Arcot predicts Identity and Access Management
to be a key security focus for 2008
Sunnyvale, California -- December 14, 2007 — Driven by rising information fraud – personal, business and financial information - and regulatory compliance, Arcot Systems, providers of authentication solutions to banks, businesses and online merchants, predicts a renewed focus on identity and access management for security departments in organizations around the globe during 2008.
The company outlines 5 trends in this area for 2008:
- User centric ID management - more control of who goes where in the network
No longer focused purely on the perimeter and keeping people out, security and IT departments will become more focused on controlling who is accessing what information in the network.
Arcot expects to see companies introduce more detailed identity and access management policies. These will focus more stringently on user-centric identity validation– looking not just at whether they have the right user name and password, but also whether they have additional online credentials that prove that they are the actual owner of the online account or have the right to access the online portal. But the validation doesn’t stop at the perimeter, it will go on to control what specific information users have access to. As such, strong authentication will become even more an integral part of the network security infrastructure and part of a consolidated identity and access management solution as companies realize that single-factor password access control is outdated.
- Consolidation of point identity and access management solutions
Many organizations are running multiple solutions for authentication, password management, identity and access management, which can expose enterprises to fraud and information leakage, with fraudsters targeting the weakest link in the solutions suite. Arcot expects many companies will want to reduce the risk of fraud and information leakage by consolidating these systems into an overarching service-oriented architecture, which will also make management of identity and access policies easier. Analysts recognize the importance of identity validation services as being essential for fighting fraud and building online reputations.
In fact being able to effectively leverage SOA models is important for identity and access management because the applications infiltrate every level of the enterprise architecture. Identity is the single common thread that permeates every application in a modern company’s application portfolio, yet so far there has been very little industry progress towards enabling large scale identity enablement through SOA and web services.
- Green IT movement will lead to increased use of digital signatures
As companies seek to reduce costs and cut their carbon footprint, the use of digital signatures, particularly in sectors where business process are paper intensive such as insurance and pharmaceutical, will become more commonplace. Analysts agree - IDC says that the use of digital IDs and electronic contracts will grow over the next several years and Gartner has listed Green IT among its 2008 MegaTrends.
The potential savings from replacing ink signatures and paper documents are significant. The pharmaceutical industry estimates that approximately 40% of annual research and development costs are attributed to paper-based business processes, representing $9 billion in the United States, alone.
The latest developments in digital signature technology are already making digital signatures easier to use and deploy, which will help speed up adoption and roll-out. Further, the server-based signing approach will take away the challenges of key management via trusted key authorities that have been a hurdle for adoption of digital signatures in the past.
- Increased emphasis on building a secure infrastructure for all companies with online businesses
Businesses trading online will be spending more time in 2008 securing their infrastructure in order to combat rising fraud and personally identifiable data losses such as with the TJX Companies incident earlier this year. Arcot expects that PCI compliance will become central to this strategy.
PCI regulations now require all businesses and merchants that accept payment online to comply with 12 key security policies that essentially ensure credit card data is transmitted and kept secure. Although many experts believe PCI compliance has been lapse to date. The message is clear: if you need to obtain personal information to do business you have a duty to keep it safe.
Arcot also expects being PCI compliant to be a quality stamp that partners, customers and suppliers will check before they do business with you, in the same way that the padlock is used today. Although complying with the PCI standard can be costly, companies recognize that protecting customer data is less expensive than dealing with a security breach.
- More use of encryption as individuals seek to keep personal information private
As social networks have grown in popularity, so too have the number of threats and malware planted on these sites. Arcot predicts that as more people experience loss of personal data such as their identity online, there will be a renewed drive by companies as well as individuals towards encryption.
Social networking is taking off very fast. According to Ovum, 10.8m British people have registered at one of these sites, and 25% of them have posted confidential information about themselves. More worryingly 13% have posted confidential information about someone else without seeking their permission.
"2008 will be the year that organizations focus on stamping out Identity fraud by ensuring they verify the identity of customers and/or employees," predicts R. Doc Vaidhyanathan, vice president of product management for authentication company Arcot Systems.
Indeed, (ISC)2’s 2006 Global Information Security Workforce Study highlighted identity and access management as one of the top 5 technologies that companies in the Americas wanted to deploy.
"Authentication is the essential first step of every identity and access management system. Without strong authentication, any other access management procedures that are in place are rendered useless," claims Vaidhyanathan. "Businesses need to ramp up the authentication they are currently using to verify the identities of employees and customers to guard against data loss."
For more information visit www.arcot.com.
|
