In Data Security, It’s a Numbers Game
ADOPTION SHORTFALLS
Multifactor authentication is not new, Loeser says, noting that it has been available for the past 20 years or so. Sadly, though, few firms outside of the financial services arena have adopted multifactor authentication, most data security professionals agree.
"Adoption is not where it should be, not at all," says Bob Siegel, founder and CEO of Privacy Ref, a Boynton, Beach, Fla.–based privacy and security-consulting firm.
Ryan Wik, director of customer success at NuData Security, a Vancouver-based cybersecurity firm, calls the recent flurry of data breaches "a wake-up call" for companies that have typically relied on just one form of authentication to verify customers' identities.
The majority of online banking and shopping applications, Wik says, still require only email addresses and passwords for users to log in to their accounts.
But as more companies are faced with the harsh realities of cybercrime, adoption of multifactor authentication technology is bound to rise, industry experts predict.
Siegel just hopes it’s not too late. "People need to realize just how valuable customer data is," he says. "Hopefully, it will happen sooner than later."
Some research firm reports have estimated the current value of the multifactor authentication market at just slightly less than $2 billion. Market intelligence firm MarketsandMarkets expects it to reach $10.75 billion by 2020, growing at a rate of 19.98 percent compounded annually.
So far, of the firms that have adopted more than one factor for authentication, two seems to be the magic number, making up about 90 percent of all current deployments, according to MarketsandMarkets' research.
Many financial firms and other organizations, including Google, Facebook, Microsoft, Twitter, and Apple, are already using two-factor authentication.
One-time passwords and tokens have emerged as a preferred choice among firms that have adopted some form of multifactor authentication; they are considered very secure because the passwords they generate are only valid for a single session or transaction. In recent years, hardware tokens have been increasingly replaced by their software counterparts (soft tokens), which use either smartphone apps or the phones themselves to supply secret codes for authentication.
Digital certificates based on public/private key cryptography are also an effective authentication mechanism. Public key techniques have been adopted in many areas of information technology, including network security, operating systems security, application data security, and digital rights management.
PIQUING INTEREST
Enterprise mobility, virtualization, and cloud computing are among the major trends driving the multifactor authentication market forward. Government regulation is also likely to spur adoption. The Federal Financial Institutions Examination Council's 2005 guidelines recommending multifactor authentication as a way to secure financial transactions online drove many financial services firms to adopt the technology.
Part of the expected growth can also be attributed to the rise of biometrics, such as voice, fingerprint, retina, and facial scanning. The MarketsandMarkets report found that all authentication methods using more than two factors included some form of biometric scanning.
Voice biometrics alone has been growing during the past couple of years. According to Opus Research, the industry closed 2013 with more than $165 million in sales. That figure is expected to more than triple, exceeding $584 million, by 2017, representing a 37.2 percent compound annual growth rate, Opus Research reports.
Opus Research also identified approximately 150 voice biometric deployments worldwide already, with more than 70 million voiceprints on file. These voiceprints were provided voluntarily by customers, shattering the myth that customers don't want the technology or are unwilling to enroll their voiceprints, Dan Miller, founder and lead analyst at Opus Research, points out.
The report identifies Nuance Communications, VoiceTrust, Auraya Systems, Agnitio, SpeechPro, and VoiceVault as industry leaders.