If you look around during RSA Conference, you will notice there are a number of parallel events going on around Moscone Center. IOActive put together a few talks on Tuesday and Wednesday as part of their IOasis event. In the same vein, Nok Nok Labs hosted a panel discussion on the future of authentication on Thursday. This post comes courtesy of Girish Wadhwani, of Nok Nok Labs.
The panel was moderated by Jon Oltsik, senior princiapl analyst of ESG, and included Rhonda MacLean, CEO of MacLean Risk Partners, Giles Watkins, a partner from KPMG, and Phil Dunkelberger, CEO of Nok Nok Labs.
Oltsik kicked off the panel by asking why it was taking so long for the industry to embrace strong authentication. Increased adoption will be driven by consumers asking for strong authentication, Watkins said. However, authentication introduces friction, and consumers, unaware of the security benefits, are resistant to adopt new forms of authentication, Watkins said.
The consumer's tolerance for friction when it comes to authentication could be cultural, said Maclean. For example, U.S. consumers generally have low tolerance for any kind of friction, but consumers in the UK, who are already used to chip & PIN based authentication, seem to accept higher levels of friction. Consumers need to have a choice, Maclean said.
The slow adoption we are seeing in authentication is not a technology problem, as sophisticated authentication technology is already available in the market, Watkins said. It's a change management issue. The United Kingdom's GOV.UK.Verify program is an example of an agency making huge investments to change people’s perception of security, Watkins said.
Dunkelberger highlighted the issue of divergence he sees within organizations. The risk management teams want to use security mechanisms for protection, but other groups often tolerate security gaps and view the impact of data breaches as a cost of doing business. Dunkelberger cited a recent Ponemon report which found breaches could incur significant additional costs such as customer churn, which is a cost often not taken into account by companies.
Boards of Directors are increasingly concerned about security, Maclean said. She is seeing more candidates with risk management experience being recruited by company boards.
Dunkelberger said he has measured optimism that the authentication problem will be addressed. The fact that more and more vendors are joining the FIDO (Fast Identity Online) Alliance and working together towards increasing security and usability is an encouraging sign. Dunkelberger said the vision of a widespread secure and convenient online environment was a real and impending reality.