Despite the fact that passwords alone have long been inadequate for protecting enterprise networks and data, organisations are still not applying innovative technologies and approaches to improve access controls.
This is according to Kris Budnik, an independent consultant and advisor on IT risk management, IT governance and cyber security, who will participate in the upcoming ITWeb Security Summit.
Budnik believes that passwords are a problem: “Security says ‘the more complex the password, the better’, but the problem is users aren’t good at setting complex passwords. People tend to all follow the password rules in the same way, so passwords become predictable. They become a placebo and give a false sense of security.”
He says enterprise security should instead be embracing emerging and consumer technologies for authentication and location services, to both strengthen access controls and improve the user experience.
“The potential behind the now ubiquitous IOT and location-based services, for example, has not escaped digital innovators and marketers – take Strava or even Google Maps. Yet, little has been done to leverage these capabilities in our corporate environment,” he says.
Budnik says enterprises could, for example, use a phone’s location service to determine that an employee is trying to log in to the network from their home, meaning that the need for strong authentication may not be necessary. However, should the employee be logging in from an unknown location, a one-time pin might be generated to authenticate that user. “You could manage user experience based on where users are, and what they are doing at the time,” he says. “The same goes for facial recognition – we know criminals might try to sneak into buildings to exploit credentials and log in to the network, so we could deploy facial recognition in CCTV systems to track who is in the building, and flag attempts to log in to the system by anyone who has not entered the building.
“We are not embracing the opportunities presented by these emerging and consumer technologies fast enough in enterprises, while the rest of the world is used to consumer apps doing this. Phones, watches and even sneakers track location and use biometrics, so why don’t we use these to enhance our corporate security further?”
Budnik will chair a panel discussion on the convergence of physical security with infosec/cyber security at the ITWeb Security Summit, to be staged as a virtual event from 25 to 28 August.
The discussion, on day three of the ITWeb Security Summit, will explore some of the potential behind consumer technologies and advances in the physical security world that, if realised, could significantly improve the corporate security programme. This session hopes to spark innovative thinking around harnessing and combining existing technologies to strengthen security and improve user experience.
ITWeb Security Summit will feature the latest updates from over 50 international and local information and cyber security experts in keynotes, track sessions, panel discussions, workshops and interactive group sessions. For more information, and to register, click here.