As the range and volume of sensitive digital information being accessed remotely continues to expand, many organizations prioritize updating the way they verify the identities of those accessing it. In fact, 44% of IT & Security executives and management surveyed are in the process of updating their authentication infrastructure. In general, across the different industries, common infrastructure updates include:
- Extend the criteria from which calculated risk controls authentication strength.
- Provide additional authentication methods that accommodate different risk levels and offer stronger verification and resistance to outsider threats.
- Continue to improve user experience though single sign-on, maximizing quick and low friction access by minimizing disruptions.
Usually, there are one or both of two mechanisms in play:
- Historically, the most common authentication projects this past decade involve setting up or updating two-factor, or multi-factor authentication environments. These projects are often initiated by a compliance mandate or a result of an audit. Other organizations initiate authentication projects in response to a breach or are proactively protecting against it.
- Authentication is often viewed as a barrier to usability. As such, security teams are looking for ways to increase both security and usability though passwordless technologies. When designed properly, passwordless technologies eliminate the need to remember passwords as well as protect against phishing attacks.
Passwordless the Right Way
Moving beyond the password paradigm is typically a gradual process. It likely won’t happen across an entire organization from a single project but taken on piecemeal. There’s a lot involved in the form of requirements gathering, deployment planning, enrollment, and lifecycle administration:
- Gather authentication requirements for user roles and use cases
Can you assume that users will always be on a computer? What about field workers, lab technicians, or a myriad of other roles that introduce various environments and situations? For B2C environments, what requirements do you feel comfortable imposing on your consumers?
Are there authentication needs for partners or third-party workers such as contractors?
- Consider legacy applications
For some organizations, the challenge of incorporating legacy applications and services in their authentication modernization project is challenging. And for any sizeable organization that has been around for a while, it’s quite likely there may be some which will not work with anything but a password which means that some type of injection has to happen to deliver a passwordless experience.
- Plan for deployment and enrollment costs
Too often, deployment and enrollment costs stop authentication projects in their tracks. Beyond enrollment, continued administrative costs can also be a consideration. Because usernames/passwords are often essentially free to create, incurring incremental costs of passwordless method(s) is often a chief consideration.
Gaining Insight to Adopting Passwordless
As part of the NetIQ Zero Trust Webinar Series, senior product manager for NetIQ Advanced Authentication, Chris Barngrover, and MTRIX America CEO Dennis Robare will focus on passwordless authentication in our upcoming June 20th webinar. Both speakers have years of experience under their belt and will spend an hour drawing on them. Chris will focus on aspects of NetIQ Advanced Authentication that offer a solid foundation for passwordless, worth noting, and Dennis, with years of hands-on experience adopting different passwordless method technologies, will focus on some case studies and how they were solved. Together, their guidance should help you and your approach to best match your passwordless adoption for your organization. Click here for more information and to sign up for the webinar.
More About NetIQ
NetIQ is a global enterprise software company that provides organizations with innovative solutions for identity and access management, security and compliance, and privileged account management. With a focus on delivering world-class products and exceptional customer support, NetIQ helps businesses improve their security posture, streamline IT operations, and reduce costs.