At the start of each year, predictions for the next 365 days are always popular. This also applies to the IT sector. For 2014, experts attached particular significance to the topics of virtualisation, cloud computing, network optimisation and Software Defined Networks. More and more services are offered in a virtualised form. Companies should be aware of certain critical aspects in this regard, such as high reliability, performance, latency, data storage and above all security. Because if the foundations are not sound – a well protected infrastructure which can be securely accessed both on a local and a remote basis – all additional efforts to increase performance etc. are irrelevant.
How can a company benefit from a more branched, faster and more virtual network if it opens the doors for hackers? This is the case, for example, when only a user name and a password are required for user identification. These login data are cracked all too easily, all the more since the access details are generally not updated regularly as recommended, thereby offering a weak spot that is vulnerable to attack. Additional dangers arise because of our increasingly mobile working environment, summarised in the term Bring Your Own Device (BYOD). When implementing security measures, administrators need to take into account devices other than just on-site PCs, because laptops, tablets and smartphones have all become important components in remote workplaces.
It is therefore very important for companies to always know who is logging in when and from where. A secure and above all unambiguous way to achieve this is through tokenless two-factor authentication. This combines the factor “knowledge” (personal login data) with the factor “possession” (a mobile device of the user that receives a one-time valid passcode via SMS, email or app, which also needs to be entered during the login process). Because the passcodes are transmitted via mobile devices such as smartphones, companies do not need to use any additional, dedicated tokens, as they can simply make use of end-devices that have already been acquired. Since no software is installed on the actual devices, the private devices of staff can also be integrated into the system so that these staff can also identify themselves securely and unambiguously without the need to have a special token.