One of the characteristics of the recent decade is an increasingly connected global community with some events that occur in one region that would impact other parts of the world. In the business community, a recurring theme of the digitalisation era is improving the engagement with the customer.
One of the revelations of the COVID pandemic is just how reliant enterprises are on ecosystems of suppliers and partners to support the new customer engagement paradigm.
The new security perimeter
The accelerated transition to the cloud during the early days of the pandemic has revealed just how unprepared enterprises are for the always-connected digital society.
As more organisations prioritise cloud strategies, the lack of foresight, or experience around the ‘how to’ of cyber readiness, has exposed just how organisations, and their customers, are vulnerable to threats that thrive on the internet.
With the rise in cyberattacks against consumers and enterprises, organisations have realised that strong authentication measures are necessary to protect sensitive information. One approach is around the use of multi-factor authentication (MFA).
Schomburgk cautions, however, that not all MFA technologies are created equal. Reflecting on the growing sophistication and persistence of attacks, he suggests moving to a phishing-resistant form of MFA, such as a security key based on the FIDO standard, or passkeys.
For Schomburgk, securing that identity with strong authentication protocols is a very good start.
Of passkeys and FIDO standards
Back in 1961, MIT computer science professor, Fernando Corbato, created the Compatible Time-Sharing System (CTSS), to allow multiple users to access a single computer system simultaneously. This is the beginning of what we now refer to as passwords – digital credentials used to authenticate a user’s identity and his or her right to access information or facilities.
Over the years, human behaviour has put into question just how effective passwords are in securing the very systems and data they were meant to protect. In recent years, organisations like Google, Yubico and the FIDO Alliance, have worked to define more secure models for authenticating user access.
In May 2023, Google unveiled plans to encourage the adoption of passkeys by users of its services. According to Schomburgk, with Apple and Microsoft also indicating support for passkeys, that is about 90% of the world’s online systems work on one of these platforms.
“If you think about the purpose behind passkeys and the FIDO alliance is to make logins highly secure, phishing-resistant and to make it easy to use and available at a global scale,” he opined.
Hurdles to passwordless adoption
Schomburgk is cognizant that universal adoption of passkeys or passwordless technologies will take time. He pointed out that on the supply side, the technology industry is coming together to say, passkeys are a good thing. They are secure, convenient, and are available.
He conceded that the challenge is on the demand side – for consumers to take up passkeys.
“It is about awareness, and do we force that (adoption) top down? How do we encourage adoption? That, I think, is the challenge that we're now facing,” he continued.
Security in 2024
Asked to share his thoughts on what security will look like in 2024, Schomburgk believes that the adoption of passwordless technologies will continue. He acknowledged that it is still early days for the passwordless trend.
“As an industry, we want to sort of take those cases and share that knowledge. We want to get people to understand that the change is not so hard, and it does bring with it quite a lot of benefits,” he continued. “From an economic point of view, it does bring a real positive business case so that's going to be a lot of the focus.”
Click on the PodChat player as Schomburgk details how users and enterprises can maintain a trusting relationship digitally and online.
- When we think of ‘online relationships’, people tend to think about it in a traditional sense but why should businesses and their employees be wary of their online relationships with suppliers, service providers or even customers?
- Speaking of digital identity, are online service providers generally expected to keep our accounts and personal data secure?
- In the security space, the term security perimeter. How does Zero Trust negate the shortcomings of traditional authentication methods?
- Why are you encouraging a call to action aimed at the providers of online services that they should be doing more to keep their online services safe and secure from predators?
- How secure are passkeys based on FIDO2 standards?
- What does the broad move towards passkeys spell for businesses and end-users in Asia Pacific?
- What are some key hurdles to a passwordless future, and how could they be overcome?
- In your opinion, why and how should industries and organizations in Asia Pacific see wider adoption of and access to passkey security?
- What are the major tech companies doing to make us change how we protect our online relationships?
- For CISOs, any best practices for introducing and even demanding from suppliers the use of passkeys? How can they get buy-in from CIOs, IT and the C-suite?
- 2024 is around the corner. What is your expectation of the security landscape?