New, patented cloud services brokerage (CSB) providing secure identity management and cloud services distribution has been launched designed to eliminate the need for passwords. The product from British cloud security software company Secure Cloudlink Ltd – Secure Cloudlink – supports three factor, SSO (single sign on) and biometric user authentication butdoes not store, send or replicate any user credentials outside of an organisations’ directory service.
Secure Cloudlink acts as a secure, centralised user authentication and application to manage user access rights to all authorised applications without the need to create and manage internal domains.
Brian Keats, CEO, Secure Cloudlink Ltd, said: “Passwords are quickly evolving into an untenable means of authentication because of their fundamental security vulnerabilities. That evolution is being accelerated by the dramatic shift to mobile computing and the ever-rising tide of data breaches. We identified the need for a fundamentally new way of anonymous authentication bypassing the vulnerabilities that exist because of the inherent properties of passwords being human-accessible shared secrets.”
“It’s impossible to use the same password everywhere because different sites insist on different password formats. Even if it were possible, it wouldn’t be sensible. So we tend to use many different passwords and then forget which password to use for what, so resort to using similar passwords and never changing them, or to writing them down. Either way, security is compromised.”
According to Gartner in its report ‘Design IT Self Service for the Business Consumer’ “password resets account for as much as 40 per cent of IT service desk contact value.” The firm’s token passing authentication method requires no user credentials to be stored separately or outside of the directory service – according to the firm, reducing the risk of a cyber breach and costs associated with password reminders.
Brian added: “This usability problem has got worse in recent years through the ubiquity of smaller keyboards such as those on mobile devices, more complex requirements for “password strength” at many sites, and the introduction of one-time-passcodes as a second factor “secret” that forces the users to type not one, but two passcodes every time they authenticate. Although some organisations are investing in technology to automate password resets to reduce the number of calls user credentials still persist exposing the organisation to the threat of cyber attack. At SCL our approach is to eliminate the passwords and streamline the granting of access to applications, IT resources and on-line services.”
Secure Cloudlink adds that users can be provisioned access both at single and group level, and with a bulk upload facility. Secure Cloudlink says that it provides an environment that allows centralised management access to employees, contractors, suppliers and customers without creating new domains and user accounts in an existing directory. The company has already sold the Secure Cloudlink solution to customers across a range of markets including government, SaaS providers, and financial institutions. Visit http://www.securecloudlink.com.
