Two-way authentication guards firms and customers

Organisations should develop two-way authentication methods to deal with the problems of identity theft and electronic fraud, according to CA security expert Simon Perry.

Perry, who is CA’s vice-president of security in Europe, the Middle East and Africa, said current authentication techniques are usually one-way - allowing organisations to confirm the identify of users but not helping users to confirm the identity of organisations.

Perry argued that to tackle problems such as phishing scams, firms now need to develop two-way identification systems, so individuals can verify the identity of organizations. This would prevent scammers from posing as trusted third parties, such as banks, to elicit sensitive data from users.

“With the rise of online banking and ATMs, there’s no guarantee for the individual to prove it’s their bank, as they’re not actually walking into a high street branch,” Perry said. “Until organisations go back and rethink the model, they won’t solve the problems with strong authentication as it’s still based on one-way.”

Perry added that he seed little opportunity at present for combined identity management systems to control access to buildings and IT systems. “When you explain the nitty-gritty details of what it would mean, firms aren’t so happy,” he added. “For very secure premises, it’s a great idea. But it’s not good right now for the mainstream.”

Meanwhile, CA is focusing on building services around its existing product lines. “We’re not likely to make any big acquisitions in line with the size of Netegrity. The building blocks are in place now, so our strategy is focused on those and on executing our existing EITM [Enterprise IT Management] plans,” he said. “We’re going to be building capabilities into our products for roles discovery and process management and services to go with that.”

The vendor aims to develop and promote a range of pre-deployment consultancy services, targeting existing customers with whom it already has trusted relationships. To support these efforts, CA will build up a consulting division that will operate under the existing corporate brand. “We’re moving from selling a piece of software to having a long-term relationship with certain customers,” Perry added.

Perry added that customers need reassurance that CA’s services will not be biased. “If we give the impression that all advice leads to CA [solutions], they’ll chuck it back,” he said. “We can offer ways of how CA might solve problems, but we’re not trying to be a systems integrator.”