Snippet: Cybersecurity is a large and complex problem. Companies have to protect the perimeter, authenticate legitimate users, respond to threats and probe the system for vulnerabilities. Most companies build a patchwork of systems that provide strong protections for each of these levels.

Cybersecurity is a large and complex problem. Companies have to protect the perimeter, authenticate legitimate users, respond to threats and probe the system for vulnerabilities. Most companies build a patchwork of systems that provide strong protections for each of these levels.

On Wednesday, a thread running through most of the sessions was the limitations of “best-of-breed” solutions and the apparent superiority an enterprise-wide approach to security. This is similar to the struggle financial institutions face determining whether to rely on one technology provider for all their core and IT products, or whether to try to cobble together the best solutions and integrate them into a cohesive whole.

Unsurprisingly, the keynote speakers – representing the largest providers in the industry – advocate the idea of the single provider. 

Stephen Trilling, senior vice president of security intelligence and technology for the Symantec Group, outlined his view of how IT security should work: companies depending on managed security services from a single multi-enterprise entity, achieving economies of scale and visibility across their entire customer base. 

Trilling described how the integration would be completed by the provider, and would evolve with each new attack. Individual client companies would then join together to form a security community sharing information. The result? Attacks would be discovered and stopped within hours, instead of days or months. 

The key to this approach, of course, is big data. If everyone is using the same provider, then the vast amounts of data can be stored in an accessible database where individual client companies can mine and analyze the information to stop attacks. 

To my mind, though, this approach is overly complex, expensive and carries with it all the typical risks of relying on a single provider. 

The FIDO (Fast IDentity Online) Alliance, of which Entersekt is a sponsoring member, hosted a panel discussion on Wednesday that posited the idea that authentication is the key to preventing data breaches. Nils Puhlmann, my counterpart at Endgame, told attendees, “If you look at all of the recent big breaches, they all started with [an attacker gleaning] a user’s credentials.” 

The panelists agreed that the technology already exists to make authentication more secure, but that companies and users alike have been reluctant to give up passwords as the primary sign-in method. 

One of FIDO’s goals is to foster interoperability between different authentication solution providers. This allows relying parties (online service providers like Facebook, Google, Paypal and banks) to mix and match solutions from different vendors fairly seamlessly; and when a newer, better technology for authenticating the end-user comes along, they could accept that too, without necessarily having to change a line of code. 

Now, isn’t that a really exciting idea? An initiative to improve authentication through open specifications, one designed with interoperability, scalability and the long-term requirements of businesses in mind. By comparison, big data feels like last year’s buzzword and, at the same time, still a bit sci-fi: a little like a 1980s space opera rerun. As authentication vendors, we must learn to work together and support open standards. It’s time we all got out of the sticky situation of authentication vendor lock-in!

Subscribe to our blog.


Christiaan Brand

FORMER CTO

Tags

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.