Access check by phone cuts costs

One-time passwords delivered by SMS secure access to Cyber-Ark's data vaults

Information security firm Cyber-Ark has updated its data vault technology with a novel user authentication method for secure access. Thanks to its partnership with specialist Mideye, firms can enable two-factor authentication using a worker's mobile phone - a method that is easier and cheaper than systems using security tokens or other devices, the company said.

Cyber-Ark's Network Vault and Inter-Business Vault products serve as secure storage areas for sensitive information within a firm, and for collaborating with partners, respectively. Customers include finance companies, legal firms that need to demonstrate due diligence, and other businesses wanting to ensure only authorised staff can access key information.

Mideye's system allows remote users to verify their identity by sending a one-time password to their phone when they request access to a vault. This is a new spin on strong authentication, according to Cyber-Ark's business development director Calum Macleod.

The one-time password is sent only to the worker's registered phone number after they enter their user name and standard password to gain access to a vault.

"This is very similar to using an RSA SecurID token, but the big difference is, I don't need a physical token," Macleod said. Firms that use tokens have found it can be costly to distribute and manage these devices across a large number of staff, he added. Another advantage of using a phone for authentication is that it is a device users will have with them most of the time.

"The key thing this solves is the guaranteed delivery of credentials to a worker, wherever they may be," Calum said. "You will also likely take more care of your phone than you would a token."

Cyber-Ark also supports other two-factor technologies, including tokens, and is agnostic about the type of two-factor system. However, Macleod said the combination of Mideye and Cyber-Ark is a good way for firms to support secure data transfer while reducing costs.

Mideye's system is available as a managed subscription service through mobile carriers, or firms can choose to install a Mideye server on their own network. Mideye is not being bundled with Cyber-Ark's vault systems, but most Cyber-Ark resellers can supply and integrate the two, according to Macleod.