Here’s an interesting blog that looks into the importance of two-factor authentication for the public sector as digital crime increases.
“It won’t happen to me” can be naïve, and perhaps even irresponsible, in an era that sees digital crime grow each day.
Awareness Through Education
Google has done much to elevate online security awareness. Most account users will be familiar with its 2-Step Verification process, designed to make it much harder for hackers to gain access to files and information. Known generally as Two-Factor Authentication (2FA), this additional layer of security requires not just a username and password, but also something that is completely unique to that user, whether it be a piece of information or a physical token. It’s based on the concept that only those users will achieve access based on something they know (knowledge) and something they have (possession).
Leading by Example
In a public sector context, data sits at the heart of organizations, in an environment shaped by stringent data regulations and growing security threats. As such, a renewed emphasis has been placed on expanding the use of strong multifactor authentication that’s resistant to attack, particularly for systems accessed by the public. Two years ago, the U.S. government launched a Cybersecurity National Action Plan (CNAP), which included mandatory two-factor authentication for federal government websites and government contractors.
The Local 2FA Landscape
From a U.K. perspective, a growing number of government agencies are deploying encryption to help secure critical information properties. For example, the Code of Connection (CoCo) and public services network (PSN) frameworks recommend that any remote or mobile device should authenticate to the PSN via two-factor authentication. The uptake in two-factor authentication processes in public sector organizations is rising, with some vendors delivering authentication-as-a-service that can be used to authenticate cloud applications, infrastructure, and information.
Better Security = Peace of Mind
Two-factor authentication provides reassurance for both users and system administrators. Biometric authentication, such as a fingerprint, is becoming more common and can be used in diverse systems such as websites, enterprise applications, and secure thumb drives.
The Practical Way Forward
Organizations will need to ensure that their back-end solutions are designed and in place to support the technology and work properly for system users. Thought also needs to be given to education and awareness when introducing new authentication systems. It could become overwhelming, particularly when considering that many public sector organizations may have only recently started to develop a digital transformation strategy. In the NHS space, for example, just 24% of trusts and Clinical Commissioning Groups (CCGs) have begun to develop strategies.
Processes such as cloud adoption and 2FA are all part of the same digital transformation journey, and having the appropriate government cybersecurity tools to manage each of these components can go a long way towards helping public sector organisations understand what is needed to best support them and their publics. Striving for more secure authentication systems that provide far more confidence in the identity of both end users and systems administrators is a great example of this, and is why it matters.
Find the full article on Open Access Government.
The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.