Verizon enhanced Enterprise Identity Services with two-factor authentication and digital-signing capabilities to help organizations with user authentication into cloud services.
Verizon enhanced its
cloud-based identity-management service with new ways for enterprises to
authenticate users and manage user access.
Verizon added support for
more types of tokens and digital signing capabilities to its cloud-based
Enterprise Identity Services to help businesses more securely authenticate
corporate users, the company announced July 14. Verizon also expanded mobile
support for smartphones and tablets running Android, BlackBerry and iOS
platforms to allow organizations to implement two-factor authentication
security.
The Verizon
2011 Data Breach Investigations Report found that log-in credentials were
stolen in nearly half of the breaches in 2010, Tracy Hulver, director of
products and marketing for identity solutions at Verizon, told eWEEK. The latest
data breaches in 2011 are also following the trend, with attackers
specifically targeting users for their user names and passwords, Hulver
said. With the authentication information in hand, attackers can access
corporate networks as a trusted insider.
"Stolen credentials are
most often a means to an end but are increasingly an end in and of
themselves," Verizon wrote in the report earlier this year.
With two-factor
authentication, Verizon Enterprise Identity Services customers will be able to
require employees to use the dynamic code that will be displayed on the mobile
device along with the normal code to log in to the network. Incorporating
intelligence such as the phone number and location will help validate that the
person logging in is really the user, Hulver said. Organizations gain multiple
ways to deliver the one-time password, such as a mobile application that
generates one on the fly, having the server send it via Short Message Service
to the mobile device, or using an interactive voice response system, without
having to implement multiple systems, according to Hulver.
Verizon Enterprise Identity
Services offers organizations a backup plan in case employees lose their
hardware tokens or key-fobs by offering alternative ways to get the dynamic
password, Hulver said.
Two-factor authentication
can be easily deployed on the organization's virtual private network, terminal
server and Citrix applications, on Web-based Outlook, internal Web applications
and external customer-facing online portals, Hulver said. Using Verizon's
cloud-based identity-as-a-service means organizations don't have to deal with
any on-premise hardware or software deployments, Hulver said.
Identity management is
becoming more challenging for enterprises, as more applications move to the
cloud and employees become more mobile and work away from the physical
building, Hulver said. There is also an increasing number of nonemployees, such
as partners, contractors and customers, who need some access to the company's
networks. In some industries, such as health care and financial services, new
regulations require organizations to use stronger identity-authentication
processes to protect users.
The digital-signing
capabilities now available in Verizon Enterprise Identity Services will be
useful for industries where digital signatures are commonly used, such as for
medical and legal organizations. Physicians can electronically prescribe
controlled substances in accordance with Drug Enforcement Administration
requirements, or essential corporate documents, contracts and other legal
documents can be securely signed, Hulver said.
Services include signature
verification and validation, auditing and logging, Verizon said. For even
greater security, the mobile application ID Message Center would allow users to
monitor and track their digital-signature activity.
The new features will be
available Aug. 15, at $10 per user per year.
Email
Print
