Amidst media reports that the nation’s largest defense contractor experienced a network intrusion last week allegedly involving the use of RSA SecurID® tokens, organizations using tokens should consider additional measures for safeguarding their information and securing their network infrastructure. Incorporating device identification as a second layer of defense can help thwart future cyber attack.
Closing the device authentication gap
Even before identity theft emerged as a rising threat, IT administrators struggled to find a comprehensive and effective tool for preventing unauthorized user access to the sensitive data stored on their networks. Passwords can be lost, forgotten or stolen. Software-based digital certificates can be hacked. OTP tokens and smart cards are costly to acquire and deploy.
All of these approaches fall short, in part, because they only verify the identity of the user, not the device.
Confirming the identity of the end-point device is the foundation for mobile, cable and satellite network access — among the fastest growing and most secure networks today. Knowing which devices are on their networks lets administrators deliver a higher level of assurance that only authorized users are granted access to information and resources. In addition, it ensures the integrity of the network by eliminating rogue, unknown devices that could potentially infect the network with malicious software.
The reality is that your organization may already possess 2-factor authentication that can:
- Strongly authenticate both the device and its user
- Provide multi-factor authentication without any incremental hardware acquisition, deployment or maintenance costs
- Be fully activated and operational in a matter of minutes
- Seamlessly integrate with your existing VPN and wireless infrastructure
- Present a common user experience both outside and inside the firewall
Trusted platform modules for superior authentication
Trusted Platform Modules (TPMs) offer a unique, and unequivocally superior hardware-based option for authentication of a device and its user. More importantly, more than 90% of your enterprise’s computers probably have a TPM onboard already.
Defined simply, a TPM is a security chip attached to a computer’s motherboard. Thus, it integrates security functionality directly into the device’s hardware. Effectively built-in hardware tokens, TPMs impose no incremental acquisition costs, and eliminate the "hard" deployment expenses that tokens incur.
Because the TPM chip is physically part of the PC, it is uniquely suited for creating and verifying strong device identities and ensuring only authorized machines access the network. Indeed, the business case for TPM is fundamentally the same case for strong, fully automated and transparent authentication of both devices and users on the enterprise network.
Wave Systems develops software solutions that help maximize TPM security features, and facilitate enterprise-wide endpoint protection. Our EMBASSY Remote Administration Server (ERAS) empowers IT staff to activate, take ownership of and manage TPM policy over the entire enterprise from a central location.
To learn more about how ERAS provides robust policy management of users, credentials and access rights from one central location, click here.