Factor ThisBy David Strom | Posted 2008-06-26 Email Print
There’s a lot to consider before you implement two-factor authentication, because it touches your enterprise infrastructure, applications and networks.
Before you invest in any two-factor authentication solution, review your portfolio of applications, user logins, and other items that require credentials or passwords. Then consider:
- How much of this infrastructure do you want to augment with two-factor methods? Implement the applications that are most at risk and contain the most sensitive data, and work your way down. OhioHealth began by deploying remote access and then moved on to its medication ordering systems, while the University of Minnesota began with mission-critical enterprise applications.
- Do you require Microsoft Active Directory integration, or can you spare the time to do the integration yourself? Voice Verified and RSA’s SecurID both require extra time for Active Directory integration; some solutions include more direct support.
- Do you want to use second factors for remote access, such as through a Virtual Private Network or a Citrix terminal server? Some products, such as Safe Word and MultiFactor, support various VPN gateways directly, minimizing installation hassles.
- How many users will you require to use the second-factor method? Are they internal staff, customers or business partners? Some companies begin pilots with a select group of IT staff and work outward. You will get user distress calls with any system, so prepare to train support people. The University of Minnesota deployed the M Key technology to small numbers of users over several months: “We didn’t want to send out 5,000 tokens in one week and overwhelm our support resources,” says Powell.
- Can you deliver tokens to your users, or must you use nontoken methods? OhioHealth needed a solution that allowed offsite doctors to order prescriptions for their patients, for instance.
- How do you delete or replace a lost token? Each vendor takes a slightly different approach, so this, like other aspects of two-factor authentication that affect your enterprise infrastructure, applications and networks, is worth further investigation.