Security

February 03, 2009

Solving The Challenge of Password Security

One of the most challenging tasks for the small business organization is solving the need to protect their data and restrict access to resources to authorized users.

Many companies attempt to address their security concerns by simply implementing stronger password policies, requiring employees to remember more and stronger passwords for all applications.

However, most employees can not remember more than one or two strong passwords, so they won’t follow the policy, resulting in less network security and more requests to reset lost passwords. Requiring too many passwords will actually decrease overall corporate security.

A company has several authentication options available to protect access to sensitive data, including…

  • A Strong Password Policy
  • Password Synchronization
  • Single Sign-On
  • Single Sign-On Alternatives (Enterprise Password Management)

Effectively security requires a policy that users will actually follow.

Need for Security

Information is one of a company’s strategic resources. The company owns valuable proprietary processes, sensitive customer information, private vendor lists, and strategic goals that have great value – and may be attractive targets for competitors or thieves. In some cases, companies have a legal obligation to protect that data. Data also has to be protected from accidental (or intentional) corruption, and IT consultants must ensure their clients data is accessible or deliverable when necessary.

As a result, companies spend a significant portion of their IT budget on managing and protecting information. Sometimes business interests collide. More security sometimes means less productivity, more cost and less return on business investment.

Problems with Passwords

Passwords are a burden on users, who view them as an obstacle to getting the information and services they need in a timely fashion. Having to enter different user names and passwords several times a day – and especially repeated erroneous attempts – interrupts an employee's usual work flow, often at the most inopportune times.

The Challenge...

Inevitably, employees need passwords for systems or application that they access only infrequently, which makes it harder for them to remember the password.

Power users and even rank and file knowledge workers simply have too many user names and passwords to remember, or the length and complexity hinders a productive work flow. Therefore, employees often violate prudent password standards.

Since an increasing amount of business-critical data is being made available online, balancing end user convenience and effective security and password policies is more important than ever. Company executives have to balance the free-flow of information against the nightmare of a major security breach.

All the while, employees are…

  • Writing down passwords on sticky notes and putting them on computer monitors.
  • Sharing passwords with co-workers, making it impossible to track who has access to what.
  • Using simple passwords that can be guessed.
  • Falling for phishing schemes, where they’re tricked into providing a password to the wrong application of website.
  • Storing their passwords in their web browsers.

When developing a password policy, it’s important to consider the paradox of password security. A weak policy is inherently insecure, but an overly stringent policy will result in an unprotected computer file.

It is a good idea, to sit down with your consultant to create a strong password policy. Ideally a company could require employees to remember and properly use many secure passwords. In reality, after a certain point, as the number and strength increase, security begins to decrease as employees take short cuts.

Authentication Solutions

A Strong Password Policy: The first and from one point of view, the simplest option for increased security is to implement a strong password policy. In the ideal world a company would establish a strong password policy, employees would follow that policy, corporate data would be secure and costs would be minimal.

Password Synchronization: Allows users to have a single password, subject to one security policy, that grants access to multiple machines, systems or devices. It can be used, for example, to synchronize passwords between Windows and Unix systems.

Single Sign-On: SSO is a method that provides end users with the ability to login one time, gaining authenticated access to all or their applications and resources. It is an additional layer that sits on top of all applications and web resources. A user logs into this system, which then takes care of all logins.

Single Sign-On Alternatives (Enterprise Password Management): In the past few years companies have developed enterprise password management solutions that have the same advantages of SSO and Password Synchronization, but without many of the known disadvantages such as cost, integration effort, and a single password source.

The ideal solution should meet the following tests:

  • Increases Security
  • Reduces Employee Passwords
  • Improves Employee Productivity
  • Easily Integrates Into Existing Systems
  • Reduces Cost
  • Provides an Immediate Return on Investment
  • Provides a Sustainable Solution

There are a number of Password Management Solutions that offer cost-effective ways to enable the small business to increase security while reducing employees passwords. Work with your IT consultant to design the policies and strategies that are best for your company.

Password Management Solutions:
http://www.symark.com
http://www.ensim.com/
http://www.roboform.com/
http://www.clipperz.com/
http://keepass.info/
http://www.traysafe.com/

 

Posted at 11:19 AM in Security | | Comments (0) | TrackBack (0)


Powered by Rollyo

Newsvine Technology News