Wanted: Up-Front Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
02:55 PM

Wanted: Up-Front Security

Security built into software and systems will be a high priority for businesses in 2006.

Be Authentic
Improving user authentication in general also will be a focus this year. The Liberty Alliance Project's new Strong Authentication Expert Group--which includes American Express, the Defense Department, Hewlett-Packard, and Intel--is preparing a framework to help companies implement two-factor user authentication (meaning two separate forms of authentication are required for a user to gain access).

The framework will offer open specifications that let authentication technologies such as hardware and software tokens, smart cards, and biometrics interoperate across networks. It's an important development because the Federal Financial Institutions Examination Council, a government standards body, has stipulated that financial-services companies must create two-factor authentication for online applications by year's end.

The next step in the evolution of authentication technology is mutual authentication between a business and its customers, which lets customers create a personal page that they use each time they log on to a company's Web applications. If the customer is directed to a logon page without the specified personal information, such as a favorite phrase or a digital photo of a pet, the customer is warned that the page might not be legitimate.

Outlook 2006

  • Outlook 2006: Confidence Is Up, Barely
  • Job Jitters Just Won't Stop
  • Security: Wanted: Up-Front Security
  • Outsourcing: If You Can, You Must
  • Storage: SANs Bring Sanity To Storage
  • The initiative for Open Authentication, a consortium of 55 technology and user companies--including Diversinet, PortWise, and VeriSign--advocates this approach. It has submitted a draft to the Internet Engineering Task Force, an international standards organization, that outlines how to create mutual authentication within Web applications.

    Since security is a numbers game that weighs risk against cost, companies in 2006 would do well to assess the level of risk in their IT environments and invest accordingly in security technology and user education. The price of securing networks and Web applications may be minimal when compared with lost business opportunities or, worse, lost or stolen data.

    Illustration by Dan Page/Theispot.com

    We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    2 of 2
    Comment  | 
    Print  | 
    More Insights
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Remote Work Tops SF, NYC for Most High-Paying Job Openings
    Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
    Blockchain Gets Real Across Industries
    Lisa Morgan, Freelance Writer,  7/22/2021
    Seeking a Competitive Edge vs. Chasing Savings in the Cloud
    Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
    White Papers
    Register for InformationWeek Newsletters
    Current Issue
    Monitoring Critical Cloud Workloads Report
    In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
    Flash Poll