A study has revealed that 82 percent more people are working from home this year than they did last year. Digging a little deeper reveals 66 percent of the sample blamed the record high in petrol prices for this trend. When examining whether any security measures would be required to allow these remote workers to connect to the network, 91 percent will be using two factor authentication.
When looking at some of the technological advancements fuelling the ability to work remotely, 64 percent believed iPads and other tablet computers will drive remote access. Strangely enough, the same percentage also think 4G and super internet speed will increase the usage of remote access.
There are a number of reasons driving the increase in home working – record fuel prices, strikes on public transport, ash clouds, even consumerisation of IT to some extent. As more people get ‘gadgets’ that allow them the flexibility to work wherever, whenever – the more windows the organisation’s security team need to monitor.
If you are going to open up the network’s perimeter you need some way of doing so securely and verifying that those connecting are who they say they are. If you don’t, it’s the equivalent of leaving your physical office open, with all the filing cabinets unlocked, for every Tom, Dick and Harry to walk in and rifle through.
Looking at how users currently authenticate themselves to the network, the study found 88 percent rely on physical authentication tokens, of which a worrying 69 percent are RSA tokens. Additionally, given the rising number of corporate hacks in recent months indicating the necessity for enhanced security, disturbingly six percent of those organisations who already allow users to access remotely don’t require authentication to do so.
Ever since RSA announced it had suffered a breach in March there were serious questions raised whether its tokens were compromised. The subsequent cyber attack against Martin Lockheed confirmed they were, virtually forcing RSA’s decision to replace all 40 million SecurID tokens – not a cheap exercise and one it won’t have taken lightly.
While that’s all meant to be reassuring for its customers the fact remains that information with seed details on a database can be compromised, as was proven. The question its users need to ask themselves is ‘can RSA really be trusted not to fall victim to another breach in the future?’ We’ve said it before, and I’ll say it again, the most secure method of two factor authentication is to randomly generate any required keys within the customer’s environment – not on an external disparate database.