RiskProNet News


RPN Technology Group Looks at Proactive Data Protection

Dual-factor authentication using personal cell phones is an increasingly popular and effective data security system, Duo Security’s Nick Padula told the IT Practice Group at its teleconference this month.

Padula was introduced by Practice Group Chair Keith Oufnac of Eustis Insurance & Benefits.

If security systems are complicated, too many people fail to use them, both Padula and Oufnac agreed. Duo’s system is easy, Oufnac said, and he and Padula described how the dual-factor process works.

Dual-factor authentication consists of “something you know and something you have.”

A bankcard is the simplest example. You have the bankcard in your possession and you know your personal identification number.

People used to be asked to carry key fobs or other physical items, in addition to remembering passwords, to access corporate data. It is easy to forget a key fob, but people usually remember to bring cell phones with them. With Duo’s system, a person logs into a program, receives a message on a cell phone and can press any key on the phone to confirm his identity.

The Duo system not only verifies users but also checks the security or “hygiene” of the devices from which they are accessing data, Padula said. Services also include checking devices in use by a client.

This is important, he said, citing the results of a recent Verizon study of security breaches. Verizon found that 95 percent of security breaches involved compromised end user credentials, and 75 percent involved compromised devices.

Duo Security was founded in 2009 and is a privately held company backed by Google Ventures and True Ventures. Its customers include global Fortune 500 enterprises like Bechtel, Thomson-Reuters and Toyota, as well as small and mid-sized companies.

Additional information: InfoWorld: “Annual Verizon security report says sloppiness causes most data breaches”



RiskProNet Previous Posts
Subscribe to Member’s News