The User Experience

The User Experience

Improving security by implementing tap authentication

With the move to a mobile- and cloud-first world, corporate data has become increasingly difficult to protect. Employees’ expectations have changed, too—they want to be able to access corporate cloud applications, data and services anywhere, at any time, using the device of their choice. This can make networks significantly more vulnerable to security breaches. Reliance on passwords, alone, is not enough. When hackers steal an employee’s user name and password, they can then often move through the network undetected and upload malware programs to other systems.

Now, with the advent of a security model called “tap” authentication, it is possible to ensure control access to data with a much more convenient process, using the same ID card that controls access to a company’s facilities.

With tap authentication, users simply tap their smart cards to laptops, tablets, phones and other NFC-enabled devices for easy and convenient access to network resources, cloud apps and web-based services. This quick tap of the card to a device is much easier and secure than passwords. It is faster and more seamless and convenient than dedicated hardware one-time passwords (OTPs), display cards or other physical devices. Perhaps most important for users, it offers the convenience of being able to access data and cloud-based applications with the same card that opens doors.

SIZING THE PROBLEM

Today’s threats won’t diminish anytime soon. Nor will the cost of a data breach. IBM recently announced in its Security Services Cyber Security Intelligence Index Report that phishing, malware and other cyber threats are now costing organizations up to 19 percent in revenue and 21 percent in lost productivity, among other financial hits. Protecting access to corporate data is becoming ever more crucial.

One of the biggest problems is an over-reliance on passwords. Identifying and validating workforce identities used to be relatively easy and relied on the combination of a username and a password that users typed in to a PC to authenticate themselves to the machine and to the network. Workforce computer users had one password, and that password was used in one place only: at a stationary workstation in the office or at home. Once the user logged in, they had access to every application they needed to do their job.

Today, however, the enterprise landscape is rapidly changing. We now live in a mobile-first, cloud-first world where there’s no longer a single device that is used to access corporate data and services. On top of this, corporate security policies have changed, requiring users to authenticate themselves more often. For example, employees at the National Institute of Standards and Technology (NIST) log-in on average 23 times a day, leading to password fatigue.

Plus, users now expect instant access to corporate data and services from anywhere at any time from their mobile device. This means that employees using traditional but weak username and password-based authentication are inadvertently opening up their organizations to a number of sophisticated cyber threats.

HOW TAP AUTHENTICATION WORKS

Tap authentication enables authentication to multiple apps and services on multiple endpoint devices without having to recall and re-type additional codes and passwords. The process requires only three simple steps. First, users open a browser on their NFCenabled device and then type the application URL they wish to access. Next, they enter their corporate username and password. Finally, they tap their access control card to the back of their NFC-enabled mobile device or table to provide the second authentication factor. The card can be “read” without needing to be physically inserted into a reader device.

Besides improving convenience, the tap authentication model takes advantage of the existing access control system to ensure a seamless user experience that can extend throughout the physical and IT access control infrastructure. The result is a single, more efficient and economical identity and access management system. By centralizing identity and access management in this way, organizations can consolidate tasks and reduce ongoing operational costs, and also have the ability to very flexibly scale and adapt capabilities while realizing growing value for the organization.

DEPLOYING TAP AUTHENTICATION

Adding tap authentication—like any other new access control capability—is difficult with a legacy physical access control system (PACS) based on static, hard-to-upgrade technologies. This is why so many organizations are moving to new PACS solutions that are based on dynamic technologies and therefore adaptable to changing needs and the latest best practices as security threats evolve.

Today’s PACS solutions also offer the improved security of contactless high frequency or microprocessorbased smart card technology. The most effective of these smart card technologies uses mutual authentication and cryptographic protection mechanisms with secret keys, and a secure messaging protocol that is delivered on a trust-based communication platform within a secure ecosystem of interoperable products. With a solid PACS foundation, organizations can also support many different access control applications on the same smart card—from access control for the parking lot, main door, or individual offices, to the new capability of tapping in and out of computer applications.

Today’s tap authentication solutions are cloud-based and don’t require any on-premises hardware to install or service contracts to maintain. IT deployment is a simple process of installing authentication system software and device apps, synchronizing users with the authentication cloud service, and notifying them when they can begin using the system. Organizations also have the option of deploying conventional card readers in areas where endpoints do not have built-in NFC readers.

There are other considerations for most effective deployment. User authentication is one of five security layers that every organization should consider. The other layers include authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an anti-virus solution, provides the highest possible security against today’s threats. Organizations can also consider storing biometrics on the smart card. With biometrics, users can reliably authenticate themselves with the simple touch of a finger, enabling them to log into multiple applications while providing an irrefutable audit trail.

TAPPING IN TO THE FUTURE

Organizations are moving toward converged solutions that can be used to secure access to everything from doors to computers, data, applications, and cloud-based services. Tap authentication provides a key ingredient for achieving this objective, while at the same time delivering the convenience and simplicity of the tap experience.

Users have already traded in mechanical keys for smart cards that open doors and gates. Now, this same card can replace dedicated OTP solutions, within an access control system ecosystem that will continue to very flexibly scale and adapt while delivering growing value to the organization.

The system investments that are made today can be preserved over time as organizations grow, evolve, and continually improve their security capabilities to combat ever-changing threats to their facilities, information security, and information privacy.

This article originally appeared in the August 2015 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”