Arraya Insights | October 26, 2016
Today we live in a post-information age. One where people and businesses are driven to a new way of communicating, working, and well… living. A large amount of the credit for this change can be attributed to the internet and apps, both web and mobile.
Convenience was a big driver for the success of these applications. It’s almost frightening to think about all of the things we had to do manually 10 years ago and how much time they ate up.
The way applications have transformed the banking industry and the way people interact with it is a perfect example. Paying bills and balancing a check book used to be a painful chore that took hours and issued a fair amount of paper cuts. Now it’s a few clicks and quick glance at last month’s transactions. And that’s if you didn’t fully automate all of your bills. Does anyone remember deposit slips? Banks apparently still print them.
Banking is just one example. Shopping, keeping in touch with old friends, finding new music, and even finding love. The list goes on and on for the use of applications and the time they save us. But what is the one thing that all of these applications have in common? Identity – via user accounts and passwords.
Each of us has a long list of applications that we access in both our personal and professional lives. Talk to any security professional and the recommendation is to have a different password for every single application. This advice is great in theory, but it really is not practical with the amount of applications we need to access. The majority of us have one password for all of our applications. This poses a huge security risk because the truth is that our entire lives are linked to these applications.
So how do we solve this problem as a business? Implement more complex password rules? That’s an approach that traditionally has encouraged more passwords being hand written on post-it notes. How about increasing password change frequency? This is nice but now your help desk’s call volume has increased with the amount of lockouts being generated because people can’t remember which password they are using in their rotation. News flash: A rotation of passwords is equally as bad as never changing your password!
These and other similar approaches are all centered around making the use of passwords more secure. But in technology’s current progression, passwords are simply no longer as effective.
We are in a time where identity means everything to us. With this dependence on identity, comes malicious opportunity. Anything that has value to us, becomes a target for thieves. The news has been riddled with security breaches all based around stealing identities. High profile breaches such as Target, Sony, Home Depot, or Yahoo have all involved stealing identities. Security professionals in many industries are looking for new ways to secure identities as a result.
Take credit cards for example. You probably have been issued a new credit card in the last year or two that now has a chip inside it. Why is this? The traditional stripe technology is too easy to breach. Card readers are readily available that will read all the critical information associated with the credit card with a simple swipe. This allows a malicious waiter who takes your card at a restaurant to go back behind the bar and swipe it on their device. They can then use the information to actually duplicate your card. The new chips in cards encrypt this same information which makes it exceptionally more difficult to duplicate your card. In a few years, magnetic stripes will be completely phased out and we will all be safer for it.
Microsoft is taking a similar approach to enhancing the way we access our devices and applications with Windows 10. With Windows Hello, Microsoft has made identity the new boundary for the network and is supporting solutions around it.
Windows Hello brings intelligent biometric verification to our devices. We can log on with a glance of our face or a swipe of our fingerprint. Some devices even support iris scanning. The old password stalwart is still on Windows 10 devices, but who knows for how long? With Microsoft opening up the Hello APIs to web applications, biometrics may take center stage more and more.
Another innovation around identities is Microsoft Passport for Work. This technology takes identity security a step further by tying credentials to the TPM chips inside your devices. Think of how smart cards work. This technology is very similar to having smart card authentication. Hello and Passport technologies coupled together effectively deliver a seamless two factor authentication for people to access corporate data and applications. This method of authentication is leaps and bounds more secure than passwords alone while providing a non-intrusive end user experience.
The focus on identity doesn’t stop there either. These are just some of the great new features with Windows 10. There is even more Microsoft is doing to protect identities as more and more data moves to the cloud. Look for a blog on this subject later this month as our Microsoft National Cybersecurity Awareness Month series continues.
If you are interested in hearing more about Microsoft’s security story and learning why perimeter protection is no longer enough, please reach out to the Arraya Microsoft Practice at firstname.lastname@example.org.