Many aspects of our lives are dependent on credentials such as logins, passwords or pin codes. As technology continues to be more IP driven and the world more connected, how safe are these credentials that we rely on so much?
You are the target
Credit card numbers have limited value – more information is needed to target you. As Bloomberg highlights, attacks on medical records are increasing because the data is richer. Identity theft requires accessing systems which have more information about you.
Many security breaches involve stolen credentials because virtually all access controls rely on credentials to validate the identity of the user, application or device. Once obtained the perpetrator has privileges to compromise systems undetected. The Sony studio hack in December 2014 illustrated how devastating these attacks can be. But for most people, this was merely a news event.
With more of the devices we use in our life becoming IP connected, there’s a possibility for cybercrime to be felt much closer to home. This could be from spyware, malware or user interface impersonation attacks.
The deeper the relationship, the bigger the impact
The onus of protecting these credentials resides with both the user and also with the associated organization. These organizations include pay-TV and telecoms operators, or even utility companies and banks. As operators expand their relationships with consumers the stakes become higher. They will be more embedded across multiple aspects of a consumer’s life.
If there is a security breach, there is a direct impact on their customer relations as well as on their brand. Recovering from such a breach can take a significant amount of time if new credentials have to be rolled out across an operator’s network. Not forgetting the monetary impact. It’s a different scale to a couple of thousand laptops affected in an enterprise environment. It affects millions of people and devices.
Complexity demands more than technology alone
The challenge for these organizations is how to manage all the credentials. The number of credentials and different type of devices is ever increasing and the diversity of security models continues to grow. What’s more the cornerstone of all security strategies is the organization’s ability to control access to systems and networks.
In such a complex environment, traditional solutions are no longer effective. Technology alone is not enough. An end-to-end process and service is needed to handle the number of components and multi-dimensional nature of next-generation security. The key to managing credentials in this environment is workflow. Being able to track and trace the different nuances in real-time on a massive scale. For these operators, it is about moving security from a back-end discipline to become a front-end customer interface.
In my next post, I will examine in more detail what this means for specific industries such as mobile payments.