Truemag

  • Subscribe
    • New Subscription
    • Account Updates
    • Customer Service
  • News & Events
    • News
    • Events
  • Advertise
    • Media Kit
    • Reprints
    • Contacts
  • Editorial
    • Podcasts
    • Current Articles
    • Digital Editions
    • eNewsletter
    • Editor’s Desk
    • Edit Calendar
    • Contacts
  • Buyers Guide
    • Search
    • Sponsor Index
    • Vendor Update
  • Annual Software Ranking
    • Ranking Form
    • Annual Software Ranking
    • 2018 Software Ranking File Package

Security Vulnerabilities

By Steve Brasen

It seems extraordinary that in this age, when enterprises are hypersensitive about security, passwords are still most commonly employed as the sole method of establishing a user’s identity. The practice dates back to the early days of computing when a simple environment, such as a self-contained mainframe, employed logins and passwords as a low-friction method of granting users access to their accounts. Of course, this was long before the internet and wireless communications enabled multiple pathways of potential security breaches. Today’s more dynamic environments require increasingly robust and reliable forms of identity management.

The advent of the mobile revolution began more than a decade ago, and resulted in the establishment of broad accesses to business applications, data, and services from any device, at any location, at any time. That same timeframe also saw the accelerated adoption of cloud services to support business operations. Today, sensitive business IT resources are distributed across internal and external storage environments, cloud services, web applications, virtual environments, and software as a service (SaaS) platforms, and devices that operate outside of the confines of local business networks access all of these. Most organizations had to implement these radical departures from traditional IT management practices with little time to architect more robust security practices, relying on antiquated password solutions that expose the business to extreme risks.

Password Concerns
Passwords rely on fallible human beings as the sole arbiters of enterprise security. Most people are simply not effective at performing proper password management practices. In order to be easy to remember, users often use weak passwords, and the same password is typically utilized for many—if not all—accounts. Additionally, passwords are rarely changed and are sometimes written down or shared with colleagues. Of even greater concern today is the fact that phishing and ransomware techniques have become so refined that they can convince almost anyone to voluntarily handover or expose critical passwords. While it has become commonplace to hold users accountable for their password practices, it is not their fault that password breaking tools and techniques have far surpassed their management capabilities. Human brains are simply not designed to be complex encryption services, and organization should not rely on users to maintain enterprise security protocols.

The time users spend maintaining, updating, and resetting passwords can have a profound effect on job performance. In fact, recent EMA primary research, Orchestrating Digital Workspaces, indicated that password management was the most impactful challenge to end-user productivity. Anytime a worker is distracted from accessing business resources to perform a password management task it takes, on average, ten to 20 minutes for them to refocus back on the task they needed to perform in the first place.

Single sign-on (SSO) greatly reduces the impacts and risks of an overreliance on passwords for access management by substantially reducing the amount of effort users must perform to access business resources. However, this should only be considered a first step in enabling robust identity and access management that ensures the security of an organization’s most critical data and IT services. EMA favors the use of multifactor authentication that employs a number of methods for confirming a user’s identity, including device authentication, user behavior detection, and biometrics. The more layers of identity protection are dynamically applied to authentication process, the more challenging it will be for malicious attackers to exploit imperfections.

Security Considerations
Access and identity management is a critical concern for enterprises. Security risks are real and SSO strategies can help reduce the reliance on passwords.

Nov2017, Software Magazine

Nov 8, 2017Olivia Cahoon
How IoT is Fueling a Shift in the World of Mobile App DevelopmentAddressing Business IoT Risks
Product Centrics
TrueNAS Open Source Storage Platform brings Full Windows ACL Support to Linux

Fully featured Windows file system ACLs are well supported in TrueNAS 12.0 (CORE and Enterprise), but not generally supported by Linux. Thanks to some innovation, and sweat from the iXsystems engineering team, TrueNAS SCALE 21.08...

Driving Successful Digital Transformation Initiatives in 2022

Well, the end of the year is the perfect time to reflect on all the past year's activities and plan for the coming year. As we plan for 2022, one thing...

Recovery Platforms

Established in 2013, Imanis Data, previously Talena...

Data Driven Efficiency

Founded in 2003, Tableau is a public software company...

Updated Hitachi CRM

Building Product Manufacturers (BPM) require...

Quick Links
Untitled Document
SW500 SW500 SW500 SW500 SW500
2022 © Rockport Custom Publishing, LLC