Authentication
30 September, 2011
Multi-Factor Authentication - The Real Truth in the Real World
"Who is using it" questions continue to swirl around the Trusted Platform Module, or TPM. Why, we wonder? In fact, many enterprises have used their TPMs. Proof? In a webcast today hosted by Information Week, one-third of the approximately 300 attendees noted they DO use their TPMs. The question was asked during presentations by PwC, the large global consulting firm, on how it has implemented multi-factor authentication based on the TPM and by Softex, a software provider, about a bank that has also deployed the TPM.
PwC walked attendees through its highly analytical and metrics-driven decision process to not only deploy effective multi-factor authentication but to use the TPM as part of that strategy. The consulting company's process could be applied to any organization that is making any major IT decision but is especially helpful when evaluating potential solutions against one another. To start, the organization had multiple authentication systems with high costs and varying degrees of ease of use and effectiveness, and the one-time password approach has been breached by internal security staff. Costs for soft tokens were high. Based on industry acceptance, widespread availability and technical merit, PwC settled on using the TPM as part of its new two-factor approach.
Why the TPM, when other solutions such as smart cards and USB dongles are available? In evaluating the TPM, PwC looked at flexibility and scalability, overall costs, and reusing systems - the TPM was already in its enterprise PCs, it was attached and could not get lost, and there are no shipping or other logistics associated with it as there are with removable alternatives.
By combining the "something you know" with "something you have" i.e. the TPM, PwC leveraged the benefits of PKI with TPM. No software or server upgrades, and the combination runs at HALF the cost of OTPs...which, according to data from the other webcast presenter Softex, cost organizations $21 to reset with some employees needing multiple passwords for multiple apps and with an estimated 3-5 resets annually. That can add up to a lot of money in a large organization.
In a second polling question, about 22 percent of attendees noting they'd use a TPM. About 32 percent use or plan to use passwords. Oops. By now, we know passwords are easily compromised. Apurva Bhasali of Softex offered an anecdote in which someone from his company found a sticky note from an exec at a large US bank on the floor of the airport with his passwords.
Softex offered a case study in which costs for password support were reduced 98 percent after the bank, with some 8,000 employees around the country, deployed the TPM combined with biometrics for its multi-factor authentication strategy. That transition not only has increased security and reduced costs but helps the bank comply with numerous regulations governing data breaches.
You can learn more about these case studies by reviewing the slides used at this webcast or by accessing the archived webcast
Authentication, News & Events
Read Post