Improving user authentication in general also will be a focus this year. The Liberty Alliance Project's new Strong Authentication Expert Group--which includes American Express, the Defense Department, Hewlett-Packard, and Intel--is preparing a framework to help companies implement two-factor user authentication (meaning two separate forms of authentication are required for a user to gain access).
The framework will offer open specifications that let authentication technologies such as hardware and software tokens, smart cards, and biometrics interoperate across networks. It's an important development because the Federal Financial Institutions Examination Council, a government standards body, has stipulated that financial-services companies must create two-factor authentication for online applications by year's end.
The next step in the evolution of authentication technology is mutual authentication between a business and its customers, which lets customers create a personal page that they use each time they log on to a company's Web applications. If the customer is directed to a logon page without the specified personal information, such as a favorite phrase or a digital photo of a pet, the customer is warned that the page might not be legitimate.
Since security is a numbers game that weighs risk against cost, companies in 2006 would do well to assess the level of risk in their IT environments and invest accordingly in security technology and user education. The price of securing networks and Web applications may be minimal when compared with lost business opportunities or, worse, lost or stolen data.
Illustration by Dan Page/Theispot.com