What's driving authentication as-a-service_a q&a with confident technologies' cto, roman yudkin


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

What's driving authentication as-a-service_a q&a with confident technologies' cto, roman yudkin

  1. 1. What's Driving Authentication-as-a-Service? A Q&A With Confident Technologies' CTO, Roman Yudkin In light of the recent article in Dark Reading "Authentication-as-a-Service Gains Steam", we thought we'd ask Confident Technologies' Roman Yudkin to expand a little on his opinion about what's driving the growth behind authentication-as-a-service and what challenges remain. Q: What are the major factors driving growth in the authentication-as-a-service (AaaS) sector? A: While hosted authentication solutions may seem like something that would be adopted by small to midsize businesses, we’re actually seeing an increasing number of large enterprises are beginning to adopt authentication-as-a-service (AaaS), particularly large enterprises that have consumer-facing websites and services. Authentication processes directly influence consumer’s perception of trust, especially in areas like online banking and retail – the authentication process is often the aspect of security that is most visible to users. The growth of AaaS is being driven by the larger trend that is the fast growing adoption of strong authentication solutions (including two-factor and federated authentication solutions among others). Consumers are conducting more sensitive online transactions now than ever before – from online banking to managing retirement funds and stock portfolios online, to shopping, to simply having more sensitive, personal information accessible in their email and social networking accounts. This has, of course, led to an increasing number of online threats. At the same time, there are a growing number of regulations around strong authentication that businesses must comply with. For these reasons, more companies are realizing that they need stronger authentication methods than a simple username/password scheme built in-house and they’re turning toward hosted solutions to solve the challenges. They realize that they need to improve their security and authentication practices, but they may not have the expertise in house to create or manage a strong authentication or two-factor authentication system themselves. A hosted authentication solution can bring to businesses the following benefits:        Improved reliability and scalability Reduced online fraud Ability to meet regulatory requirements (FFIEC, HIPAA) Quicker deployment No need for the in-house expertise or large monetary investment needed to build a two-factor authentication system and associated infrastructure from scratch No need for dedicated personnel to manage the authentication solution or stay ahead of the latest emerging threats An AaaS provider has the benefit of being able to see aggregated data across numerous enterprises and identify large-scale attacks or security threats that are occurring across multiple sites, and use this knowledge to help protect their other customers from such threats.
  2. 2. While of course there are strong drivers for secure authentication solutions in the financial services market, we’re seeing authentication-as-a-service grow in many sectors including healthcare and online retail. Q: What are the major challenges still facing the market? A: One of the major challenges facing the maturation of the market centers around costs and whether or not businesses place enough value on authentication to allocate the money for a hosted solution. There are many long-engrained, bad habits around authentication and some businesses and IT professionals still believe that a simple username/password scheme is good enough because that is the way authentication has always been done. Many businesses even allocate an assigned budget to cover the costs of online fraud rather than spending the money to invest in new technologies or to pay for a hosted authentication service that would increase security and reduce fraud. Some businesses, especially those that have consumer-facing websites or services fear that a stronger authentication system (such as a two-factor authentication solution) would introduce too much “friction” or inconvenience to the user. So, they stick with the traditional username/password scheme because that’s what consumers are familiar with, even though it’s less secure. To drive growth and the maturation of the market, businesses need to place a higher value and importance on the authentication process and need to not be afraid to require users to be engaged in their own security. I think we’re seeing more recognition of that today after major online password breaches like the one at Sony. Businesses are seeing that the fallout of such a breach has a lasting negative impact on the business and the brand. A hosted authentication service can help provide the necessary balance of strong authentication and ease-of-use more than a solution built in-house may be able to.