Access can be further controlled by what type of device is being used to connect and where people authenticate themselves. For example, if a user connects to the network from a PC within the organisation’s premises then they can access all files and information needed to perform their duties.
However, if they connect from a laptop from home, they may be restricted to just calendar information or basic applications. Taking it a step further, access can be controlled by the day of the week and/or time of day that the person is accessing the network to determine what they can do and see.
While this might all sound extremely complex, fundamentally networkless connectively is far more flexible, with the underlying infrastructure easier to build and manage.
As previously mentioned, a key security consideration is proving that the user is who they claim to be. Historically, many access gateways required an individual to enter their username and password combination to authenticate themselves.
While this may have been adequate for one organisation functioning from one location, as soon as you start co-locating, or even allowing remote access, single factor authentication is woefully inadequate and easily circumvented.
For this reason, the introduction of two factor authentication (2FA) is increasingly being driven by legislation and/or the need to be more secure. 2FA fundamentally is the combination of two of three elements:
- Something you know; a username or password, etc;
- Something you have; an authentication device such as a smartcard, etc; and/or
- Something you are; referred to as biometrics it involves retina or fingerprint scanners etc.
Just so we’re all straight, a username and password combination is not 2FA as it is two variations of one element – i.e. two things you know.
Now that we’ve established what 2FA is, it’s time to look at what the options are. Fundamentally, there are two main forms of authentication device:
- A physical token or smartcard; and
- A virtual token (a mobile phone used to receive a passcode via SMS message or generate the code via an app).
While physical tokens have been used for numerous years, many would argue that they’re an outdated technology. In addition to the administrative nightmare of configuring each token, and the logistical headache of distributing them to users, they also have a shelf-life – typically two to three years. In contrast, virtual tokens on smartphones are far cheaper to manage (usually via a self-service portal), practically every pocket houses a device, and people are comfortable with their handset so user acceptance is easily overcome.
Networkless connectivity combined with strong 2FA allows straightforward user access, without constraints, to deliver a completely dynamic set up at the time of connection. So, whether you’re merging, re-merging, de-merging or just looking to introduce a more flexible working practice, securely, make sure it’s future proof and cost-effective. Instead of getting physical, it’s time to start thinking outside the box, and even the building.
Robert Campbell is MD at Ecommnet, a security, infrastructure and mobility IT solution provider.
Share this story