GDPR Requires Better Methods Of Authentication

Uploaded on 2019-07-30 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

Just over a year ago the EU General Data Protection Regulation (GDPR) came into effect and this law is now enforcing a far more secure data management regime.  The GDPR  goes wider than just the EU as it effects any global organisations which works within the EU. It has brought tighter data and privacy rights for users.

As many of the cyber-attacks on organisation come from phising emails and weak or stolen passwords and could quite easily have been prevented by organisations improving their customer authentification process.

Indeed, one-time passwords (OTPs) have been shown to be easily susceptible to phishing attacks.  What is needed are authentication methods that transcend the legacy of the password and centrally stored shared secrets (including OTPs) in favor of an approach that leverages public key cryptography and allows users to authenticate locally with devices they use every day.

As the regulatory landscape that businesses need to navigate is becoming more complex, patching systems to satisfy the bare minimum of GDPR simply will not do going forward. Not only does this risk backfiring as the risk of breaches rises, but it also ignores the customer who in many cases expects, or even demands, smoother methods of authentication than have been offered in the past.

Biometrics Authentification 
Over the past few years, more and more consumers and businesses are coming into contact with biometric authentication in their daily lives.  This is largely due to more readily available biometric capabilities in every-day devices as well as the increased robustness of security in biometrics, which is continuing to stimulate an increased trust in replacing password entry with swiping a finger, speaking a phrase or looking at a camera on a device.

Defined as ‘sensitive personal data’ under GDPR, biometrics are now tightly regulated and any handlers of it must perform stringent assessments prior to any processing taking place. That is good news, and has not hindered continued development of services leveraging biometrics securely.

On the contrary, entities can now leverage biometric authentication while avoiding the liability associated with having to collect, control, or process the data themselves. 

Turning the Tide
The last ten years has seen the development of international standards for authentication that are a natural fit with the new regulatory requirements, while also helping to augment innovative technologies that simplify and strengthen authentication for businesses and users alike. 

The Fast IDentity Online Alliance (FIDO) has developed standards that not only provide stronger authentication with a better user experience, but that also fully comply with regulations pertaining to data security, biometrics, consent and individual rights.

Indeed, the international standards community has been working diligently over the past several years to deliver a common mechanism that strictly complies with GDPR and other regulations without requiring online service providers to purchase or distribute special software or hardware to their users.

This emerging open standards ecosystem for user authentication, complete with third-party certification programs for independent validation, is well positioned to reduce the risk and costs of GDPR compliance around the world.

Infosecurity Magazine:

You Might Also Read:

Clayden Law: GPPR Is 1-Year Old:

Using Identity Access Management:

 

 

 

« Expert Hacker Spared Jail
Cyber Security Threats Are Growing In 2019 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

IS Decisions

IS Decisions

IS Decisions provide solutions to secure, control & audit user access to Microsoft Windows Server-based networks.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

The Cyber Guild

The Cyber Guild

The Cyber Guild is a not-for-profit organization working to improve the understanding and practice of cybersecurity, and to help raise awareness and education for all.