GDPR Requires Better Methods Of Authentication

Uploaded on 2019-07-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Just over a year ago the EU General Data Protection Regulation (GDPR) came into effect and this law is now enforcing a far more secure data management regime.  The GDPR  goes wider than just the EU as it effects any global organisations which works within the EU. It has brought tighter data and privacy rights for users.

As many of the cyber-attacks on organisation come from phising emails and weak or stolen passwords and could quite easily have been prevented by organisations improving their customer authentification process.

Indeed, one-time passwords (OTPs) have been shown to be easily susceptible to phishing attacks.  What is needed are authentication methods that transcend the legacy of the password and centrally stored shared secrets (including OTPs) in favor of an approach that leverages public key cryptography and allows users to authenticate locally with devices they use every day.

As the regulatory landscape that businesses need to navigate is becoming more complex, patching systems to satisfy the bare minimum of GDPR simply will not do going forward. Not only does this risk backfiring as the risk of breaches rises, but it also ignores the customer who in many cases expects, or even demands, smoother methods of authentication than have been offered in the past.

Biometrics Authentification 
Over the past few years, more and more consumers and businesses are coming into contact with biometric authentication in their daily lives.  This is largely due to more readily available biometric capabilities in every-day devices as well as the increased robustness of security in biometrics, which is continuing to stimulate an increased trust in replacing password entry with swiping a finger, speaking a phrase or looking at a camera on a device.

Defined as ‘sensitive personal data’ under GDPR, biometrics are now tightly regulated and any handlers of it must perform stringent assessments prior to any processing taking place. That is good news, and has not hindered continued development of services leveraging biometrics securely.

On the contrary, entities can now leverage biometric authentication while avoiding the liability associated with having to collect, control, or process the data themselves. 

Turning the Tide
The last ten years has seen the development of international standards for authentication that are a natural fit with the new regulatory requirements, while also helping to augment innovative technologies that simplify and strengthen authentication for businesses and users alike. 

The Fast IDentity Online Alliance (FIDO) has developed standards that not only provide stronger authentication with a better user experience, but that also fully comply with regulations pertaining to data security, biometrics, consent and individual rights.

Indeed, the international standards community has been working diligently over the past several years to deliver a common mechanism that strictly complies with GDPR and other regulations without requiring online service providers to purchase or distribute special software or hardware to their users.

This emerging open standards ecosystem for user authentication, complete with third-party certification programs for independent validation, is well positioned to reduce the risk and costs of GDPR compliance around the world.

Infosecurity Magazine:

You Might Also Read:

Clayden Law: GPPR Is 1-Year Old:

Using Identity Access Management:

 

 

 

« Expert Hacker Spared Jail
Cyber Security Threats Are Growing In 2019 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

TSARKA

TSARKA

TSARKA (formerly the Center for Analysis & Investigation of Cyber Attacks - CAICA) is a leader in cybersecurity in Central Asia, playing a key role in protecting government and private IT assets.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Innova

Innova

Innova is Turkey's leading IT solutions company, providing platform independent solutions to organizations in telecommunication, finance, production, public and service sectors.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).

Center for Technology Training (CTT)

Center for Technology Training (CTT)

CTT is a distinguished Computer Training School in Tampa. We specialize in offering comprehensive IT certification programs, including Cyber Security.