Building Online Trust and Protecting Corporate Information Assets

The Benefits of eFinance are at Risk
The benefits and savings associated with eFinance are at risk and are raising grave concern for both the institutions and their customers. Computer-based eFinance systems have provided great value to the financial institutions by simplifying internal operations and streamlining complex business processes. eFinance has also allowed financial institutions to expand operations while reducing the number of staff and physical banking sites. Banking customers greatly benefit from its convenient “anytime, anywhere” online access to their accounts for account status, bill payment and service requests. However, customers will not continue to put their funds and identities at risk if they don’t trust the institutions who are supposed to be protecting their interests.

Phishing for Attention
Phishing is the malicious act of hackers who send out fake emails that encourage users to log on to what appears to be their online bank’s website in order to capture their credentials to access and exploit the accounts’ assets- usually in the form of money. Phishing attacks have been primarily targeted at financial institutions and, by all accounts, have very successful in their goal to exploit human nature as a means to a very fruitful end.

The success of these perpetrators has conversely caused very real and considerable harm to companies that rely upon the Internet to provide financial transactions. Most notably are corporations such as Wells Fargo, Bank of America and eBay. In the past year, over 2 million online consumers have reported losing money due to phishing attacks. The frequency and effectiveness of these security breaches directly undermine consumers’ trust and often results in decreased online banking transactions.

Spyware By Any Other Name…
Software viruses and Trojans have easily and effectively embedded themselves on helpless computers, both at home and at the office, and have also resulted in compromised passwords and breached online accounts. The consequences are lost funds and offended customers. Even though anti-virus software is widely used, computers are still being penetrated with spyware applications that improperly disclose confidential information.

The Pursuit of Secured Convenience
Ironically, as trust is being eroded, the business and client demands for online financial transactions continue to grow. Both want expanded online services, but supported within a secure environment. The horse is out of the stable and there’s no real option of reeling her back in. Companies who rely on online financial exchange continue to pursue true security and privacy solutions that directly support their business goals and client demands.

However, the pursuit has often resulted in the adaptation of various tactical products that provide only single-factor or limited technical capabilities to address a multi-factor business need. Typical, global business needs includes requirements such as trusted and secure email; effective data protection of electronic files- regardless where they are electronically stored; and strong authentication of staff, business partners and customers to provide assured access to their financial information and assets.

The Need for Assured Access (Strong Authentication)
First and foremost, weak authentication will always result in weak security. The sole use of user-names and passwords to verify the identity of users with the intent of providing access to confidential information is widely recognized as highly risky. Due to the numerous vulnerabilities and threats associated with single-factor password authentication has resulted in companies forcing their staff to change their password on a very frequent basis and using very complex attributes to include “at least one upper case letter, a number and a special character.” The complexity of the password becomes so obscure that users, including security professionals, often result to writing the password down or saving it in a spreadsheet. Now consider the users’ frustration for doing this for at least four or more accounts!

The growing acceptance of strong 2-factor authentication definitely results in providing more secure access. The implementations of technologies such as one-time-password tokens and fingerprint biometrics have gained respectable levels of success. However, users often see these as relatively complex solutions which can be difficult to deploy and use. Without strong user acceptance of any solution, there is little likelihood of it being an effective tool. Effective security must embrace solutions that are easy to deploy, easy to use and affordable. If not, users will work around the security measures to meet their access needs, such as writing down their passwords.

The Need to Protect Data Files and Email
Corporations have implemented a number of security products to meet these complex and diverse business demands. To secure their confidential emails, they have installed SSL-enabled products that easily encrypt email traffic while being sent or received. However, once the data is stored locally on the computer, there is no further protection. So, the confidential data is now vulnerable to spyware threats and physical theft.

So to supplement there secure email capability, they also purchase products that provide whole-disk encryption that provides an encrypted shell for all the data on the laptop. However, even these products often fail to provide effective protection that defends against spyware attacks such as key log strokers and covert emailing of confidential files since the whole-disk encryption products do not encrypt emails. So the pursuit, the cost and frustration continues.

Data Here, Data There, Data Everywhere
As companies realize and identify the confidential data that they create, collect and disseminate, they should also understand how and where that confidential data is stored. The prevalence of mobile mass media storage devices such as recordable CDs and DVDs, as well as the prevailing USB hard drives that now store up to 2 GB of information, have become commonplace for businesses and customers. The same data protection concerns for protecting confidential and sensitive information on the computers itself should also easily extend to the mobile storage devices they support.

The whole-disk encryption technologies do not always extend to mobile storage devices or has limited support for select device formats, such as USB-only. So, to further complete their quest to effectively protect data, yet another software application may be needed. This incurs additional cost, administration and training- all of which are unattractive obligations.

A Strategic Approach
Undoubtedly, financials institutions are increasingly appreciating their duties to protect their corporate information assets and the confidential information and identities of their customers. Trust is a value proposition which can secure customer loyalty. However, the desire to further deliver a client-centric trustworthy computing experience can be a formidable and expensive endeavor. To build a similar internal business operations environment can be duplicitous in both cost and time. Many institutions have opted to purchase multiple, single- factor point products such as those previously mentioned. This approach increases the level of difficulty for administrators to deploy and manage as well as making it more complicated for customers to use. It’s also the most costly approach. A more strategic approach for protecting data is needed to leverage the existing eFinance computing investment, simplify the deployment for administrators and users, and show a clear cost benefit.

A Strategic Solution- Digital Certificates
There are few technologies available that provide the data protection capabilities for strong user authentication, strong data encryption and document integrity validation all within a single, integrated framework. Digital certificates (digital IDs) offer all of these benefits, and more. Digital certificates technologies have evolved from being too complex, too hard and too expensive. Delivered as a managed service through notable and respected companies such as VeriSign and GeoTrust, the complexity and cost are now much more manageable. Corporations and consumers can obtain their trusted digital IDs which, based on both federal and state laws, is the equivalent of their physical IDs, such as drivers’ licenses or passports.

However, that’s only part of the puzzle. By themselves, digital IDs are little more than a technology that still needs to be associated with a user-centric application to be considered to be a business solution. While there are now numerous enterprise off-the-shelf applications that are digital ID-enabled, that task of obtaining those IDs and then having them associated with the application is no minor feat and has been the definitive challenge for digital IDs being accepted as a more widespread and mainstream solution for strong user authentication and data protection of digital information. Much like the past delivery issues with broadband DSL to the home, it’s the final mile that is the biggest issue.

CipherPass’ C~suite Strategic Solution
CipherPass Corporation was formed to address the issues for deploying and using digital IDs to the enterprise and to their customers. We solved the problem of digital ID deployment and use deliver the “last mile” solution. Our flagship application, C~suite, simplifies the deployment process to the point that thousands of trusted digital IDs can be deployed and used in a matter of minutes. Our approach embraces the notion of easy to deploy, easy to use and affordability.

C~suite also provides the following key services:
• Automatic configuration and association of the digital ID with Microsoft’s Outlook/Outlook Express clients (Novell’s GroupWise, IBM’s Lotus Notes and Eudora email clients are also supported)
o Protects emails and its attachments both on the computer and while being sent
o Strong authenticates outgoing emails so recipients can easily know that they truly were sent by you

• Provides a secure file and folder capabilities, based on AES encryption, that closely resemble Microsoft’ Windows Explorer which makes it easy to use and strong protected.
o Encrypted files can be transferred to recordable CDs, DVDs, USB hard drives and even floppies
o If the data is lost or stolen, no one else can read the file contents

• Offers hardware tokens (USB or smart cards) to securely store users’ digital IDs for mobility and to provide strong 2-factor authentication.
o May replace the Window’s password logon experience with a token and a simple PIN (works in the same manner as banking ATM machines)
o Provides universal access to digital ID-enabled secure online banking websites

These are just a sampling of the benefits associated with digital IDs and their supporting applications. Every major software vendor, including IBM, Adobe, Oracle and Cisco, are enabling digital ID technologies in most of their latest applications. This further justifies digital IDs being a strategic approach rather than a simple point solution of multiple, non-integrated products. This is not a throw away technology and is gaining global user acceptance for its multi-use abilities.

Conclusion
CipherPass understands the challenges facing financial organizations in selecting the most effective solutions that are also easy for their staff and customers to use. CipherPass also appreciates the financial budget limitations of these organizations for selecting reasonable security and privacy solutions to protect private and confidential information. CipherPass’ C~suite solution set meets the criteria of secure, easy to use and being cost-effective. As compared to other competing security products, C~suite also provides an important and distinct capability of digitally signing electronic documents and emails. Documents digitally signed with C~suite meet the federal and state requirements for being legally admissible in a court of law. No other product can provide this level of electronic trust and assurance.

This article provides a realistic view of the true business value of C~suite and its use of trusted digital certificates to deliver robust data protection as compared to other leading competing products. It provides the most protection at an affordable and competitive price. You decide.