New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
 
Why security breaches are still happening and what really is a tailored authentication approach

PistolStar, Inc. specializes in tailored authentication, providing software products and services that fit with the customer’s environment, as well as optimize authentication processes and address requirements for enhanced usability, security, auditing and compliance.

In the following interview, Mark Cochran, VP of Global Sales at PortalGuard, discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, why security breaches are still happening and what really is a tailored authentication approach.

Rake Narang: How has authentication evolved over the years? Why are security breaches still happening?

Mark Cochran: Authentication has evolved through organizations over steering between usability and security. Early on organizations blanketed static usernames and passwords across their environments, but once threats to security became more robust and frequent, organizations began over steering towards two-factor authentication approaches. Many are now struggling to implement such approaches as the upfront cost and low usability is halting. Where we are now, is trying to answer the question, where is the authentication middle ground? Where are the solutions that have the flexibility to configure authentication down to the individual user?

Increasingly sophisticated threats are requiring an adaptive risk-based approach to deliver robust security while maintaining usability of the enterprise applications. Organizations need to adjust security policies and authentication strategies based on the magnitude of harm that could result from the unauthorized access or destruction of information and information systems that support the operations and assets of the organization. These policies and strategies based on internal risk assessments cost-effectively reduce information security risks to an acceptable level.

Rake Narang: How does risk-based authentication play a role in today’s self-service password reset strategies? What really is tailored authentication approach?

Mark Cochran: Typically, self-service password reset strategies are static and do not take into consideration the events surrounding the reset request, such as what device the user is on or what their location is. Risk-based authentication provides the framework to be able to adjust the self-service password reset method based on either the user’s real-time events, including time, location, network, device and application, and/or defined by a particular user, group or organization.

The Tailored Authentication approach is for those customers who have a unique user base, organizational complexities, specific security and compliance requirements or multiple and diverse applications, our expert professional services and development team will develop a solution adapted to their environment and delivered within the framework of our standard PortalGuard software product.

Rake Narang: What are the incentives for enterprises to migrate to a cloud-based security solution if they have already invested heavily in classic products and services to stay secured?

Mark Cochran: Today’s world is dynamic and needs more flexibility; because of this organizations are receiving demands from their end-users to provide more access remotely to corporate data to increase productivity. The incentive of moving to the cloud is to provide usability and flexibility for the end-users. The static products the organization has in place now will not support that scenario. The key is to have a product which is flexible enough to offer a balance between usability and security, which PortalGuard is able to offer.

Company: PortalGuard
PO Box 1226,
Amherst NH, 03031 U.S.A.

Founded in: 1999
CEO: Thomas Hoey
Products and Services: PortalGuard is a Risk-based Authentication platform that provides a balance between usability and security. Risk-based Authentication analyses real-time events surrounding a user's authentication request, such as the time, device, location, network and application, and/or the particular individual, group or organization, and adjusts the authentication or self-service password reset method dynamically based on those events. The PortalGuard platform provides risk-based authentication, authentication event analyzes reporting, self-service password reset, password management and single sign-on.
Company's Goals: To provide a middle ground of authentication requirements for the cloud.

Bookmark and Share