Andrew Bull, Identity & Access Management Solutions. Sr. Director, Strategic Sales at HID Global
As our organizations and the IT infrastructures we use are continually evolving, the ways in which they can become vulnerable are equally changing. In recent times, the occurrence of security breaches and the levels of sophistication they have reached is an increasing worry for modern day organizations. Large scale attacks such as the SolarWinds Orion software breach and well publicized Microsoft Exchange hack are a serious warning to the importance of having a strong cybersecurity strategy – no matter how big or small an organization.
In the light of increasing security threats and pressure for organizations to deploy strong MFA, many security professionals are now considering MFA on a wide-scale basis across their organizations. MFA is no ‘one size fits all’ – there are numerous factors to consider, such as enhance security, boost user experience, but also deploy a solution that is versatile enough to address your organization’s unique use cases, workflows, and security needs– both now and in the future.
The answer is choosing a vendor that is a ‘one-stop shop’ for every part of the MFA journey. With the market’s leading solution for managed authentication credentials and support for multiple security standards, authentication methods and form factors, deploying a complete and versatile MFA ecosystem is made easy with HID.
Tailoring an MFA solution to solve your unique use cases
Your users need to access countless resources throughout their working day, which means there’s a whole host of places where MFA could and should be incorporated. Let’s explore them all:
Personal Computers– considering the sharp rise of remote workers, providing quick and secure access to personal computers and devices is of high importance. With HID’s Crescendo range of authenticators, users can instantly log on to computers by inserting or tapping the smart card or security key to their device.
Shared Workstations– Using workstations that are shared between multiple people poses greater threats for security compromises and is especially important in industries such as healthcare, retail and manufacturing. With HID’s award-winning, on-premise MFA solution, DigitalPersona, users can effortlessly move between workstations, with a wide choice of authentication methods ranging from fingerprint and facial through to access cards and PKI credentials.
IT Applications and systems– HID’s versatile MFA solution protects everything from VPN, data and cloud applications, such as G Suite, DropBox and Microsoft 365, all the way to legacy desktop applications – so that no resource goes unprotected.
Data Encryption and Digital Signatures- Here is where your MFA solution can start to do more than simply securing a login. By using HID’s cloud-based credential management solution, you can centrally issue and manage PKI certificates on Crescendo and third-party credentials – giving you the opportunity to also digitally sign and encrypt emails and documents.
Buildings– HID’s MFA solution portfolio is unique in that it offers high assurance credentials that can secure access to physical spaces, in addition to digital resources. By incorporating employee badges for converged physical and logical access, you can enjoy the cost efficiency, ease of use and the benefits of streamlining multiple authenticators across your organization.
Why are security standards and certifications important?
When selecting the right MFA solution, bearing security standards in mind is a way of ensuring that your solution is enterprise-ready, future-proofed and will integrate easily into your existing IT infrastructure. Deploying HID authenticators in your organization means you can stay compliant with industry recognized standards, including:
- PSD2, PCI-DSS, GLBA, NYDFS 23 NYCRR 500 for payments and financial institutions
- CJIS, IRS pub 1075 for law enforcement organizations
- NERC-CIP for critical infrastructure
- HIPAA for healthcare organizations
- NIST SP800-171, SOX for enterprise and non-federal organizations.
MFA Is Not Only for Governments and the Private Sector Should Follow Their Lead.
Beyond the Government, other Key Verticals include Healthcare, Financial Services, Manufacturing, Education and Retail. With MFA solutions like DigitalPersona, organizations can layer the authentication requirements to meet specific use cases and step up when needed and can incorporate a wide selection of devices and authentication methods: Biometrics, Multi-protocol smart cards, such as HID Crescendo (FIDO, PKI, PIV, OATH, and physical access capabilities for converged physical and logical access), Security keys, such as HID Crescendo Key Series with support for NFC, USB-A and USB-C , Building access cards, One-time password tokens, Bluetooth and NFC devices, mobile push authentication, and more.
A key element within HID Global’s multi-factor authentication portfolio, HID DigitalPersona® transforms the way IT professionals protect the integrity of their digital organization by going beyond traditional two factor and multi-factor authentication. The solution supports various applications, including websites, cloud, Windows, mobile, VDI and VPN and the broadest array of authentication factors which include contactless cards, smart cards, security keys, mobile and OTP tokens, and biometrics including facial recognition, behavior, and fingerprint.
HID Crescendo enables organizations to secure access to valuable corporate resources and meet regulatory compliance with user-friendly, quick-to-deploy and easy-to-manage multi-factor authentication. Thousands of employees across the world use HID’s high assurance credentials for passwordless and phishing-resistant authentication and SSO protection, secure log-in to VPN, servers, Azure Active Directory and any application protected by it, Windows and shared workstations, digital signature and data encryption. Organizations have the flexibility to choose from smart cards or security keys (NFC, USB-A and USB-C) with support for FIDO2, PIV/ PKI, OATH as well as various physical access technologies to form a Zero Trust security infrastructure across their organization. From managed to stand-alone, it is a versatile solution that supports more use cases than any other solution in the identity and access management market.