Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Tokens Or Cards The Key To Securing Enterprises

How many more miserable Mondays like today
will it take before network administrators really start hollering for better ways to secure their networks? From his weak promises last week about security enhancements for Windows, it's obvious that Bill Gates and Microsoft aren't moving at the speed of light on this topic. But there was some hope for help last week in other presentations at the RSA Conference, where VeriSign and Sun Microsystem advanced well thought-out plans for using tokens or smart cards to authenticate network users.

Tokens for logons might seem like a burden, but anyone who works on a corporate campus is already used to carrying around a card for building access. It makes sense to extend that same security model to the virtual world, especially since so much of enterprise business is conducted on the world's wires, fibers and wavelengths.

As part of his keynote speech, VeriSign CEO Stratton Sclavos outlined the company's Open Authentication reference architecture

(which they call OATH), a plan that seeks to set standards that would let companies build open-architecutre ways to combine user IDs with a software or hardware token (a card, fob or other device) to form a combined credential that validates identities for network or application access.

"It's time to rethink authentication," Sclavos told the audience at his Wednesday talk. "We need a new ecosystem to build better [security] products, that work together."

So far, VeriSign has some good lip service from some potentially strong partners for OATH products. VeriSign also has plans to move some of the authentication procedures into the network, which could potentially ease the pain for network administrators, going forward. At the very least, IT pros should make OATH compliance a check-list item whenever security vendors come calling.

  • 1