Enterprise Authentication & The Challenges of Buy vs. Build
In today’s environment of both massive cyber breaches and individual identity hacks, authentication is key to the security of enterprise applications, data, and user information, both on the web and on mobile devices. The familiar ‘username and password pair’ has long been regarded as a poor method for authentication, yet many applications continue to rely on passwords alone.
Gartner and Twilio, who provide the Authy two-factor authentication service, recently discussed how enterprises can approach security: build an authentication service from scratch; buy an expert-designed service or eliminate the exposure to unnecessary risks by partnering with a cost-effective service that offers the flexibility to brand the experience and insert authentication where appropriate.
Gartner & Twilio Discuss:
In this Twilio webinar, Anne Robinson, Director of Research for Identity and Access Management at Gartner, walks us through key considerations concerning application security and authentication. Joining the broadcast to detail the benefits of cloud-based API authentication solutions, is Simon Thorpe, Product Director for Authentication at Twilio. Simon touches on how APIs allow application developers to tightly integrate security into their software without impeding the user experience. Additionally, using an API allows businesses to rely on external security SMEs for research, development, penetration testing, auditing, and ongoing maintenance—and significant cost savings.
Short On Time? Here are the Top Takeaways:
- Authentication is all about creating a link between a person in the physical world and the identity they possess in the digital world.
- Phone-based authentication seems new to many, but it’s been in use for over a decade, initially via SMS or voice, which were then challenged by cost and connectivity.
- Availability of authentication mechanisms has to be as good as, or better than, the service it’s protecting, especially in a global and 24/7 context.
- If supplemental authentications (not just logins) are an afterthought, integration may end up costing more than siloed solutions.
- Depending on your situation, cloud-based deployment may provide more flexibility than on-premise architecture.
- Because infrastructure decisions impact hosting, protection, audits, incident management, event monitoring, and many other challenges, it must be part of the end-to-end transaction process. Authentication can’t occur in isolation.
- It must be easy for users to discover and enroll in an authentication service. Likewise, when they’re no longer employed at an organization or no longer require authentication, the revocation must be strong and seamless.
- Providing access to authentication in an emergency context must avoid becoming the weakest link.
Ready to take action? Please enjoy this Twilio webinar featuring Gartner.
- Learn how to protect your web or mobile application better, even if you continue to use passwords.
- Understand the pros and cons of authentication types.
- Learn about how authentication APIs give the greatest flexibility.
After viewing the webinar, we welcome you to find out more about Authy, Twilio’s two-factor authentication service.