Verizon Adds Two-Factor Authentication to Cloud-Based Identity Management

Verizon enhanced Enterprise Identity Services with two-factor authentication and digital-signing capabilities to help organizations with user authentication into cloud services.

Verizon enhanced its cloud-based identity-management service with new ways for enterprises to authenticate users and manage user access.

Verizon added support for more types of tokens and digital signing capabilities to its cloud-based Enterprise Identity Services to help businesses more securely authenticate corporate users, the company announced July 14. Verizon also expanded mobile support for smartphones and tablets running Android, BlackBerry and iOS platforms to allow organizations to implement two-factor authentication security.

The Verizon 2011 Data Breach Investigations Report found that log-in credentials were stolen in nearly half of the breaches in 2010, Tracy Hulver, director of products and marketing for identity solutions at Verizon, told eWEEK. The latest data breaches in 2011 are also following the trend, with attackers specifically targeting users for their user names and passwords, Hulver said. With the authentication information in hand, attackers can access corporate networks as a trusted insider.

"Stolen credentials are most often a means to an end but are increasingly an end in and of themselves," Verizon wrote in the report earlier this year.

With two-factor authentication, Verizon Enterprise Identity Services customers will be able to require employees to use the dynamic code that will be displayed on the mobile device along with the normal code to log in to the network. Incorporating intelligence such as the phone number and location will help validate that the person logging in is really the user, Hulver said. Organizations gain multiple ways to deliver the one-time password, such as a mobile application that generates one on the fly, having the server send it via Short Message Service to the mobile device, or using an interactive voice response system, without having to implement multiple systems, according to Hulver.

Verizon Enterprise Identity Services offers organizations a backup plan in case employees lose their hardware tokens or key-fobs by offering alternative ways to get the dynamic password, Hulver said.

Two-factor authentication can be easily deployed on the organization's virtual private network, terminal server and Citrix applications, on Web-based Outlook, internal Web applications and external customer-facing online portals, Hulver said. Using Verizon's cloud-based identity-as-a-service means organizations don't have to deal with any on-premise hardware or software deployments, Hulver said.

Identity management is becoming more challenging for enterprises, as more applications move to the cloud and employees become more mobile and work away from the physical building, Hulver said. There is also an increasing number of nonemployees, such as partners, contractors and customers, who need some access to the company's networks. In some industries, such as health care and financial services, new regulations require organizations to use stronger identity-authentication processes to protect users.

The digital-signing capabilities now available in Verizon Enterprise Identity Services will be useful for industries where digital signatures are commonly used, such as for medical and legal organizations. Physicians can electronically prescribe controlled substances in accordance with Drug Enforcement Administration requirements, or essential corporate documents, contracts and other legal documents can be securely signed, Hulver said.

Services include signature verification and validation, auditing and logging, Verizon said. For even greater security, the mobile application ID Message Center would allow users to monitor and track their digital-signature activity.

The new features will be available Aug. 15, at $10 per user per year.