Employees in all industries are increasingly bringing their personal smartphones and tablets into the workplace and using them to access corporate networks, company email, business applications and other highly sensitive information. The popularity of “bring-your-own-device” (BYOD) presents a unique security challenge for IT organizations and is driving the need for stronger authentication and access control policies on employee-owned mobile devices.
Mobile access dramatically increases exposure to security risks, data breaches and privacy violations if the devices themselves and the applications on them are not adequately secured. New authentication technologies and policies tailored to the unique security challenges associated with mobile access are needed to protect company data, maintain compliance with data security regulations, and ensure secure computer networks and systems in the organization.
Mobile Access Increases Security Risks
Former White House cybersecurity adviser Richard Clarke recently said of the growing BYOD trend, “this is the newest and largest vulnerability in corporate America now.” The problem will only be exacerbated as use of personal mobile devices in the workplace increases because smartphones and tablets are more easily lost and stolen than laptop computers, and less likely to have proper security controls deployed on them. Nearly half of all smartphone or tablet owners do not use a password or PIN to lock their devices and as many as two-thirds admit to leaving mobile applications perpetually logged-in because typing a username and password is too burdensome. These workers are leaving themselves and their employers vulnerable to security risks and data breaches as they leave corporate applications perpetually logged-in on unlocked devices.
Mobile Authentication Today is Clunky and Ineffective
One of the main reasons people have such poor security habits on their mobile devices is because the traditional security techniques are too clunky, so they bypass the recommended security systems. The use of text usernames and passwords for authentication on mobile applications and computer systems does not provide strong security. Moreover, requiring employees to type “strong” passwords to log-in to an application from their smartphone often requires switching between multiple on-screen keyboards in order to enter the required upper and lower case letters, numbers and symbols. The traditional authentication process is tedious and cumbersome. To ease the process, people choose weak passwords, write their passwords down, or simply leave the device or its applications unlocked.
Strong Mobile Authentication for Secure Access to Business Information
In order for organizations to embrace the inevitable rapid growth of BYOD while keeping network systems and company data secure, they must adopt new authentication technologies and access control policies that are better suited to mobile devices. Fortunately, smartphones and tablets have unique characteristics that make it possible to use advanced authentication techniques that were not viable or practical in the past.
The touchscreens and graphical displays on smartphones and tablets enable the use of image-based authentication schemes for the devices themselves as well as the mobile applications on the devices or the computer networks being accessed. Image-based authentication from Confident Technologies provides a unique, one-time password every time authentication is needed, simply by asking employees to tap on a few pictures. Employees look for the pictures that fit their previously chosen, secret authentication categories and with a few taps on the touchscreen display are securely authenticated. It’s easier than typing a text password and much more secure because it generates a one-time password every time.
Image-based authentication can be part of a layered authentication and access control policy and it can be integrated with mobile device management solutions to create a comprehensive security policy that is easy to use. Such a layered authentication and access control approach enables an organization to control who has access to what information, from which devices, and what they can do with that information.
Despite the security challenges, the potential benefits brought by a mobile workforce are numerous. Organizations of all sizes can securely enable BYOD with the right security policies and new technologies that make it easier to securely authentication employees accessing company information without increasing risk.
As business becomes increasingly mobile, the need for strong authentication that’s easy to use on smartphones and tablets will be essential.
Click here to learn more about image-based authentication and how it can be used to enable mobile security. Or, contact us.
