Wanted: Up-Front Security

Security built into software and systems will be a high priority for businesses in 2006.
Be Authentic
Improving user authentication in general also will be a focus this year. The Liberty Alliance Project's new Strong Authentication Expert Group--which includes American Express, the Defense Department, Hewlett-Packard, and Intel--is preparing a framework to help companies implement two-factor user authentication (meaning two separate forms of authentication are required for a user to gain access).

The framework will offer open specifications that let authentication technologies such as hardware and software tokens, smart cards, and biometrics interoperate across networks. It's an important development because the Federal Financial Institutions Examination Council, a government standards body, has stipulated that financial-services companies must create two-factor authentication for online applications by year's end.

The next step in the evolution of authentication technology is mutual authentication between a business and its customers, which lets customers create a personal page that they use each time they log on to a company's Web applications. If the customer is directed to a logon page without the specified personal information, such as a favorite phrase or a digital photo of a pet, the customer is warned that the page might not be legitimate.

Outlook 2006

  • Outlook 2006: Confidence Is Up, Barely
  • Job Jitters Just Won't Stop
  • Security: Wanted: Up-Front Security
  • Outsourcing: If You Can, You Must
  • Storage: SANs Bring Sanity To Storage
  • The initiative for Open Authentication, a consortium of 55 technology and user companies--including Diversinet, PortWise, and VeriSign--advocates this approach. It has submitted a draft to the Internet Engineering Task Force, an international standards organization, that outlines how to create mutual authentication within Web applications.

    Since security is a numbers game that weighs risk against cost, companies in 2006 would do well to assess the level of risk in their IT environments and invest accordingly in security technology and user education. The price of securing networks and Web applications may be minimal when compared with lost business opportunities or, worse, lost or stolen data.

    Illustration by Dan Page/