Consumers and companies today rely on the Internet to perform all manner of tasks, from conducting business, to buying and selling personal items to managing their lives, friendships and family interactions. However, working and living online exposes everyone to successive waves of hacks, scams, and other digital exploits – threats unimagined only a few years ago.
Enterprise IT and corporate management are spending increasing time, energy, and funds on securing digital and physical assets with technology of growing complexity. Strong encryption, multifactor biometrics, intrusion detection, anti-malware software and other advanced security measures provide necessary protection against a range of threats, but a simple truth remains: Verification before a transaction (or a security breach) occurs is always cheaper and more effective than attempting to remedy the consequences of failing to do so.
Internet security today is built on a fragile combination of robust transport authentication mechanisms like SSL and SSH, strong public and private key encryption, and password and CAPTCHA regimes. Unfortunately, encryption and transport security do little to address vulnerabilities at the endpoints — servers and the personal devices used to access them. And, authentication solutions such as passwords, CAPTCHA and tokens have been shown to be vulnerable to attack.