OATH to step up “strong authentication”

The demand for strong authentication tools may intensify over the next two years as manufacturers increasingly adhere to open standards.

Lower costs are also fuelling demand.

Security vendors say there’s been a significant decline in the price of strong authentication technologies from manufacturers involved with the Initiative for Open Authentication (OATH).

Launched in February 2004, OATH is a consortium of IT security players – device manufacturers, application developers, platform vendors – who banded together to provide a reference architecture for interoperability of strong authentication across all users, devices and networks.

The price of authentication tools drops as more players get involved with open standards, according to Rosaleen Citron, CEO of Burlington, Ont.-based White Hat Inc. She said authentication tokens are traditionally very expensive, but the emergence of open standards has driven down the cost.

Strong authentication enhances security by combining a user ID with a software or hardware ‘token’ to validate a user’s identity when accessing a software application or network.

Such authentication serves as either an alternative or an enhancement to password-based authentication, which industry experts believe have lost its security luster.

In the past, the greatest obstacle to the use of strong authentication technology has been its high cost, according to Marcus Shields, enterprise product manager for Toronto-based Soltrus Inc.

“It costs a lot of money to employ this proprietary solution from all the vendors. Once you have an open infrastructure, these (vendors) have to compete with one another on cost fraction. More people will use it and everybody wins because it’s more secure,” Shields said.

Soltrus is a Canadian affiliate of Verisign Inc., a leading advocate of OATH.

Shields predicts that over the next two years open standards will be a huge reality in the strong authentication market that proprietary suppliers will be “dragged kicking and screaming because the industry is going to call for it.”

He warns, however, that companies may try to circumvent open standards by claiming to be compliant, but actually produce products and services with “proprietary extensions” forcing companies to buy into their suite or face certain difficulties in implementation.

But so far, industry response to open standards has been “very good,” said Shields.

In addition to driving down the cost, open standards would give IT professionals great flexibility in selecting the technology and the vendors for strong authentication, according to White Hat Inc. CSO, Tom Slodichak.

By enabling interoperability, an IT department can implement the best possible authentication technology “and have it all work together seamlessly in a single security system,” he said.

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now