This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."
Download it now to read this article plus other related content.
From tokens to biometrics, there are many user authentication options. Organizations must carefully evaluate the choices.
Christopher Paidhrin had no difficulty selling an enterprise single sign-on and fingerprint authentication solution to upper management at Southwest Washington Medical Center. Quite simply, it took out the hassle factor of HIPAA compliance.
"By implementing this solution we addressed eight principal requirements and 15 secondary requirements," says Paidhrin, senior security officer for ACS Healthcare Solutions, the IT outsourcing partner to the the hospital.
Regulatory requirements, like HIPAA and new regulations such as Federal Financial Institutions Examination Council (FFIEC) rules, are forcing organizations to scramble for authentication and identity management options. Meanwhile, the Homeland Security Presidential Directive 12 (HSPD 12) mandates that federal agencies must have a single ID card for physical and IT access by Oct. 27.
Because of these new and existing regulations, Information Security and SearchSecurity.com readers rank strengthening authentication as their top ID and access management priority for this year.
More information from SearchSecurity.com
Learn how to establish and maintain an effective identity and access management plan in Identity and Access Management Security School.
Visit our resource center for tips and expert advice on implementing identity management and access control measures.
In general, organizations should consider which regulations impact them and conduct a risk analysis of their systems. From there, they can decide the most appropriate authentication methods to apply so they're protecting systems with sensitive data and meeting regulatory requirements without going overboard.
Tokens, smart cards, biometrics and certificates all offer stronger ways of identifying users, customers and partners. Each has its strengths and weaknesses and costs can be anywhere from $1 to $35 per user. As a result, companies must weigh their costs with the benefits and understand that each solution doesn't necessarily provide sure-fire security.
This was first published in August 2006