The growing number of data breaches over the last few years prove at least one thing: Passwords alone can’t protect you or your enterprise. Good news: There’s a solution. I’m talking about Multi-factor authentication (sometimes called MFA). Multi-factor authentication combines two or more independent credentials: what the user knows (PIN), what the user has (security token) and what the user is (biometric verification).
Why Multi-factor Authentication?
There are multiple forms of Multi-factor authentication, but they all serve the same purpose of protecting your accounts and/or enterprise from being hacked in case somebody gets their hands on your login info.
Most simply, the purpose of Multi-factor authentication is to prove that you’re the person who owns the account in question.
In our work with enterprise organizations, YubiKeys are perhaps, the most popular option for Multi-factor authentication. The YubiKey supports multiple methods for authentication, enabling the same key to be used across services and applications.. Instead of an ever-changing code, the user population uses hardware tokens that can be clipped to their keys. While they exist in various shapes and sizes, they usually resemble a small USB flash drive that plugs into the device you’re using, be it a smartphone or PC, and serves as a form of extra identification.
But just as with any new enterprise security solution — no matter how great the technology — the magic is in the deployment. How easily can the solution be rolled-out enterprise-wide? How simply can it be managed by the IT team? How accessible and friendly is it for the end-user population?
à this needs to be more precise, we should list the components: A Certificate Authority, an Authentication Server, a Credential & Device Lifecycle Management Server.
Enter, Axiad ID Cloud
• Brings together the right components (e.g. certificate authority, authentication server, credential, and device lifecycle management server) into a turnkey system that is readily integrated into the existing enterprise infrastructure;
• Unleashes the power of the YubiKey technology quickly, simply and reliably across the enterprise for a better experience by administrators and users, alike;
• Protects the full digital ecosystem, ensuring trusted interactions between humans, machines, devices and transactions;
Why is this necessary? Let me give you a real example from one of our clients. To protect the company’s identity, we’ll just refer to this customer as a U.S.-based manufacturer of control systems.
What Do You Do with 15,000 YubiKeys?
In 2018, this manufacturer made the decision to deploy YubiKeys across its organization to protect its network and applications. It was an easy decision based upon the YubiKey’s stellar reputation for providing a great user experience and its flexibility in supporting multiple protocols.
So far everything sounds smart — nothing too, out of the normal.
Well, what if I shared that the manufacturer purchased 15,000 YubiKey 4 Series. Not only is that a lot of YubiKeys, but when you factor in the diversity of populations, devices and protocol requirements across a large manufacturing enterprise — the task goes well beyond simply handing out keys.
The manufacturer started with a pilot project — deploying the YubiKeys just within the IT team. After a couple of months, they had only deployed 50 of the 15,000 YubiKeys and were already struggling to manage those 50 deployments. Without a formal process, the team was attempting to manage the YubiKeys via a spreadsheet — tracking users and individual keys.
Further complicating the deployment, while the YubiKey integrates with multiple protocols, if the IT team isn’t trained to do the integration — or a specific integration — the whole project can stall. In the case of this particular manufacturer, the team who had originally set-up Microsoft CA in the enterprise was long gone and modifying the settings to accommodate the new YubiKeys was more challenging than anticipated.
It was at this time, the IT director realized that his team — while highly-skilled — would not be able to meet his promised deployment date. Axiad IDS, partnered the manufacturer’s team and — with Axiad ID Cloud — was able to deploy 1,000 YubiKeys across multiple sites in the first four weeks of collaboration. And full deployment of the 15,000 YubiKeys will be completed ahead of deadline.
You can learn more about how Axiad ID Cloud is helping enterprise organizations deploy and expand YubiKeys into secure PKI devices providing data and transactional security on our website. You can also feel free to reach out to me direct at: email@example.com.
Jerome Becquart is the Chief Operating Officer at Axiad IDS. Axiad IDS provides trusted identity and access solutions allowing customers to: safely interact online; the freedom to access information from anywhere; and the confidence to fully benefit from today’s digital world.
To consult with an Axiad IDS security expert, feel free to reach out to me at firstname.lastname@example.org.
Join the Axiad IDS community of subscribers and get an email update with the latest news including our monthly blog posts.
Jerome Becqart is a Chief Operating Officer at Axiad IDS. Axiad IDS provides trusted identity and access solutions allowing customers to: safely interact online; the freedom to access information from anywhere; and the confidence to fully benefit from today’s digital world.
To consult with an Axiad IDS security expert, feel free to reach out to me at email@example.com