The data heist – why identity and access management is critical in the digital workplace
Imagine that moment when your laptop is snatched on your commute home from a café. The thief isn’t too bothered about the actual hardware, in fact, it is in the data residing on your laptop that can be incredibly valuable to them. You hold industry sensitive information and personal data on your device. When will the leaks begin? And how much is that data worth on the dark web?
Stolen laptops continue to be a huge headache for businesses and government departments alike. At least 1,000 UK government laptops, computers and USB flash drives were reported lost or stolen since the general election in May 2015, according to official figures. Over in Hong Kong, earlier this year, the personal information of 3.7 million voters was potentially compromised after two laptop computers went missing at the Registration and Electoral office for the chief executive election. And one in four breaches in the US financial services sector over recent years was due to lost or stolen devices according to a 2016 study. With more data being held in the cloud now and simple passwords still in use, the data is insecure.
Weak passwords and stolen or misused credentials are responsible for 81% of data breaches according to a Verizon 2017 Data Breach Investigations Report. Breaches caused $1.6B in damages to business and reputations in 2016 alone. Of great concern, from 2015 to 2016, there was an 86% increase in records compromised by data breaches, and from 2015 to 2020, cybercrime damages are predicted to rise from $3T to $6T.
At the same time, the digital workplace is leading to enhanced collaboration and flexibility, enabling the workforce to identify and capture new opportunities and find better ways to solve current problems. For the enterprise to take full advantage of its talent though, it must ensure that they have access to the right data. And it must also minimize the risk of extremely expensive and damaging breaches, which often begin at the credential level.
Multi-factor authentication (MFA) is one way to counter data breaches, and the market is set to reach $12.5bn by 2022. It can dramatically increase security by using multiple components. For instance, you might have a password, a pin, a smartphone, a finger print, or a retinal read. When you couple two of these mechanisms together, you dramatically reduce the chance of a data breach. However, multifactor authentication that operates at the software level is not sufficient protection. If you’re forcing users to regularly change their passwords, they’ll write them down on paper which defeats the whole purpose.
While (MFA) has been a concept for several years now up until now it has not been as reliable as organizations need. For example, in hospitals, fingerprint readers don’t work well because of users wearing gloves or having ointments on them. Facial recognition is fairly effective but that assumes all devices have cameras built in them. In the corporate sector, enterprises also use Public Key Infrastructure (PKI) cards, a smart card that’s designed to enable strong MFA and allows remote access, network access and password management. PKI cards are expensive to administrate though, presenting a significant overhead for businesses. And if an employee loses a PKI card, it’s not easy or speedy to replace the card, resulting in lost productivity.
We’ve been collaborating with Intel for the past five years creating solutions for the digital workplace, and recently Intel has launched Authenticate, alongside Atos’ consulting capabilities. Intel Authenticate capitalizes on the fact most people have a smartphone.
Working together, Atos and Intel have taken a new approach to protecting data. By using something most people have (a smartphone), with something they know (such as a PIN) and are (defined by a finger print), Authenticate strengthens identity protection through multi-factor authentication at the hardware layer. Working with a smartphone and a PC’s Bluetooth (the user doesn’t need an internet connection), an MFA can be created while the IT department is not incurring a significant additional cost. Other more traditional approaches to MFA cost 10s of millions per year in large enterprises.
We’ve been analysing user adoption trends in the workplace for several years now. What makes Intel Authenticate different is that it’s embracing MFA with well-known devices and technology rather than making the IT department deploy something unfamiliar to employees. CIOs can still achieve the same level of security but capitalize on existing equipment, making budgets work harder and ID protection hardened.
And this type of MFA has wider applications in industry too, particularly in banking, healthcare and hospitality; any place where you want a secure way of sharing banking information or medical records for instance. As we continue to see greater numbers of freelancers, contractors, consultants, and temporary workers collaborate together as part of the gig economy trend, the unifying factor is that all these different types of workers have a smartphone, regardless of their employment status and location. So as the digital workplace gathers pace, so too will smartphone-enabled multi-factor authentication, and it will be harder for criminals to extort data from stolen laptops.