Information in many ways is the most powerful asset that companies acquire, retain, and use on a daily basis as they provide products and services to their customers. Intellectual property, customer information, personnel files, marketing research, financials, source code, product designs, and business plans are but a few of the kinds of data that keep a company running on a day-to-day basis.
Making sure access to this valuable data is controlled and limited to those individuals who are authorized to view, change, or manage this information is critical to ensure that confidential assets are not exposed and accessed by the wrong person. In today’s world, many bad actors, from individuals to state-sponsored entities, are actively trying to penetrate and thwart systems that protect this corporate information.
This primer is meant to provide an introduction and overview of authentication techniques and technologies for people who are less technically-oriented, but who need to have a familiarity or general understanding of the different systems and methods and the benefits and challenges of their implementation.
What is Authentication?
Authentication is the act of verifying that a person is who he or she claims to be. A familiar method of authentication is a simple username and password combination. These two pieces of information, when used together, can provide some level of assurance that only that individual would know both pieces of information.
Accessing private systems and networks clearly requires some form of identification because of potentially confidential information, trade secrets, intellectual property, and other communication that is not for public consumption.
Pre-Internet, most organizations were islands with few connections to each other. Larger companies that have multiple offices dispersed throughout the country or the world often had private networks that connected the disparate offices. Securing companies was significantly more straightforward than today. The level of connectivity that exists today with the Internet, wireless networks and mobile devices, and soon a proliferation of even the most mundane or common items such as appliances and furniture will soon be expanded with the “Internet of Things” trend. The job that administrators today face to secure their organizations is much more complex than days past. Pushing authentication requirements to all of these potential endpoints means there will have to be more robust ways to control access.