walker Published in association with Contributors Although this publication is funded through advertising and sponsorship, all editorial is without bias and sponsored features are clearly labelled. For an upcoming schedule, partnership inquiries or feedback, please call +44 (0)20 3877 3800 or email info@raconteur.net Raconteur is a leading publisher of special-interest content and research. Its publications and articles cover a wide range of topics, including business, finance, sustainability, healthcare, lifestyle and technology. Raconteur special reports are published exclusively in The Times and The Sunday Times as well as online at raconteur.net The information contained in this publication has been obtained from sources the Proprietors believe to be correct. However, no legal liability can be accepted for any errors. No part of this publication may be reproduced without the prior consent of the Publisher. © Raconteur Media raconteur.net Sebastien Salom-Gomis/Getty Images A 71% Centrify 2020 of UK decision-makers believe that the shift to 100 per cent remote working during the COVID-19 crisis has increased the likelihood of a cyber breach A D O P T I O N Publishing manager Emma Ludditt Deputy editor Francesca Cassidy Head of production Justyna O'Connell Design Sara Gelfgren Kellie Jerrard Harry Lewis-Irlam Celina Lucey Colm McDermott Samuele Motta Jack Woolrich Art director Joanna Bird Associate editor Peter Archer Managing editor Benjamin Chiou Digital content executive Taryn Brickner Design director Tim Whitlock 79% have increased their cybersecurity procedures to manage high volumes of remote access 46% have noted an increase in phishing attacks since lockdown Peter Yeung Award-winning journalist with a background in social anthropology, he has written for publications including The Guardian, Wired and The BBC.

Articles in this issue

Links on this page

view archives of Reports & Whitepapers: Landscape - Raconteur: Future of Authentication