“ KNOCK KNOCK - WHO GOES THERE ?? “ ( or Why authentication matters ?)

Halt who goes there ?  “  The traditional challenge of a guard watching over the entrance to a castle / city / camp / fortress since time immemorial.  
The visitor wishing to gain access,  be they friend or foe,  then had to engage in a process of convincing the guard of the validity of his credentials.  In other words - identification and authentication.   


Isn’t it amazing how little things have changed?    
Today these challenges happen all the time.  When you log on to you computer / to your corporate network / to your email account / to your online bank / to your social network site and so on,  you are required to identify yourself.    Have you considered just how many times you do this every day.   ?  Most of the time this happens seamlessly under the hood without you even be conscious of it happening.   
When you log on to your email account – you don’t re-enter your password every time you log on – let alone every time you send an email.  You don’t re-enter your twitter password every time you log on – it is held in the system (usually a cookie on your computer –which is re-referenced by the site when you open it ).   When you go to your iTunes account and make a purchase – do you have to re-enter your password – usually not,  nor do you have to re-enter your credit card details – these are held – somewhere in Cyber Space – by someone you ‘trust’.  Well presumably you do trust ' them'  otherwise you wouldn’t let it happen ??  
Or have you even bothered to think about it ?  


As the Web/Internet continues its inevitable global advance capturing new users every day – now well into the 3rd billion of users – and the avalanche of services / sites / applications / games / social networks continue to roll on and gather momentum we are faced with the same challenge every day – how do we prove our identity to others and visa versa.    Single sign on solutions/ software downloads / cookies and other automated identification solutions make this easier – but much less secure.   


How would our guard have coped if there was a queue of hundreds of people wanting to get into his fortress each having to verify themselves manually ?  If they each had to state a password as they went through – it would have been easy enough for those at the back of the queue to overhear the password and use it to get in themselves.   Fortunately in those days such queues were not common and so a password was probably sufficient – but frankly not really secure.  Most probably an additional factor like a note or seal from an authorized entity (the King/Duke/Marquis) would have constituted the second factor ( something you have ) in addition to the first  ( something you know ) – thereby completing the two factor authentication process and allowing the messenger to gain access legitimately.  However it would have still been possible for a bad guy to have intercepted the real messenger and stolen the note and co-erced the password out of him and thereby posed as the real messenger and thus gained access to the fortress.   Nothing has changed !!!  Today that bad guy is a hacker who intercepts your credentials through a MITM/MITB ( Man-in-the-Middle/Man-in-the-Browser) attack or through a phishing attack and thereby gains access to your 'fortress/'.  


‘ End point security ‘ has become the new term to describe the security of access (which is increasingly going to be from a mobile device.)    More and more employees are accessing their corporate networks remotely each of them becoming ‘ an island to themselves ‘ and hence the need to secure their communications and their interface with the VPN and the Internet at large.  


Have you seen any headlines claiming  that ‘ the Internet is now secure ‘  -  ‘ you are now safe on the Web ‘  - ‘ ID Theft is history ‘  ?? 

Of course not  – the reason being that the solutions which have been deployed by many many corporations large and small are somehow inherently defective / vulnerable / exposed / weak / cumbersome and so on.    Hackers/ bad guys / fraudsters – (whatever you call them ) are having a field day because security solutions out there in general do not work because they are fatally flawed or because users bypass them because of the hassle factor or because users just don’t use them at all.


Here at PalmTree we recently launched a SAAS authentication solution called Live EnsureTM.   This product is designed to provide better ‘ end point security’ .    At that critical juncture where the messenger seeks to gain access to the castle and is required to provide credentials that will satisfy the guard as to his authenticity – that is where Live EnsureTM comes to the fore.


The product,   (which is a Software as a Service ) and so easily obtainable (download from the portal),  easy to integrate (MashUp – like you would Google Maps or a Twitter feed ) and easy to use and pay for ( Pay as you Go – no long term contracts/ is economical ),  addresses all of the major concerns / issues / vulnerabilities to be found in the majority of ‘authentication ‘ solutions out there.   


These solutions invariably include something ‘physical’  or ‘persistent’  like token/dongle/ card readers/ biometrics/ software downloads/ cookies  or require the use of a 3rd parties network like email or SMS solutions.  (Provided by very well known firms such as RSA/Symantec/Gemalto/EnTrust/Vasco etc ) Each of which carries their own unique usability /vulnerability / cost issues.   The mere fact that we continue to see headlines like “ ID Theft on the rise”  and “ Online Fraud set to escalate” means only one thing – these existing solutions do not work.   


Don’t take my word for it.    We have been talking to a number of analysts who cover this space and some of them have already starting writing /talking about us.  (http://martinhingley.wordpress.com/2010/10/20/palmtree-q410/)   Others who will be writing about us have said in as many words that our approach and solution is  “novel / unique “  and “ goes a long way to addressing the shortcomings of existing solutions” .   We have yet to meet an industry expert who has been anything but complementary about the uniqueness and innovation in our approach.
   
We have extensive third party validation from organizations like the Global  Security Challenge ( where we recently came third in their Cloud Security competition – despite being pre-launch at the time) .  We have also had extensive interaction with Intel/EDS/AON/Munich Re – who have independently assessed and tested our technology and with whom we continue to work and innovate.  There are other big global names with whom we have ongoing dialogue around deploying the product globally. 
So if you seek a solution that is secure, is independently verified, is easy to use, and to deploy,  is affordable and is scalable then try it out for free ( http://www.liveensure.com) .   What have you got to lose ?? 
After all - don’t you want to know who it really is ‘knocking’ on your 'door'   ?  


Comments

Popular posts from this blog

The End of Passwords

WIKILEAKS - the fuss?

SPOOKS - CYBER ATTACK