News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Jerri Ledford's picture
Jerri Ledford

More posts | Read bio

September 1, 2006 - 7:09 P.M.

Identity protection for devices

3 comments

Most people are familiar with the dangers that viruses and other malicious software pose to both organizations and individuals.  But did you know that's not the greatest danger out there?  According to the CW article, it's not.  Far more dangerous potential rests in the usernames and passwords that are used to gain access to networks and applications.

The organization that's done the study, Trusted Strategies, LLC, suggests that all it would take to help reduce the threat from stolen usernames and passwords is to implement device authentication--like identity theft protection for your devices.  I love it.  It's an excellent idea that organizations should put serious thought into implementing. 

According to the findings of the Trustred Strategies study, about 80 percent of breaches that involve stolen usernames and passwords happen from a computer that's not connected to the network.  If an organization could prevent computers that aren't registered on a network from accessing them, even with a correct username and password, the savings could be potentially tremendous.  And really, why would someone want to access a network from a computer that's not registered on that network?

There might be instances where a sales person or executive is in a position where they don't have access to a computer that is registered on the network, but those instances are relatively few in the grand scheme of things.  And surely the IT department could manage a way to allow temporary, monitored access in those situations.  For that matter, a no-exceptions policy would be the preferred method of implementing this type of technology, even if it is a little inconvenient for users.

That's the overarching issue with security on most levels.  Users find it inconvenient.  But convenience is creating havoc, and in order to get things under control, inconvenience is a necessary evil.  It shouldn't be easy for users to access corporate data.  It shouldn't be easy for users to gain access to corporate networks.  Extra steps would serve to discourage hackers and criminals, and users would be more protected.  Of course, most people don't see the benefits of a little extra inconvenience.  But over time, they'll get used to it.

So, go ahead.  Implement some device authentication.  And make the accessing process a little more difficult to navigate.  Then put in some ear plugs and resign yourself to being the least favorite person on the security team...at least for a little while.  When you data is protected, it'll be worth it.

What People Are Saying

Add new comment

Identity protection for

Submitted by Anonymous on September 5, 2006 - 11:20 A.M.

Identity protection for devices - IPD, DIP - Device Identity Protection. New shiny acronym for your favorite marketing low-life.

Funny - it does exist already, in several forms, from simple MAC address filtering to tokens, dongles, etc.

It's probably time to stop selling idiots old things under new names. Freaky conmen of marketing, banking etc. industries are better in it, anyway. Do not help them, and they will die as they deserve.

Report this comment

From what I can see, device

Submitted by Tom on September 4, 2006 - 5:09 P.M.

From what I can see, device authentication is fine for worldwide company intranet-type sites, but not a viable security method for, say, a bank. That would involve the software being installed on each computer a user would want to log in from and I can't imagine the worlds' banks paying for all those licenses!

Report this comment

It's convenience versus risk

Submitted by Mila on September 1, 2006 - 8:17 P.M.

It's convenience versus risk of a security breach... and to me, preventing a security breach is more important. Data breaches have been rampant, and at this point organizations should be employing all kinds of different technologies and software to help stop this problem.
When it comes to identity theft and sensitive information, you never want to say to yourself... or the press, for that matter..."I SHOULD'VE secured that information."

Report this comment

Related Posts

ACEs ace Turing test? Errr, no.
Do Railhead right or don't deploy until it IS right
Need to discover some open source enterprise apps for your business? You should have been at LinuxWorld
Surveillance video: More than just watching

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
First iPhone worm spreads Rick Astley wallpaper
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.