Identity Security Pain Points and What Can Be Done
By Clayton Donley, Vice President & General Manager, Identity Management Security, Broadcom Software
(This article was originally published in Dark Reading by Clayton Donley.)
Although analysts have predicted the death of passwords for many years, passwords are still the predominant authentication credential used for many applications and IT systems. The reason for this is simple – everyone knows how passwords work, which makes them more convenient to use.
As a result, 80% of all company data breaches and hacking incidents result from stolen or compromised passwords. It’s not hard to see why. The average user has more than 90 online accounts – almost all requiring a password that more than half of those same users reuse. And with a record 1,862 data breaches in 2021 at an average cost of $4.24 million per breach, it’s no wonder that more than 555 million passwords are available on the Dark Web.
Passwords are proliferating across our digital world and getting stolen in record numbers every year. But it doesn’t have to be this way.
The twin dilemma of security vs. convenience
Enterprises can address this problem today. In fact, many are already enhancing existing passwords with a second factor – for example, sending an out-of-band code via SMS or email. The technology exists for even stronger login credentials, but these will often significantly impact the user experience, which hurts adoption with internal users (employees) or retention with external users (consumers).
Organizations are faced with a balancing act: how to improve their authentication process, so the login credentials provide the needed security while being easy to use, but at the same time, difficult for hackers to steal or compromise. Oh, and let’s not forget that this enhanced authentication mechanism must be cost effective too!
Over the years, many new types of login credentials have emerged that were effective in one or two areas but fell short in the others. But there is hope. A new approach is flipping this paradigm on its head.
Size matters
The size and scope of the problem must also be taken into consideration. For large enterprises, these challenges are multiplied because the sheer number of applications running across their hybrid environments, from the cloud to the mainframe. You hear a lot about the cloud, but how often do you hear someone mention the mainframe? Did you know that mainframes handle 90% of all credit card transactions, or that mainframes handle 68% of the world’s production IT workloads? For many of our strategic customers, the mainframe is more mission critical than anything running in the cloud.
A truly effective identity security solution needs to cover all aspects of an organization’s infrastructure. Everything from the mainframe to distributed servers, from virtualized to multi-cloud environments, managing access across business applications, privileged accounts, and everything in between.
The convergence of technology and standards
The missing link in efforts to improve this identity security challenge is a failure to recognize that replacing the password is not as easy as people think. But there are several trends that may help accelerate the death of the password once and for all.
The first is the smartphone. According to Ericsson, the number of smartphone users in the world today is approximately 6.6 billion, which translates to almost 84% of the world’s population. These devices are not only ubiquitous but are also responsible for teaching users how to use their fingerprint to unlock their devices and take a selfie. Biometrics is not an abstract concept anymore – it is becoming familiar even to people who struggle to use a computer.
The second trend is one of standardization, specifically the growing support for FIDO or Open ID Connect. These new security standards help to facilitate the exchange of identity and authentication information between an identity provider and an application. These standards eliminate the need for passwords and replace them with passwordless techniques, such as biometrics (a single finger swipe on your phone). However, there are many mainframe and web applications that were never designed with support for these standards, and therefore cannot leverage passwordless authentication – that is, not without major redesign or a little help.
For newer or smaller enterprises, the modification of applications to be FIDO or OpenID Connect compatible may be relatively small, but for larger enterprises, this problem is significant as the bulk of their mission critical apps may need to be modified, and this is just not financially feasible. As a result, while newer applications are getting built with passwordless authentication mechanisms, they are only addressing a subset of enterprise applications, networks, and environments. A truly effective security system needs to cover all of an organization’s digital assets. If not, bad guys will always find the weakest link.
Something old, something new, something borrowed, something blue red.
This saying has inspired many wedding traditions and is somewhat appropriate for this topic as the solution to enterprise identity security challenges is basically the same: weaving together your existing Identity and Access Management tools with new, cloud-native tools to build a modern identity fabric, borrowing niche or point products to fill in specific gaps or address unique use cases.
Only through a holistic platform can enterprises solve the biggest pain points in identity security by replacing the need for passwords with a single password-less sign-on procedure for everything in our digital world. And similar to many couples who are inspired by this famous wedding saying, enterprises are not looking for a vendor, but a lifelong partner (something Red).
To learn more about how Broadcom Software can help you modernize, optimize, and protect your enterprise, contact us here.
Clayton Donley, Vice President & General Manager, Identity Management Security, Broadcom Software:
Broadcom Software
Clayton Donley is Vice President and General Manager of the Identity Management Security Division at Broadcom (IMS). In this role, he is responsible for the company’s identity and access software portfolio, which protects and manages access to some of the world’s most mission-critical applications.