In-Depth

Authentication: Three Critical Steps for Every Organization

Yankee Group predicts large growth in the authentication market. Here are three things every organization needs to do to ensure users are who they say they are.

• By Mathew Schwartz
• 09/17/2003

As Web application deployments increase and Web services continue to grow, expect a greater demand for secure authentication of users by business partners, predicts Eric Ogren, an analyst with the Yankee Group. Ogren says businesses will increasingly embrace two-factor authentication. That is, in addition to a password, they’ll employ a second mechanism—perhaps a biometric reader or a credit-card-size secure identification card—to better ensure that when a user logs on, it’s really that user.

This demand will push the authentication market from $1.4 billion this year to $2.4 billion in 2008, a compound growth rate of almost 12 percent, says Yankee Group. It classifies the market as not only general authentication software and hardware but also passwords, tokens, digital certificates, and biometric devices. U.S. government investments in homeland security should help boost the market, with $823 million slated for information infrastructure protection next year. Of course, Congress has recently squashed similar requests.

With authentication growing in popularity, Ogren recommends businesses concentrate on three things.

First, “focus on tokens that use passwords fields,” he says, as opposed to authentication that requires additional software or hardware on users’ PCs to work. Users shun things that require too much additional work, and organizations face drastically increased support costs when installing devices end users find difficult.

Second, Ogren says companies should simply make two-factor authentication mandatory for employees connected remotely via secure sockets layer (SSL) or virtual private network (VPN).

Finally, he says organizations should “synchronize passwords across applications” in order to make life easier for users, and ease calls to the help desk.

As companies evaluate vendors, Ogren singles out the most well-positioned vendors as: RSA Security, the dominant network authentication vendor; VeriSign, which is well known for its digital certificate services; and Identix, the biometric market leader. Other market leaders include Entrust and Viisage Technology.

However, notes Ogren, companies shopping for authentication should also consider up-and-comers A4Vision, Communicator, and Lightbridge, which will increasingly give the market leaders a run for their money.