Ushering in an Era of High Assurance Passwordless IAM

CIOReviewIndia Team | Wednesday, 27 January 2021, 13:36 IST

  •  No Image

Ushering in an Era of High Assurance Passwordless IAM

Compromised user credentials have always been the common network entry points for hackers. In 2017, one of the world’s largest accountancy firms experienced a major data breach due to poor Identity Access Management. It happened despite the company having a robust, multi-layered security system. The hackers were able to bypass it all with a simple password. It proves that having strong security with poor IAM solution is equivalent to building a giant fortress around the data but leaving the keys in the door. And now with the shift towards work from home, the chink in the armor of enterprise security has become easier to exploit.   

To discuss this challenge, CIOReviewIndia organized a webinar in partnership with Entrust and iValue. We brought together several eminent experts who shared their views on the current challenges in identity and access management and how to address them.

The discussion started with the keynote address by Santosh J Mane, Sr. Channel Manager - South Asia, Digital security solutions division, Entrust.  

“Creating trust across geographies between people, organizations, and devices is the essential enabler of modern life. We have been in the business of enabling trust in everyday life for more than 50 years now. In your daily life also, by some means, you might be using Entrust Physical as well as Digital Identity solution as security. The company started in 1969, revolutionizing the banking and consumer behavior with data card technology. In 1987, we were acquired by Quandt family which also holds a majority stake in BMW. Stefan Quandt is the Chairman of our board and is committed to long term investment for our growth. From 1987, the growth trajectory of the company turned exponential. In 1990, we extended our card issuance capabilities into desktop world. In 2010, we solidified our market leadership in delivering a complete trusted financial instant issuance solution. In 2013, we acquired a company called Entrust and we made a strategic pivot to the world of digital trust and expanding our portfolio with world class digital identity offerings. So, it has been more than 50 years and we are $800 million company with 2500+ employees.   

Santosh J Mane, Sr. Channel Manager - South Asia, Digital security solutions division, Entrust.

“Security is our core business and not an add-on. We have the most robust security portfolio available in the market with full sight of physical and digital solutions. The fastest growing part of our portfolio is digital security. Through both organic growth and acquisitions, we have built this portfolio of core technologies that are essential for securing our connected world. One of the major differentiating factors of our solution is the high assurance security. As the number of attacks is increasing with the adoption of work from home culture, our IAM solution encompasses every aspect right from onboarding to engagement. It includes not only MFA (Multi-Factor Authentication) but passwordless capability, zero trust, and risk-based or adaptive authentication. And as per the market demand, we are offering it with a cloud-based, on-premise, and hybrid models.”

How Automotive Manufacturers Can Address the Challenge of IAM 

Chulanga Perera, CIO, Daimler India Commercial Vehicles Pvt. Ltd.

Chulanga Perera, CIO, Daimler India Commercial Vehicles Pvt. Ltd. shared his views from an automotive manufacturer’s perspective. “When we look at the automotive sector, we have vehicles that are connected. That is one part of it. And then it is about monitoring who has access to what and the ease with which you can access systems and tools. The availability of data to you is very important. It has become more pertinent in today’s day and age because a lot of employees irrespective of the industry are working from home. There is a lack of awareness of the importance of securing identity and access management. Be it single sign on or multi-factor authentication, we have to take the initiative to help people understand the consequences.”

“Secondly, most organizations are reactive rather than being proactive. Threats will always remain given the constant evolution of technology and people will figure out new ways to penetrate the systems. You have to be proactive in order to counter the evolving threats. When it comes to IAM, a lot of organizations struggle as it is a major investment. They see it as a major CapEx and OpEx, and shy away. So, each organization needs to figure out what is important and how to secure that. And then it is about the ease with which access can be given to the right people.”   

IAM Challenges for the Education Sector and how to Address Them   

Krishnamohan B, CIO, Tata Class Edge Krishnamohan B, CIO, Tata Class Edge expounded on the importance of IAM with regards to the education sector. “Product development people have to take care of their identity and access control. Firstly, the internal business systems are there and there would be external systems for the products. So, we have to secure all the data and access controls at both ends. The awareness needs to be increased especially with the customers as well as the internal users. We need to give secure access controls to business systems. Also, we need to have an audit regularly in a period of a year or every 6 months to see the improvement and identify the threats if any.”

How IAM is heading towards a High Assurance Passwordless Future

Lawrence Tan (LT), Technical Sales Consulting Manager, Digital Security, Asia Pacific & Japan, Entrust Lawrence Tan (LT), Technical Sales Consulting Manager, Digital Security, Asia Pacific & Japan, Entrust explained how IAM is evolving and moving towards a high assurance passwordless future. “The shift towards work from home has made digital transformation imperative. Organizations are trying to find ways to secure the access to confidential data. With adoption of BYOD, employees are bringing their own devices to work and those devices have to be authenticated. So, providing them with access while making sure that the company resources are secure is a challenge.”

“97 per cent of enterprise decision makers believe that Covid—19 pandemic has sped up their digital transformation by six years. 67 per cent of the IT industry is of the opinion that Work from Home (WFH) is going to be a long-term or permanent thing. But a lot of companies are not ready for this as there are many loopholes in their enterprise security that can be exploited by the hackers. As a result, the financial losses are expected to amount to $6 trillion by 2021. Hence, there is an urgency for securing data access and transactions.”

“80 per cent of hacking-related breaches are caused by compromised credentials. Hence, passwordless authentication is gaining momentum because we know that having a password does not really secure the access. There are several passwordless approaches that can be followed. The most common one is the usage of smart phone for authentication through biometrics. Another approach is FIDO2 key which is an authentication standard wherein the customer can use FIDO2 token as a second factor authentication. Third one is the push notification which is being increasingly used. Fourth one is the High Assurance PKI based smart credential which is being used in e-passports, national Id projects etc.”

“There are three steps in the approach for securing digital identity. First we have to establish trust, then enable the transaction and finally maintain the trust. To establish trust, our solution allows the user to use his phone to capture his Id and then the characteristics of the Id are analyzed.  It is followed by two classes of facial recognition match and liveness test. Then for validation, over 50 forensic tests run in the back end within seconds in the same seamless process. The high assurance secure mobile identity can be used to authenticate across digital and physical channels. When it comes to transaction, the credential based passwordless authentication makes a huge difference. There is no need to enter the Id and password as the smart identity itself is unique. The mobile device gets connected to the desktop through bluetooth and asks the user to approve the access, after which the user can log in to the system and do a single sign on. Finally, to maintain trust, data analytics is performed to understand the user behavior and a decision is made by the system to allow the user or challenge the user by asking for second factor authentication or block the user.”

Lawrence also shared several examples of how the Entrust solution is being used across industries. All in all, the webinar helped the attendees gauge their level of IAM maturity and showed them the way forward for addressing the IAM challenges faced by them in their respective industries. 

CIO Viewpoint

Information Security awareness for Employees:...

By Ravinder Arora, Head - Information Security, Iris Software Inc

Get ready for the Digital Boardroom

By Robert Jan van der Horst, IT Director & M. Kumaresan, IT Head (BU-AMEA), DSM Sinochem Pharmaceuticals

Acquiring Valuable Data Insights via Hadoop

By Anup Purohit, CIO, Yes Bank

CXO Insights

Agile Software Development & Implementation

By Jayesh Shah, Executive Vice President and Head Technology Initiatives, DHFL FSG

Omnichannel and Customer Service

By Sunil Aryan, Director Practice in Asia at Verint Systems

Humans - Weakest Link in an InfoSec Journey, or...

By Shailendra Singh, Chief Information Security Officer, Capillary Technologies