As networks become more virtualized, the subject of cyber security in the New IP world is an important one. As service providers look to put more power in the hands of their customers through services like bandwidth on demand and more, they need to ensure their customer portals are customer-friendly but secure at the same time. As the Verizon report notes, "If your login process is too complex, people will stop using your services. But they'll also desert you if their privacy is breached."
How to strike that balance is a big question. To answer it, Verizon points to the following advances in mobile and cloud technology as practical solutions:
Mobile and biometrics Smartphone-enabled authentication solutions let users log in by scanning a QR code with a device that has been registered with the services. In addition, mobile is one of the key drivers for biometric solutions can ensure secure access to systems using voice and face recognition, fingerprints, ears or even retinas. While the Verizon report concedes that the high cost of these biometric solutions currently keeps them confined to industries like high finance, over time, they will become more affordable for other industries to adopt.
Software tokens A software token is a type of two-factor authentication security device that may be used to authorize the use of computer services. One key advantage of using software tokens is that they work off the smartphone people are already carrying.
As the Verizon report points out, the advantages of software tokens go beyond the savings realized by eliminating the need to purchase "dedicated hardware" to serve as tokens. It "reduces the inconvenience of carrying around a separate device" and makes it possible to "install the same application on multiple devices, simplifying the user experience."
For example, one service that is based on the software token solution is OpenWays which replaces physical hotel room keys with a unique sound that can be played by a hotel guest's phone to open their door locks.
ID-as-a-service For some organizations, security is to be found in the cloud in the form of ID-as-a-service (IDaaS). The advantage of IDaaS, according to the Verizon report, is that it "is available as a co-managed or fully-outsourced solution, removing the burden of verifying new users' identities and managing authentication." With IDaaS in place, users can be assured of secure access to the system, no matter where they enter from. Another plus for IDaaS is that it shows authentication in real-time. This solution also eliminates the need for special equipment or upkeep on the part of the organization, checking off both the cost and convenience boxes for an IT department.
Multi-factor authentication In addition to the possible mobile and cloud solutions, Verizon recommends multi-factor authentication. It concedes that "no authentication solution is 100% effective," and recommends managing risk over trying to eliminate it. Ultimately, though, no organization can afford to relax about security. It requires constant checking of the systems, as well as employee training and oversight. (See Cyber Security Pointers From the Pros and watch Dealing with the Breach)
As Bryan Sartin, director of the Risk Team, Verizon, has noted on The New IP, cyber security is a goal that is constantly shifting, and the only way for organizations to keep up is to be prepared and keep moving forward. With advances in mobile and cloud solutions, businesses will be better able to not only manage security but keep their customers happy at the same time.
— Ariella Brown, Freelance Contributor, special to The New IP
Box Zones enable businesses -- including medical and financial services firms -- in Europe or Asia to use cloud services while maintaining the security standards set by their own countries and more local data centers.