Digital identity and credentials expert Intercede announced MyID as a Service (MyIDaaS), a convenient and affordable cloud-based ‘strong credentials’ service for enterprises. With 25% of breaches involving ‘internal actors’, and 81% of hacking related breaches exploiting stolen or weak passwords[1], user authentication is currently the weakest link in the security chain and the potential for catastrophic business impact is real.
To navigate this environment, MyIDaaS removes the need for passwords completely, replacing them with unique, highly secure, government-grade digital identities and an authentication process that enhances the user experience. Critically, MyIDaaS is designed to provide this level of security in a cost-effective manner, allowing enterprises to strengthen authentication methods without compromising budgets.
Recognising the vulnerabilities associated with today’s digital economy, regulators across the world are establishing rules to ensure that security not only catches up with internet development but seeks to “future proof” interconnectivity from emerging threats.
For example in the US, President Trump’s Executive Order on Cybersecurity requires public and private providers of critical infrastructure and digital services to ensure that the highest recommended standards for cybersecurity are applied universally. This is manifest in New York State 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies. NIST Special Publication 800-171 for government contractors also mandates multi-factor authentication to ensure enhanced levels of identity assurance.
In Europe, the Second Payment Services Directive (PSD2), the General Data Protection Regulations (GDPR) and the Markets in Financial Instruments and Derivatives (MiFID II) Directive, all mandate enhanced levels of digital trust enabled by strong customer authentication. These international regulatory frameworks create a large global market for password replacement technologies, which MyIDaaS has been specifically designed to satisfy. By adhering to the most stringent of regulations all companies, regardless of sector and size, can meet compliance obligations quickly and with ease.
The latest solution from Intercede has been created by envisioning and reengineering the company’s existing MyID solution to operate as a secure, self-service, multi-tenanted Cloud service. It is designed to enable organizations to replace employee passwords with more secure and convenient digital identities on real or virtual smart cards, pluggable tokens, mobile devices and embedded security modules. The solution manages the lifecycle of credentials, for example revoking them if a user leaves an organization or updating them in advance of the credentials expiring.
“Regardless of the organization in question, weak or compromised credentials continue to be today’s security downfall. Usernames and passwords are the number one cause of the majority of data breaches. While there have been solutions to this problem for a number of years, most of them have been inaccessible to companies with limited IT budgets, scarce resources and a lack of in-house security skills,” said Richard Parris, CEO of Intercede.
“For over 20 years, Intercede has been at the forefront of securing some of the most sensitive and critical industries, including defense, aerospace, government and financial institutions. Through MyIDaaS, we’re now offering that same level of security to businesses, without the pain of infrastructure overhaul or hefty costs. This is a game changer for enterprises of all sizes who need to comply with new regulations for protecting customer information but lack the necessary budget and cyber security expertise to build their own digital trust solutions.”
MyID is currently deployed by governments and defense companies to secure some of the world’s most sensitive data. MyIDaaS brings that same government-grade security to businesses to significantly reduce their exposure to cyber-attack. The service packages digital credential deployment into an easily-consumed cloud service. Businesses using the service will be provided with a dedicated certification authority and the ability to deploy digital identities on to hardware-secured zones within existing enterprise computers and devices. This includes Intel Authenticate or IPT on Intel powered computers and Trusted Platform Modules on platforms running Microsoft operating systems. Future support for physical smart cards, smartphones and Internet-of-Things connected devices is planned.