December 01, 2010, 12:44 PM — Are you really who you say you are? Strong authentication --- everyone talks about it, but where is it? When companies embark on a Cloud deployment, the lowest common denominator of "good enough" is almost always applied. Of course, "good enough" is usually determined by the criticality rating of the data and information to be accessed, coupled with the list of current and potential users. Unfortunately this often translates into a password, or if you're really lucky, a strong password and a picture to identify. And for some things maybe that is good enough, but most of us who are increasingly dependent on digital technology to pay our bills, order our goods, manage our finances and plan our trips, are beginning to realize that good enough might not be nearly enough.
A friend called me last weekend, panicked and furious, after her online bank account had been hijacked. Unraveling this type of criminal activity is an industry in itself, but more proactive prevention is needed on all sides -- consumer, corporate and government. The marriage of strong authentication (two-factor or multifactor) to Cloud deployments has been anticipated for several years. Back in 2008, the Information Systems Audit and Control Association (ISACA) issued a report that stating that two-factor authentication systems, when coupled with encrypted VPN connections, could serve to "secure an internet connection into a cloud computing-based service." The ISACA concluded that using such techniques would tend to make interception of files and transmissions almost impossible. I mean, nothing is foolproof, but this sounds like a solid beginning, right?
Well, where are we today? I won't go into the typical security analyst laundry list of widely-publicized data breaches and penalties. It's not like there is a lack of technology out there to solve these issues. RSA, the Security division of EMC, SafeNet, Gemalto, VASCO, Entrust, ActivIdentity (recently acquired by HID Global), VeriSign/Symantec, Arcot (now CA) and other companies have proven solutions. It comes down to convenience and expense --- which ultimately translates into "good enough". But as our daily interactions, be they business, social or personal, are increasingly conducted over the internet, and these are increasingly hosted on virtualized Cloud platforms, "good enough" is going to have to become "much better".
We need to know who is on the other side before we open the door.