GDPR Requires Better Methods Of Authentication

Uploaded on 2019-07-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Just over a year ago the EU General Data Protection Regulation (GDPR) came into effect and this law is now enforcing a far more secure data management regime.  The GDPR  goes wider than just the EU as it effects any global organisations which works within the EU. It has brought tighter data and privacy rights for users.

As many of the cyber-attacks on organisation come from phising emails and weak or stolen passwords and could quite easily have been prevented by organisations improving their customer authentification process.

Indeed, one-time passwords (OTPs) have been shown to be easily susceptible to phishing attacks.  What is needed are authentication methods that transcend the legacy of the password and centrally stored shared secrets (including OTPs) in favor of an approach that leverages public key cryptography and allows users to authenticate locally with devices they use every day.

As the regulatory landscape that businesses need to navigate is becoming more complex, patching systems to satisfy the bare minimum of GDPR simply will not do going forward. Not only does this risk backfiring as the risk of breaches rises, but it also ignores the customer who in many cases expects, or even demands, smoother methods of authentication than have been offered in the past.

Biometrics Authentification 
Over the past few years, more and more consumers and businesses are coming into contact with biometric authentication in their daily lives.  This is largely due to more readily available biometric capabilities in every-day devices as well as the increased robustness of security in biometrics, which is continuing to stimulate an increased trust in replacing password entry with swiping a finger, speaking a phrase or looking at a camera on a device.

Defined as ‘sensitive personal data’ under GDPR, biometrics are now tightly regulated and any handlers of it must perform stringent assessments prior to any processing taking place. That is good news, and has not hindered continued development of services leveraging biometrics securely.

On the contrary, entities can now leverage biometric authentication while avoiding the liability associated with having to collect, control, or process the data themselves. 

Turning the Tide
The last ten years has seen the development of international standards for authentication that are a natural fit with the new regulatory requirements, while also helping to augment innovative technologies that simplify and strengthen authentication for businesses and users alike. 

The Fast IDentity Online Alliance (FIDO) has developed standards that not only provide stronger authentication with a better user experience, but that also fully comply with regulations pertaining to data security, biometrics, consent and individual rights.

Indeed, the international standards community has been working diligently over the past several years to deliver a common mechanism that strictly complies with GDPR and other regulations without requiring online service providers to purchase or distribute special software or hardware to their users.

This emerging open standards ecosystem for user authentication, complete with third-party certification programs for independent validation, is well positioned to reduce the risk and costs of GDPR compliance around the world.

Infosecurity Magazine:

You Might Also Read:

Clayden Law: GPPR Is 1-Year Old:

Using Identity Access Management:

 

 

 

« Expert Hacker Spared Jail
Cyber Security Threats Are Growing In 2019 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Federal Bureau of Investigation (FBI) - USA

Federal Bureau of Investigation (FBI) - USA

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Innerworks

Innerworks

Innerworks intelligent bot detection. Innerworks is building the future of behavioural data on web3.

Data-Sec

Data-Sec

Data-Sec GmbH has been a trusted partner for mid-sized enterprises in the DACH region since 2009.