IBM today as part of an effort to make various forms of identity access management (IAM) software more easily accessible, opened an online marketplace through which IT organizations can download multifactor security software from IBM and others.
Brian Mulligan, offering manager for Access and Authentication at IBM Security, says the IBM Security App Exchange is intended to make it simpler for IT security teams to evaluate multiple approaches to multifactor authentication spanning everything from hardware-based tokens, to biometrics. Third-party vendors participating in the IBM Security App Exchange include BuyPass, DualAuth, Imageware and Yubico.
Mulligan says most organizations are going to opt for different approaches based on specific use cases. The IBM Security App Exchange is intended to make it simpler to evaluate various authentication approaches based on their usability, says Mulligan.
“Every approach to multifactor authentication has tradeoffs,” says Mulligan.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
In general, Mulligan says, IBM is trying to foster more collaboration across the IT security industry at a time when cybercriminals now regularly collaborate with one another. Almost every successful attack in some form or another involves compromised credentials. That creates a compelling reason for IT security teams to collaborate with one another to implement various forms of multifactor authentication, says Mulligan.
Longer term, Mulligan says advances in machine and deep learning algorithms have a lot of promise when it comes to multifactor authentication. Face recognition software and other forms of biometrics based on machine learning algorithms are already being implemented on smartphones. Deep learning algorithms employed in a cloud service will also soon be able to transparently locate an actual user based on analytics derived from data collected by sensors and historical user behavior.
In the meantime, Mulligan says reliance on traditional passwords to secure applications is clearly problematic. Most end users cannot remember multiple complex passwords required to access hundreds of online services. That makes it incumbent on IT security teams to provide more sophisticated approaches to identity management that are not only more robust, but just as importantly, simple to use.