Technology continues to evolve and improve our daily lives at a pace we have never seen before in history. Incredible new possibilities we didn’t even think were possible 5 years ago now seem a distant past and an obvious part of our lives today. We don’t want anything to come in our way of progress and the new gadgets that we love. If you look at your phone there are tons of apps right at your fingertips, many with a login and password. With fingerprint enabled devices you don’t even think about this anymore. Similar can be said about Google’s auto-fill on passwords.
But have you given security a thought?
According to Microsoft about 63 percent of all network intrusions and data breaches are due to compromised user credentials. And once a hacker gets into the network, he spends a whopping 146 days before being detected. According to data from Juniper Research, the cost of a data breach is $3.8 million today but will increase by a massive 3,947% to over $150 million by 2020.
When we speak to organization using SCD they mention a lot of different parts of the system that they would like to see enhanced. But lately we noticed that there is a common thread when it comes to the technology part of the system: namely added or enhanced security around their infrastructure.
In SCD, passwords are secured via the Oracle database and you have an option to do a seamless logon via Kerberos. This is all proven and well working security but let us be candid: it is slowly becoming non-market standards. More and more systems are turning to two-factor authentications for sensitive data to prevent hackers gaining access by having to go through two or more layers of security rather than just one.
So, what is two-factor authentication?
In short it means that you need two means of authenticating to verify that it truly is you trying to access the data. Typically, this is done by a regular user password and some 3rd party code. That code can be an RSA token code, a code provided to your phone or even an app on your phone asking you to confirm you are trying to access data on another piece of hardware.
Why is it important?
In today’s world, we see that platforms such as SimCorp Dimension® are integrated with a lot of other systems, meaning that nefarious people that try to gain access, can end up with a whole lot more than just your data. They could get away with your money too. This can to some extend be prevented by having internal processes and controls in place, but shouldn’t the system be properly locked down in the first place, instead of relying on four eyes procedures and other safety measures taken to prevent fraud?
If you agree with everything you just read, please drop us a line or write a comment to this post and let us know what you think. We would like to know how important this is to you and your organization. Your opinion matters and Dimensional Community is here to help you as a user.
It is time to take security seriously.