Report: Stolen credential becoming larger problem
14 July, 2011
category: Corporate, Digital ID
Stolen identity credentials were the second most compromised data type leading to unauthorized access to corporate networks, according to Verizon’s 2011 Data Breach Investigations Report.
“Stolen credentials are most often a means to an end but are increasingly an end in and of themselves. They can be used to further an attack by gaining privileged and persistent access into the victim’s environment,” the report states. “There is also a growing market for offloading stolen credentials directly by selling or renting access to organizations (especially high profile ones). That authentication credentials represent such a low proportion of records shouldn’t be surprising; a lot of damage can be done with just one valid account in the wrong hands.”
To help address this growing security threat, Verizon is adding to its cloud-based Enterprise Identity Services to give businesses more ways to authenticate users to corporate networks while offering strong security protection.
Verizon’s next generation of Enterprise Identity Services will support devices such as smart phones and tablets – including those running on the iOS operating system as well as Android and BlackBerry devices. This process will enable users to more easily gain access to corporate networks using a two-factor authentication. In addition, Verizon’s identity services will now enable digital signing capabilities for contracts, wills and other legally binding documents.
The new version of Enterprise Identity Services also brings digital signing capabilities to its users. Digital signatures are used in numerous industries, most commonly in the medical and legal fields. For instance, with this service, physicians can electronically prescribe controlled substances in accordance with Drug Enforcement Administration requirements.
Other enterprise uses of digital signing include signing essential corporate documents, such as W-9 forms. In conjunction with the new digital signing capabilities, Verizon Enterprise Identity Services also offers enterprise customers a mobile application known as ID Message Center, which allows users to monitor and track their digital signature activity.
Verizon’s identity platform adheres to the OATH (Initiative for Open Authentication) standards, which calls for an open standards-based system that, like existing proprietary systems, requires users to provide two proofs of identity. By using an open standards-based system, enterprises can use a range of ID token devices without changing existing back-end security systems.
Delivered via the cloud, Verizon Enterprise Identity Services are aimed at helping reduce the costs and complexity traditionally associated with identity rollouts. With this solution, users do not need to purchase additional hardware or software, and if users lose a device, they can easily add a secondary device to retrieve their dynamic code for authentication.
The full Verizon report can be downloaded here.