Find experts and specialist service providers.
A Physical-Presence-on-the-Internet (Cyber PPI) access model is the first step to cyber security. Until this process is adopted there can be no security. This is not to say the Cyber PPI is a silver bullet. At this point in the evolution of the cyber world the compounded mistakes make a silver bullet solution impossible.
We hear about two and recently three factor authentication as a way to verify credentials. This however is the deceived deceiving others. Two-Factor authentication, as deployed, is nothing more than an “Alternative Fact”. Data, no matter how complex the gathering method, is just one factor. Multiple steps to gather DATA is Multi-Step not Multi-Factor and certainly not TWO Factors.
Two-factor security requires two unique factors to meet this standard. What is shocking is that this needs to be stated!
The Two-Factor deception has been championed by major corporations: Apple’s two-factor deception: “Two-factor authentication is an additional layer of security designed to prevent unauthorized access to your account…” – from Apple’s customer email.Let’s examine this statement and separate fact from alternative fact. Let’s start with the sentence as displayed; the full claim is worse. There is nothing about the Apple fingerprint access model that provides two-factor authentication to any account!
This is where cyber security must begin: basic understanding. The fact that in 2017 this needs to be presented is shameful. Using the Apple model, they are providing two-factor authentication to access the device. This however extends no further than the device! Once a fingerprint accesses the device, all interaction with the Internet is just as insecure as any other browser-based access.
Then there are currently deployed two-factor token solutions. They all however suffer from the same deficiency as the Apple model. These solutions use browsers to navigate to portals and then data from the token is used as an extra credential. This is a Multi-Step approach requiring DATA multiple times to gain access. Again not two-factor!
The deception: All these solutions use only data, one-factor.
Active Access Control technology is Physical-Presence-on-the-Internet (Cyber PPI) and is the only current Two-Factor authentication system and methodology ever brought to market. Let me explain:
Cyber PPI begins with a PHYSICAL token that must be present to initiate a secure session and must be present throughout the session. If the token is removed the session implodes flushing all data, leaving no footprint. The token becomes a REQUIRED factor for secure interaction and it must ALWAYS be present for interaction.
This has a profound impact on cyber security. A token to create and maintain a portal to secure data, the Physical-Presence-on-the-Internet model provides for removal of public access to secure portals. Really think about this. A token creates a portal and is automatically directed to an obfuscated location for secure interaction. This results in reducing portal access from 7 billion browser-based devices to only the organization’s authenticated tokens.
The time for a scientific approach to cyber security has arrived. Risk Acceptance is connecting a server to the Internet. It is not Risk Acceptance to leave a portal open 24/7 in a browser-based environment. This is the CHOICE that was made and the risk was deemed acceptable. It is no longer acceptable!
Cyber Security requires willingness on the part of the tech industry to be honest with itself. All preconceptions and misconceptions must be put aside. “Explain it to me like I am a 5-year old” – Denzel Washington – Philadelphia. I remember being taught, many years ago, that nothing should be taken for granted. The tech industry needs to relearn this lesson.
Starting from NO preconceptions the questions to ask are: Can a browser that is designed to perform content surveillance be used for accessing secure data? Obviously not! This is where cyber security must begin. Remove the browser from the equation and take the next step. If browser-based access is removed: Is there a reason to host a portal to secure content on a public browser-based website? Again a no-brainer! Remove the portal and public access is removed.
These original mistakes led to compounded mistakes and patches that must now all be reevaluated. How much of the deployed security will no longer be valid or required? How much of the deployed security increased the weaknesses because the original mistakes were never addressed?
The solution to the cyber crisis is a CHOICE. The business, government and tech communities made the wrong CHOICE with public access to secure portals. It will take these same people to address the mistake or cover it up. One of these CHOICES leads to a more secure future … can you tell which one?
Cyber Safety Harbor, Your port in the cyber storm.
Article by channel:
Everything you need to know about Digital Transformation
The best articles, news and events direct to your inbox