Posachedwa, kampani yofufuza ya Javelin Strategy & Research idasindikiza lipoti, "The State of Strong Authentication 2019." Ozipanga ake adasonkhanitsa zambiri zokhudzana ndi njira zovomerezeka zomwe zimagwiritsidwa ntchito m'mabungwe amakampani ndi ntchito za ogula, ndipo adapanganso chidwi chokhudza tsogolo la kutsimikizika kolimba.
Kumasulira kwa gawo loyamba ndi mfundo za olemba lipoti, ife . Ndipo tsopano tikukuwonetsani gawo lachiwiri - ndi data ndi ma graph.
Kuchokera kwa womasulira
Sindingathe kukopera chipika chonse cha dzina lomwelo kuchokera kugawo loyamba, koma ndibwereza ndime imodzi.
Ziwerengero zonse ndi zowona zimaperekedwa popanda kusintha pang'ono, ndipo ngati simukugwirizana nazo, ndiye kuti ndibwino kuti musatsutsane ndi womasulira, koma ndi olemba lipoti. Ndipo nazi ndemanga zanga (zolembedwa ngati mawu, zolembedwa m'mawu Chitaliyana) ndi chiweruzo changa chamtengo wapatali ndipo ndidzakhala wokondwa kukangana pa aliyense wa iwo (komanso ubwino wa kumasulira).
Kutsimikizika kwa Wogwiritsa
Kuyambira chaka cha 2017, kugwiritsa ntchito kutsimikizika kwamphamvu pamapulogalamu ogula kwakula kwambiri, makamaka chifukwa cha kupezeka kwa njira zotsimikizira za cryptographic pazida zam'manja, ngakhale kuti ndi makampani ochepa okha omwe amagwiritsa ntchito kutsimikizika kwamphamvu pakugwiritsa ntchito intaneti.
Ponseponse, kuchuluka kwamakampani omwe amagwiritsa ntchito kutsimikizika kolimba mubizinesi yawo kuwirikiza katatu kuchoka pa 5% mu 2017 kufika pa 16% mu 2018 (Chithunzi 3).
Kuthekera kogwiritsa ntchito kutsimikizika kolimba pamapulogalamu apa intaneti kukadali kochepa (chifukwa chakuti mitundu yatsopano yokha ya asakatuli ena imathandizira kuyanjana ndi zizindikiro za cryptographic, komabe vutoli likhoza kuthetsedwa mwa kukhazikitsa mapulogalamu owonjezera monga ), makampani ambiri amagwiritsa ntchito njira zina zotsimikizira pa intaneti, monga mapulogalamu a zida zam'manja zomwe amapanga mawu achinsinsi kamodzi.
Makiyi a Hardware cryptographic (apa tikutanthauza okhawo amene amatsatira mfundo za FIDO), monga zoperekedwa ndi Google, Feitian, One Span, ndi Yubico zitha kugwiritsidwa ntchito potsimikizira mwamphamvu popanda kukhazikitsa mapulogalamu owonjezera pamakompyuta apakompyuta ndi laputopu (chifukwa asakatuli ambiri amathandizira kale WebAuthn muyezo kuchokera ku FIDO), koma 3% yokha yamakampani amagwiritsa ntchito izi kuti alowetse ogwiritsa ntchito awo.
Kuyerekeza kwa zizindikiro za cryptographic (monga ) ndi makiyi achinsinsi omwe akugwira ntchito molingana ndi miyezo ya FIDO sapitirira malire a lipotili, komanso ndemanga zanga kwa izo. Mwachidule, mitundu yonse ya zizindikiro imagwiritsa ntchito ma algorithms ofanana ndi mfundo zogwirira ntchito. Zizindikiro za FIDO pakali pano zimathandizidwa bwino ndi ogulitsa osatsegula, ngakhale izi zisintha posachedwa ngati asakatuli ambiri amathandizira . Koma ma tokeni akale a cryptographic amatetezedwa ndi PIN code, amatha kusaina zikalata zamagetsi ndikugwiritsa ntchito kutsimikizika kwazinthu ziwiri mu Windows (mtundu uliwonse), Linux ndi Mac OS X, ali ndi ma API azilankhulo zosiyanasiyana zamapulogalamu, kukulolani kuti mugwiritse ntchito 2FA ndi zamagetsi. siginecha pamakompyuta, mafoni ndi mawebusayiti, ndi ma tokeni opangidwa ku Russia amathandizira ma aligorivimu aku Russia a GOST. Mulimonsemo, chizindikiro cha cryptographic, mosasamala kanthu kuti chimapangidwa ndi chiyani, ndiyo njira yodalirika komanso yabwino yotsimikizira.
Kupitilira Chitetezo: Ubwino Wina Wakutsimikizira Kwamphamvu
Ndizosadabwitsa kuti kugwiritsa ntchito kutsimikizika kolimba kumalumikizidwa kwambiri ndi kufunikira kwa data yomwe bizinesi imasunga. Makampani omwe amasunga Information Personal Identifiable Information (PII), monga manambala a Social Security kapena Personal Health Information (PHI), amakumana ndi chikakamizo chazamalamulo ndi malamulo. Awa ndi makampani omwe ali olimbikitsa kwambiri kutsimikizira mwamphamvu. Kuponderezedwa kwa mabizinesi kumakulitsidwa ndi ziyembekezo za makasitomala omwe akufuna kudziwa kuti mabungwe omwe amawadalira ndi data yawo yovuta kwambiri amagwiritsa ntchito njira zotsimikizika zolimba. Mabungwe omwe amagwiritsa ntchito PII kapena PHI ndizovuta kwambiri kuwirikiza kawiri kuti agwiritse ntchito zotsimikizira mwamphamvu kuposa mabungwe omwe amangosunga zidziwitso za ogwiritsa ntchito (Chithunzi 7).
Tsoka ilo, makampani sanafunebe kugwiritsa ntchito njira zotsimikizika zolimba. Pafupifupi gawo limodzi mwa magawo atatu a opanga zisankho zamabizinesi amawona mawu achinsinsi ngati njira yotsimikizirika yothandiza kwambiri pakati pa onse omwe alembedwa pa chithunzi 9, ndipo 43% amawona mawu achinsinsi ngati njira yosavuta yotsimikizira.
Tchatichi chimatitsimikizira kuti opanga mapulogalamu abizinesi padziko lonse lapansi ndi ofanana... Sawona phindu lokhazikitsa njira zotetezera zopezera akaunti ndikugawana malingaliro olakwika omwewo. Ndipo zochita zokha za owongolera zimatha kusintha zinthu.
Tisagwire mawu achinsinsi. Koma muyenera kukhulupirira chiyani kuti mukhulupirire kuti mafunso otetezeka ndi otetezeka kuposa zizindikiro za cryptographic? Mphamvu ya mafunso olamulira, omwe amangosankhidwa, adayesedwa pa 15%, osati zizindikiro zowonongeka - 10 okha. Osachepera yang'anani filimuyo "Illusion of Deception", kumene, ngakhale mu mawonekedwe ophiphiritsira, akuwonetsedwa mosavuta amatsenga. adakokera zinthu zonse zofunika kuchokera ku mayankho abizinesi-obera ndikumusiya wopanda ndalama.
Ndipo mfundo inanso yomwe imanena zambiri za ziyeneretso za iwo omwe ali ndi udindo wamakina achitetezo pazogwiritsa ntchito. Mukumvetsetsa kwawo, njira yolowera mawu achinsinsi ndi ntchito yosavuta kuposa kutsimikizira pogwiritsa ntchito chizindikiro cha cryptographic. Ngakhale, zikuwoneka kuti zingakhale zophweka kulumikiza chizindikirocho ku doko la USB ndikulowetsa PIN code yosavuta.
Chofunika kwambiri, kukhazikitsa chitsimikiziro champhamvu kumalola mabizinesi kusiya kuganizira za njira zotsimikizira ndi malamulo oyendetsera ntchito zomwe zimafunikira kuti aletse ziwembu zachinyengo kuti akwaniritse zosowa zenizeni za makasitomala awo.
Ngakhale kutsata malamulo ndi chinthu chofunikira kwambiri kwa mabizinesi onse omwe amagwiritsa ntchito kutsimikizika kolimba ndi omwe sagwiritsa ntchito, makampani omwe amagwiritsa ntchito kale chitsimikiziro champhamvu amatha kunena kuti kuwonjezera kukhulupirika kwamakasitomala ndichinthu chofunikira kwambiri chomwe amalingalira poyesa kutsimikizika. njira. (18% vs. 12%) (Chithunzi 10).
Kutsimikizika kwa Enterprise
Kuyambira 2017, kukhazikitsidwa kwa kutsimikizika kolimba m'mabizinesi kwakhala kukukulirakulira, koma pamlingo wochepa pang'ono poyerekeza ndi zomwe ogwiritsa ntchito amagula. Gawo la mabizinesi omwe amagwiritsa ntchito kutsimikizika kolimba kudakwera kuchokera ku 7% mu 2017 mpaka 12% mu 2018. Mosiyana ndi ntchito za ogula, m'malo abizinesi kugwiritsa ntchito njira zotsimikizira mawu achinsinsi ndizofala kwambiri pamapulogalamu apa intaneti kuposa pazida zam'manja. Pafupifupi theka la mabizinesi anena kuti amagwiritsa ntchito mayina olowera ndi mawu achinsinsi okha kuti atsimikizire ogwiritsa ntchito polowa, ndipo m'modzi mwa asanu (22%) amadaliranso mawu achinsinsi kuti atsimikizire zachiwiri mukapeza deta yovuta (XNUMX%).ndiko kuti, wogwiritsa ntchito amayamba kulowa mu pulogalamuyi pogwiritsa ntchito njira yosavuta yotsimikizira, ndipo ngati akufuna kupeza deta yovuta, adzachitanso njira ina yotsimikizira, nthawi ino nthawi zambiri amagwiritsa ntchito njira yodalirika.).
Muyenera kumvetsetsa kuti lipotilo silimaganizira kugwiritsa ntchito zizindikiro za cryptographic kwa kutsimikizika kwazinthu ziwiri mu machitidwe opangira Windows, Linux ndi Mac OS X. Ndipo izi ndizo zomwe zimagwiritsidwa ntchito kwambiri pa 2FA. (Kalanga, ma tokeni opangidwa molingana ndi miyezo ya FIDO amatha kukhazikitsa 2FA kokha Windows 10).
Komanso, ngati kukhazikitsidwa kwa 2FA pa intaneti ndi mafoni kumafuna njira zingapo, kuphatikizapo kusinthidwa kwa mapulogalamuwa, ndiye kuti mugwiritse ntchito 2FA mu Windows muyenera kukonza PKI (mwachitsanzo, kutengera Microsoft Certification Server) ndi ndondomeko zovomerezeka. mu AD.
Ndipo popeza kuteteza malowedwe ku PC yantchito ndi domeni ndichinthu chofunikira kwambiri poteteza deta yamakampani, kukhazikitsidwa kwa kutsimikizika kwazinthu ziwiri kukuchulukirachulukira.
Njira ziwiri zotsatirazi zodziwika bwino zotsimikizira ogwiritsa ntchito polowa ndi mawu achinsinsi anthawi imodzi operekedwa kudzera mu pulogalamu yosiyana (13% yamabizinesi) ndi mapasiwedi anthawi imodzi operekedwa kudzera pa SMS (12%). Ngakhale kuti kuchuluka kwa kugwiritsa ntchito njira zonsezi ndi zofanana kwambiri, OTP SMS nthawi zambiri imagwiritsidwa ntchito kuonjezera mlingo wa chilolezo (mu 24% yamakampani). (Chithunzi 12).
Kuwonjezeka kwa kugwiritsidwa ntchito kwa kutsimikizika kwamphamvu m'bizinesi kutha kukhala chifukwa chakuchulukirachulukira kwa kutsimikizika kwachinsinsi chachinsinsi pamapulatifomu owongolera mabizinesi (mwanjira ina, mabizinesi a SSO ndi ma IAM aphunzira kugwiritsa ntchito ma tokeni).
Pakutsimikizira kwa mafoni a ogwira ntchito ndi makontrakitala, mabizinesi amadalira kwambiri mawu achinsinsi kuposa kutsimikizika pamapulogalamu ogula. Opitilira theka (53%) amabizinesi amagwiritsa ntchito mawu achinsinsi potsimikizira mwayi wogwiritsa ntchito deta yamakampani kudzera pa foni yam'manja (Chithunzi 13).
Pankhani ya mafoni a m'manja, wina angakhulupirire mphamvu zazikulu za biometrics, ngati sizinthu zambiri zala zala zabodza, mawu, nkhope komanso irises. Funso limodzi la injini zosakira liwonetsa kuti njira yodalirika yotsimikizira za biometric kulibe. Zomverera zolondola kwenikweni, zilipo, koma ndizokwera mtengo kwambiri komanso zazikulu kukula - ndipo sizinayikidwe m'mafoni am'manja.
Choncho, njira yokhayo ya 2FA yogwira ntchito pazida zam'manja ndikugwiritsa ntchito zizindikiro za cryptographic zomwe zimagwirizanitsa ndi foni yamakono kudzera pa NFC, Bluetooth ndi USB Type-C interfaces.
Kuteteza deta yamakampani ndi chifukwa chachikulu chopangira ndalama zotsimikizira zopanda mawu (44%), zomwe zikukula mwachangu kuyambira 2017 (kuwonjezeka kwa magawo asanu ndi atatu). Izi zikutsatiridwa ndi chitetezo cha nzeru (40%) ndi deta ya ogwira ntchito (HR) (39%). Ndipo zikuwonekeratu chifukwa chake - sikuti mtengo wokhudzana ndi mitundu iyi ya data umadziwika kwambiri, koma ndi antchito ochepa omwe amagwira nawo ntchito. Ndiko kuti, ndalama zoyendetsera ntchito sizili zazikulu kwambiri, ndipo anthu ochepa okha ndi omwe amafunika kuphunzitsidwa kuti azigwira ntchito ndi dongosolo lovomerezeka lovomerezeka. Mosiyana ndi izi, mitundu ya data ndi zida zomwe ogwira ntchito m'mabizinesi ambiri amapeza nthawi zonse zimatetezedwa ndi mawu achinsinsi. Zolemba za ogwira ntchito, malo ogwirira ntchito, ndi maimelo amakampani ndi madera omwe ali pachiwopsezo chachikulu, popeza gawo limodzi mwa magawo atatu a mabizinesi amateteza zinthu izi ndi kutsimikizika kopanda mawu achinsinsi (Chithunzi 14).
Nthawi zambiri, imelo yamakampani ndi chinthu chowopsa komanso chowotcha, kuchuluka kwa chiwopsezo chomwe chingakhale chocheperako ndi ma CIO ambiri. Ogwira ntchito amalandira maimelo ambiri tsiku lililonse, ndiye bwanji osaphatikizirapo maimelo achinyengo amodzi (ndiko kuti, mwachinyengo) pakati pawo. Kalata iyi ikonzedwa molingana ndi zilembo za kampani, kotero wogwira ntchitoyo azikhala womasuka kudina ulalo wa kalatayi. Chabwino, ndiye chilichonse chitha kuchitika, mwachitsanzo, kutsitsa kachilombo pamakina omwe akuwukiridwa kapena mawu achinsinsi omwe akutuluka (kuphatikiza kudzera paukadaulo wamagulu, polowetsa fomu yotsimikizira yabodza yopangidwa ndi wowukirayo).
Kuti zinthu ngati izi zisachitike, maimelo ayenera kusaina. Kenako zidzadziwikiratu kuti ndi kalata iti yomwe idapangidwa ndi wogwira ntchito yovomerezeka komanso ndi wowukira. Mu Outlook/Exchange, mwachitsanzo, masiginecha amagetsi opangidwa ndi cryptographic token amayatsidwa mwachangu komanso mosavuta ndipo atha kugwiritsidwa ntchito molumikizana ndi kutsimikizika kwazinthu ziwiri pama PC ndi madomeni a Windows.
Pakati pa oyang'anira omwe amadalira kutsimikizika kwa mawu achinsinsi mkati mwa bizinesi, magawo awiri mwa atatu (66%) amatero chifukwa amakhulupirira kuti mawu achinsinsi amapereka chitetezo chokwanira pamtundu wa chidziwitso chomwe kampani yawo ikufunika kuteteza (Chithunzi 15).
Koma njira zotsimikizirika zamphamvu zikuchulukirachulukira. Makamaka chifukwa chakuti kupezeka kwawo kukuwonjezeka. Kuchulukirachulukira kwa kachitidwe ka identity and access management (IAM), asakatuli, ndi makina ogwiritsira ntchito amathandizira kutsimikizira pogwiritsa ntchito zizindikiro za cryptographic.
Kutsimikizira mwamphamvu kuli ndi ubwino wina. Popeza mawu achinsinsi sagwiritsidwanso ntchito (m'malo mwa PIN yosavuta), palibe zopempha kuchokera kwa ogwira ntchito omwe amawafunsa kuti asinthe mawu achinsinsi omwe aiwalika. Zomwe zimachepetsa katundu pa dipatimenti ya IT yamakampani.
Zotsatira ndi zomaliza
- Oyang'anira nthawi zambiri sakhala ndi chidziwitso chofunikira kuti awunike zenizeni mphamvu ya zosankha zosiyanasiyana zotsimikizira. Azolowera kudalira otere zachikale njira zachitetezo monga mawu achinsinsi ndi mafunso achitetezo chifukwa "zinagwira ntchito kale."
- Ogwiritsa akadali ndi chidziwitso ichi Zochepa, kwa iwo chinthu chachikulu ndi kuphweka ndi kuphweka. Malingana ngati alibe cholimbikitsa chosankha njira zotetezeka kwambiri.
- Madivelopa a mwambo ntchito zambiri palibe chifukwakukhazikitsa kutsimikizika kwazinthu ziwiri m'malo motsimikizira mawu achinsinsi. Mpikisano pamlingo wachitetezo pakugwiritsa ntchito ogwiritsa ntchito akusowa.
- Full udindo kuthyolako zasinthidwa kwa wogwiritsa. Anapereka mawu achinsinsi anthawi imodzi kwa wowukirayo - wolakwa. Mawu anu achinsinsi adalandidwa kapena kuziwona - wolakwa. Sizinafunikire wopanga mapulogalamu kuti agwiritse ntchito njira zotsimikizika zodalirika pazogulitsa - wolakwa.
- Kulondola woyang'anira Choyamba ziyenera kupempha makampani kuti agwiritse ntchito njira zothetsera vutoli chipika kutayikira kwa data (makamaka kutsimikizika kwazinthu ziwiri), m'malo molanga zachitika kale kutayikira kwa data.
- Ena opanga mapulogalamu akuyesera kugulitsa kwa ogula zakale komanso zosadalirika kwenikweni zothetsera m'matumba okongola "zatsopano" mankhwala. Mwachitsanzo, kutsimikizira mwa kulumikiza ku foni yamakono kapena kugwiritsa ntchito biometrics. Monga tikuonera mu lipoti, malinga ndi odalirikadi Pakhoza kukhala yankho lokhazikika pa kutsimikizika kolimba, ndiko kuti, zizindikiro za cryptographic.
- Momwemonso chizindikiro cha cryptographic chingagwiritsidwe ntchito ntchito zingapo: chifukwa kutsimikizika kwamphamvu m'mabizinesi ogwiritsira ntchito, mumakampani ndi ogwiritsa ntchito, a siginecha yamagetsi zochitika zachuma (zofunika pamabanki), zikalata ndi imelo.
Source: www.habr.com