A white paper on the legal aspects surrounding user authentication in IT environments is available from GrIDsure.
Written by European law firm Field Fisher Waterhouse, the paper reviews aspects of the legal framework for data security, including the law of confidence and the law of negligence, the EU Data Protection Directive, and rules on corporate governance. It also examines the legal meaning of โstate of the artโ in the context of selecting an adequate technology solution for user authentication.
The authors go into why some of the most commonly used authentication technologies are open to security threats, and evaluate the concept of Pattern Based Authentication against key criteria for choosing an authentication method as well as compliance criteria.
โProtecting information is a business critical interest and a legal obligation,โ said Daniel Mothersdale, CEO at GrIDsure. โBut as many of the recent data breaches have shown, traditional authentication methods such as passwords and ID tokens arenโt secure enough to keep up with the requirements of cloud computing and mobile access.โ
โWith the European Union now planning to make it mandatory for all businesses to notify customers of data breaches, companies find themselves under immense pressure to implement ubiquitous strong authentication โ every day, for every user, for every service, irrespective of the endpoints used. Itโs a matter of compliance with data security law, but also a matter of adequately protecting you employeesโ and customersโ identities,โ he added.
The white paper is titled โGrIDsure Pattern Based Authentication: A perspective from a data security law point of viewโ, and is available for free download from the GrIDsure website –
