Friday, 20 February 2009

Let me ask you one simple question:

“How do you weigh up IT Security costs in your organisation?“

Sometimes, it's not just a number on an invoice. If your company suffered from a malious attack from a fraudster who stole important data or brought down critical business systems what would be the full cost to the business?

To start with there's the expenses of legal fees, call centers and lost employee productivity. There is also regulatory fines, a fall in share prices and customer losses to consider.
The fact is that the loss of sensitive data can have a dehabilitating effect on an organization's bottom line- especially if it is ill-prepared. A Forrester report published last year estimated the cost to be between $90 to $305 per record lost which does not include additonal marketing activities and discounts offered to rebuild customer loyalty. There are weekly media reports of these e-crimes. A Best Western Hotel was a recent case. Whilst the security breach has been closed, the after shock from this data loss goes beyond those whose personal data could have been compromised. Only 10 people affected?

How confident would you be at booking your next stay with them? So whilst departmental heads are looking to trim pounds off their budgets due to the economic climate, reducing your IT security budget to zero may cost more than you think.

Let me ask you one simple question:

“Do you know the different between Identity and Authentication? ” Actually this can be quite a hard question to answer but put simply, identity is the state or fact of being the same one as described whereas authentication is to establish as genuine the facts presented. Clear as mud I'm sure!

So here's an example to help you: James Brown has a key to unlock and drive his car. The car can be unlocked as he approaches his car but only by his key. However, if Joe loses his key in the car park whoever finds it has the ability to unlock and drive that car...and could even copy that key. What has happened here is that the key provides an identity the car recognises or "fact of being the same." It has no way of questioning the validity of the user within the request.
Can you imagine if all you had for your bank account was your cash card, or to logon to your laptop, was a username? This is why PIN's and passwords are used to form part of the authentication process, but all too often we make them useless but simplfying them, writing them down or even letting others know it!

This is why two-factor authentication is not only becoming increasingly popular but standard for a growing number of industries and organisations serious about authentication. So if James Brown's laptop that was in the back of his car was protected with 2FA, the 'new owner' would have to know his user name, PIN and have his password token to 'be him' in order to authenticate to the server.

The benefits of authentication over identity are clear.
Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan