Here are the myths that impede IT security
Security experts are agreed. The human factor represents the biggest IT security risk for sensitive or business critical information falling into the wrong hands. Users are all too often careless with their passwords. It is simpler than ever for hackers to find out passwords and get in without leaving traces. This causes enormous costs for individuals, companies and society.
Today's IT managers must quickly find new solutions which protect information and business applications from unauthorised access, and offer qualified IT security in an increasingly flexible and mobile world. The solutions must function not just for logging on to computers and critical system. They must also function for logging in to cloud-based systems and apps on mobiles and tablets. They must also be fast and easy to use.
The complexity means that IT security is often neglected, as it is perceived as too complex and expensive to implement adequate IT security.
However, today there is every opportunity to find a qualified solution, which simultaneously satisfies the organisation's requirement for improved security and productivity and the employees' desire for user-friendliness and flexibility.
The modern solution is to replace traditional passwords with individually issued certificates. The user thus only needs to keep track of one PIN code and one bearer, administered from a single place for all target systems.
10 myths about secure login
The transition to certificate-based IT security entails a new approach, and as with all paradigm shifts it raises questions.
Here are some of the most common queries we encounter surrounding certificate-based security.
It is expensive to introduceTraditional password management is not free. According to independent reports, administration of passwords costs Swedish companies SEK 1,500 – 3,000 per employee and year. A well implemented certificate-based solution with concomitantly reduced administrative costs can recoup the entire investment in one to two years. Added to which are recurrent benefits in the form of less administration, increased staff efficiency and the value of having good IT security.
It is complex to install and maintainThe hesitation that can be felt prior to introducing certificate-based security is like deciding to continue heating using oil as you don't know anything about geothermal heating. But you don't need to do everything yourself. Qualified help is available to select the right solution and to plan, install and maintain it. Support in producing well thought-out issuing procedures and a trained help desk make the transition smoother. Engage a competent supplier and demand that the solution functions before you pay.
Our employees have enough passwords, cards, keys and boxes. They don't want to have to keep track of moreEnd user's have a range of needs, and based on those needs, the organisation can select to store the certificate in different types of units including mobiles, computers, YubiKey, in the computer (Virtual smart card) or on a traditional smart card. The smart cards are often multifunctional. One card can be used for single logon to the IT systems, to enter doors, as an identity document, in tidomat, for bar codes etc. Smart cards give the employees fewer items to keep track of, not more.
Our users cannot manage smart cards. They will lose, forget or leave their cards behind in the card reader.
We had bank cheque books as recently as the 1980s. Then we changed to payment cards and PIN codes. Today nobody leaves home without their card in their wallet. And it is very rare that we leave them behind in payment terminals. Today the certificates are soft or hard and there are different certificate-bearers for different needs.
5. It won't work for employees who travel a lot and have to be able to access their web mail from their mobile or tablet.
New methods to furnish mobile apps with support for certificate-based login are being developed all the time. Today it is it simple to provide the actual mobile with a certificate via an MDM (mobile device management) system. The mobile is set to authenticate the user with the certificate instead of user name and password. A policy for information security which expresses the organisation's requirement for IT security determines the solution.
PKI and smart cards are too advanced and unwieldy for us to administer.
A modern management system can link together and adapt the issuing flow for selected certificate-bearers and user accounts according to each organisation's unique needs. A user-friendly interface simplifies and streamlines issuing and management of certificates and bearers.
We cannot physically administer the certificate-carriers. Our organisation is distributed throughout a large number of locations, several of which have no security administrator.
We work with organisations that are spread over hundreds of places and use smart cards for login. The solution lies in an administration tool that allows distributed management of all types of certificate-bearers. The employees can activate and set PIN codes for their unit themselves. Trained local card administrators manage back-up units and unlocking procedures. Local activation of the unit means that only known personnel are present in the system, in distinction from the situation where anybody can call in to the help desk and state that she is a certain user. A distributed system and decentralised administration therefore normally delivers increased local ownership and improved security.
Our employees need to move freely around the workplace and be able to log in at different computers. It is too time-consuming.
A smart solution offers a number of functions that experience tells us instead simplify everyday life and are appreciated by mobile employees. A single login provides access to all necessary systems and applications. In removing the smart card, the user ensures that the session is finished and the information is secured against unauthorised entry. You can also develop solutions that allow the session to be moved to another work station where the work can be resumed immediately. When the smart card is inserted again and the PIN code entered, the applications and services that the employee last used start automatically.
Our IT environment is so complex that it will barely be possible to integrate the solution.
The PKI (Public Key Infrastructure) IT security method is open and globally standardised. Microsoft, Citrix, Intel, VM Ware and all well-known platforms, applications, firewalls etc. already support certificate-based login through standard interface.
Our system is so old that it only functions with passwords.
There are still older systems and applications, which for various reasons cannot be provided with support for SAML-based (Security Assertion Markup Language) federation solutions or certificates. One alternative is to use dedicated software for single login. The application enters highly complex passwords and changes them regularly with full transparency for the end user.