Menu
INSIGHT: Why security solutions are risking the Digital World

INSIGHT: Why security solutions are risking the Digital World

"Security solutions like these have the very real potential to create major risks in our new digital world."

This week, a password security company announced that it had been the victim of what they described as a “network compromise” by an unknown intruder. In other words, the company had been hacked.

This event has created a frenzy of speculation in the press.

The nature of this data breach is unique in that it exposed master passwords and customer data used to gain access to a multitude of user passwords that the security company manages.

You see, the company specialises in providing password management services to alleviate the need for remembering countless passwords for both business and personal app use.

Having to remember all types of ever-increasing complex passwords just to conduct your daily affairs is a real problem for many people today.

So, this particular company offers its customers a cloud-based vault to store all of their passwords and automatically link to the appropriate app to expedite login. This is a great solution to a major information security headache.

However, as this week’s announcement demonstrated, there is a serious downside. While the password security company could safely say that all the passwords stored in its vault were safe, it could not say the same for the master passwords used to access the vault by each customer.

Evidently, the hackers gained access to the master passwords as well as other customer identifying data. The company’s suggested resolution to the problem is to have each customer change their master password. This is not a very comforting message for the customers impacted.

Security solutions like these have the very real potential to create major risks in our new digital world. So, how can situations like this be avoided?

A great way to start is to first understand the potential risks of a digital solution through the lens of its analog equivalent. In this case, the analog equivalent is the use of the traditional safety deposit box within a physical bank vault.

Keys to each box are provided to each customer and the bank has a key. Both keys must be used to access the contents of the box.

This analog approach is similar to using multi-factor authentication. Two keys are required to access the vault – the master password (customer safety deposit box key) and a code generated by a third-party app (bank key).

While the password security company does offer multi-factor authentication, it is not required for use by its customers. After this week’s announcement, that may be a decision they reconsider.

By John A. Wheeler - Research Analyst, Gartner

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Gartnersecuritymalware

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments