It’s a real challenge: as the “home office” becomes the new norm after the COVID-19 pandemic, companies are investigating how they can continue to transform their digital capabilities to keep their business running, and how to do it safely, despite the communication through untrusted networks and environments.
Next-generation mobile working
Moving out of the office hasn’t been without its problems: with IT environments becoming increasingly complex and new security threats constantly emerging, it’s hard for organizations to ensure they have secure mobile working, let alone anytime, anywhere, and on any device. Now, with home office looking as though it’s here to stay at least partially, companies need to ensure they understand how to deal with threats and keep their digital infrastructures safe from cybercriminals.
“Remote working can be a security nightmare for companies,” says Dr. Ferdinand Buriánek, Head of Portfolio Public Sector, Transit, and Enterprise at G+D. “Lost devices, misplaced passwords, and denied access to business critical applications are often the administrative consequence of increasing remote working. So the first steps to improving this situation are multi-factor authentication and encryption solutions. This means ensuring you deploy a scalable solution that offers sufficient connectivity, traceability, and security for heterogeneous systems that might involve PCs, notebooks, smartphones, tablets, and machines.”
Sophisticated identity-proofing with high cybersecurity levels
It’s essential for organizations to defend their IT infrastructures with cybersecurity that is sufficiently robust to deal with relevant threat levels and avoid unauthorized access to company assets. They must protect business-critical applications and vulnerable data from hackers, with antivirus software and highly secure, scalable cybersecurity solutions that are also applicable for lower-risk areas of the business, such as admin and marketing functions. Failure to protect against vulnerability to malware can lead to serious damage.
As a first step to securing networks and access to company IT systems, identity proofing is necessary to establish whether an employee is who they claim to be. This may be carried out by confirming individual specific details, using, for example, remote biometric validations or the scanning and validation of a photo ID. Once the employee’s identity is verified, the company can issue them with an account and credentials for work use. Once the account is created, it will allow the employee to authenticate to the system based on this validated ID.
In the past, an employee had an email and password to access their work-based IT systems. Today, as organizations comply with corporate security policies and a raft of regulations, they are rolling out more sophisticated identity-proofing and authentication services and solutions as part of their cybersecurity, including additional interactive user-verification methods that can be applied when accessing the most sensitive and confidential parts of a company’s IT systems.
Public key infrastructure (PKI) offers very strong security levels to protect from the modern hacker’s malware, using a public and a private key for encrypting and signing data. It also creates a secure chain of trust to protect internet data. Authentication based on PKI credentials is the most stringent way to protect systems. These credentials can also serve for encryption and digital signatures at the highest level, if they are deployed on smart card technology.
A fast, secure login experience with strong authentication
FIDO authentication is based on free and open standards from the FIDO Alliance. FIDO protocols use standard public key cryptography to provide stronger authentication, enabling password-only logins to be replaced with secure, fast login experiences across websites and apps.
During registration with an online service, the user’s client device creates a new key pair, retaining the private key and registers the public key with the online service. Authentication is carried out by the client device proving possession of the private key by signing a challenge. The client’s private keys can only be used after they are unlocked locally on the device by the user, with a secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second-factor device or pressing a button. If biometric information is used, it never leaves the user’s device.
The beauty of password-less authentication is that it’s easy to use and reduces the need for a helpdesk to provide password reset functions. This type of authentication can include something you are (a biometric) or something you have (an ID token).
Password-less authentication based on biometric authentication minimizes the risk of hacking. It’s convenient and easy to use because, for example, an end user may only need to place their fingerprint on a fingerprint sensor. G+D has developed a wide range of biometric-enabled products that allow a secure and convenient way to authenticate, eliminating the need for passwords.
Securing the home office of the future with robust technology
Going a step further, a fingerprint sensor can be integrated on a smart card. The user’s fingerprint template is securely stored on the smart card; the fingerprint never leaves the card and the fingerprint matching is performed on the card.
“These relatively new cards and devices are expected to see a quick uptake to support the need for secure authentication and payments,” explains Dr. Buriánek. “We will also see the cost of these devices come down to a point where carrying a biometric card or key fob will become as common as your traditional payment or ID card. The home office of the future will be a permanent fixture in many of our lives, and securing it with robust yet easy-to-use technologies, such as fingerprint-capable cards and devices, will be essential.”
Share this article
Subscribe to our newsletter
Don’t miss out on the latest articles in G+D SPOTLIGHT: by subscribing to our newsletter, you’ll be kept up to date on latest trends, ideas, and technical innovations – straight to your inbox every month.