Muva nje, inkampani yocwaningo i-Javelin Strategy & Research ishicilele umbiko, "Isimo Sokugunyazwa Okunamandla 2019." Abadali bayo baqoqe ulwazi mayelana nokuthi yiziphi izindlela zokuqinisekisa ezisetshenziswa ezindaweni zezinkampani kanye nezicelo zabathengi, futhi benza iziphetho ezithakazelisayo mayelana nekusasa lokuqinisekisa okuqinile.
Ukuhunyushwa kwengxenye yokuqala neziphetho zababhali bombiko, thina . Futhi manje sethula kuwe ingxenye yesibili - ngedatha namagrafu.
Kusuka kumhumushi
Ngeke ngikopishe ngokuphelele ibhulokhi yegama elifanayo engxenyeni yokuqala, kodwa ngisazophinda isigaba esisodwa.
Zonke izibalo namaqiniso ethulwa ngaphandle kwezinguquko ezincane, futhi uma ungavumelani nazo, kungcono ukuphikisana nomhumushi, kodwa nabalobi bombiko. Nanka imibono yami (ebekwe njengezingcaphuno, futhi imakwe embhalweni IsiNtaliyane) ukwahlulela kwenani lami futhi ngizokujabulela ukuphikisana ngakunye kuzo (kanye nangekhwalithi yokuhumusha).
Ukuqinisekiswa komsebenzisi
Kusukela ngo-2017, ukusetshenziswa kokuqinisekisa okuqinile kuzinhlelo zokusebenza zabathengi kuye kwakhula kakhulu, ikakhulukazi ngenxa yokutholakala kwezindlela zokuqinisekisa i-cryptographic kumadivayisi eselula, nakuba amaphesenti amancane kuphela ezinkampani asebenzisa ukuqinisekiswa okuqinile kwezinhlelo zokusebenza ze-intanethi.
Sekukonke, iphesenti lezinkampani ezisebenzisa ukuqinisekiswa okuqinile ebhizinisini lazo liphindeke kathathu lisuka ku-5% ngo-2017 laya ku-16% ngo-2018 (Umdwebo 3).
Amandla okusebenzisa ukuqinisekiswa okuqinile kwezinhlelo zokusebenza zewebhu lisanqunyelwe (ngenxa yokuthi yizinguqulo ezintsha kuphela zezinye iziphequluli ezisekela ukusebenzisana namathokheni e-cryptographic, nokho le nkinga ingaxazululwa ngokufaka isoftware eyengeziwe njenge ), izinkampani eziningi zisebenzisa ezinye izindlela zokuqinisekisa ku-inthanethi, njengezinhlelo zamadivayisi eselula akhiqiza amaphasiwedi esikhathi esisodwa.
Izikhiye ze-cryptographic zehadiwe (lapha sisho kuphela lezo ezithobela izindinganiso ze-FIDO), njengalezo ezinikezwa i-Google, Feitian, One Span, kanye ne-Yubico zingasetshenziselwa ukuqinisekiswa okuqinile ngaphandle kokufaka isofthiwe eyengeziwe kumakhompuyutha edeskithophu namalaptop (ngoba iziphequluli eziningi sezivele zisekela izinga le-WebAuthn kusuka ku-FIDO), kodwa izinkampani ezi-3% kuphela ezisebenzisa lesi sici ukuze zingene kubasebenzisi bazo.
Ukuqhathaniswa kwamathokheni e-cryptographic (like ) kanye nezikhiye eziyimfihlo ezisebenza ngokuvumelana nezindinganiso ze-FIDO zingaphezu kobubanzi balo mbiko, kodwa futhi namazwana ami kuwo. Ngamafuphi, zombili izinhlobo zamathokheni zisebenzisa ama-algorithms afanayo nezimiso zokusebenza. Amathokheni e-FIDO okwamanje asekelwa kangcono abathengisi besiphequluli, nakuba lokhu kuzoshintsha maduzane njengoba iziphequluli eziningi zisekela . Kodwa amathokheni e-cryptographic classical avikelwe yikhodi ye-PIN, angasayina imibhalo ye-elekthronikhi futhi asetshenziselwe ukuqinisekiswa kwezinto ezimbili ku-Windows (noma iyiphi inguqulo), i-Linux ne-Mac OS X, inama-API ezilimi ezihlukahlukene zokuhlela, ezikuvumela ukuthi usebenzise i-2FA kanye ne-electronics. isiginesha kudeskithophu, izinhlelo zokusebenza zeselula nezewebhu , namathokheni akhiqizwa eRussia asekela ama-algorithms we-GOST aseRussia. Kunoma yikuphi, ithokheni ye-cryptographic, kungakhathaliseki ukuthi iyiphi indinganiso eyenziwe ngayo, iyindlela yokuqinisekisa enokwethenjelwa kakhulu futhi elula.
Ngaphandle Kokuvikeleka: Ezinye Izinzuzo Zokuqinisekisa Okuqinile
Akumangazi ukuthi ukusetshenziswa kokuqinisekisa okuqinile kuhlobene eduze nokubaluleka kwedatha ibhizinisi eliyigcinayo. Izinkampani ezigcina Ulwazi Oluhlonza Umuntu (PII) olubucayi, njengezinombolo Zokuvikeleka Komphakathi noma Ulwazi Lwezempilo Lomuntu Siqu (PHI), zibhekana nengcindezi enkulu kakhulu yezomthetho neyokulawula. Lezi yizinkampani ezingabasekeli abanolaka kakhulu bokuqinisekisa okuqinile. Ingcindezi emabhizinisini ikhuliswa yilokho okulindelwe ngamakhasimende afuna ukwazi ukuthi izinhlangano ezizethembayo ngedatha yazo ebucayi kakhulu zisebenzisa izindlela zokuqinisekisa eziqinile. Izinhlangano eziphethe i-PII ebucayi noma i-PHI kungenzeka ukuthi zisebenzise ukuqinisekiswa okuqinile okuphindwe kabili kunezinhlangano ezigcina imininingwane yokuxhumana yabasebenzisi kuphela (Umfanekiso 7).
Ngeshwa, izinkampani azikazimisele ukusebenzisa izindlela zokuqinisekisa eziqinile. Cishe ingxenye eyodwa kwezintathu yabenzi bezinqumo zebhizinisi babheka amagama ayimfihlo njengendlela yokuqinisekisa ephumelela kakhulu phakathi kwabo bonke abasohlwini Lomfanekiso 9, futhi u-43% ubheka amaphasiwedi njengendlela yokuqinisekisa elula kakhulu.
Leli shadi lifakazela kithi ukuthi abathuthukisi bezinhlelo zebhizinisi emhlabeni wonke bayafana... Abayiboni inzuzo yokusebenzisa izindlela zokuphepha ezithuthukile zokufinyelela i-akhawunti futhi babelana ngemibono eyiphutha efanayo. Futhi izenzo zabalawuli kuphela ezingashintsha isimo.
Masingawathinti amagama ayimfihlo. Kodwa yini okufanele uyikholelwe ukuze ukholelwe ukuthi imibuzo yokuphepha iphephe kakhulu kunamathokheni e-cryptographic? Ukuphumelela kwemibuzo yokulawula, ekhethiwe nje, kulinganiselwa ku-15%, hhayi amathokheni angenakuguqulwa - kuphela 10. Okungenani bukela ifilimu ethi "Illusion of Deception", lapho, nakuba isesimweni esingokomfanekiso, kuboniswa ukuthi kulula kangakanani abalumbi. waheha zonke izinto ezidingekayo ezimpendulweni zomkhohlisi futhi wamshiya engenamali.
Futhi elinye iqiniso elisho okuningi mayelana neziqu zalabo abanomthwalo wemfanelo wezindlela zokuphepha ezicelweni zabasebenzisi. Ekuqondeni kwabo, inqubo yokufaka iphasiwedi iwumsebenzi olula kunokuqinisekisa usebenzisa ithokheni ye-cryptographic. Nakuba, kubonakala sengathi kungase kube lula ukuxhuma ithokheni embotsheni ye-USB bese ufaka ikhodi ye-PIN elula.
Okubalulekile, ukusebenzisa ukuqinisekiswa okuqinile kuvumela amabhizinisi ukuthi asuke ekucabangeni ngezindlela zokuqinisekisa nemithetho yokusebenza edingekayo ukuze kuvinjwe izinhlelo zomgunyathi ukuze kuhlangatshezwane nezidingo zangempela zamakhasimende awo.
Nakuba ukuthobela imithetho kuyinto ebaluleke kakhulu emabhizinisini asebenzisa ukuqinisekiswa okuqinile nalawo angakwenzi, izinkampani esezivele zisebenzisa ukuqinisekiswa okuqinile zisethubeni elikhulu lokusho ukuthi ukwandisa ukwethembeka kwamakhasimende kuyimethrikhi ebaluleke kakhulu eziyicabangelayo lapho zihlola ukuqinisekiswa kweqiniso. indlela. (18% vs. 12%) (Figure 10).
Ukuqinisekiswa Kwebhizinisi
Kusukela ngo-2017, ukwamukelwa kokuqinisekisa okuqinile emabhizinisini kuye kwakhula, kodwa ngenani eliphansi kancane kunezicelo zabathengi. Isabelo samabhizinisi asebenzisa ukuqinisekiswa okuqinile sikhuphuke sisuka ku-7% ngo-2017 saya ku-12% ngo-2018. Ngokungafani nezinhlelo zokusebenza zabathengi, endaweni yebhizinisi ukusetshenziswa kwezindlela zokuqinisekisa okungezona iphasiwedi kuvamile kakhulu ezinhlelweni zewebhu kunakumadivayisi eselula. Cishe uhhafu wamabhizinisi abika esebenzisa amagama omsebenzisi kuphela namagama ayimfihlo ukuze agunyaze abasebenzisi bawo lapho engena, kanti oyedwa kwabahlanu (22%) naye uthembele kuphela kumagama-mfihlo ukuze aqinisekise okwesibili lapho efinyelela idatha ebucayi (okungukuthi, umsebenzisi kuqala ungena kuhlelo lokusebenza esebenzisa indlela yokuqinisekisa elula, futhi uma efuna ukufinyelela kudatha ebucayi, uzokwenza enye inqubo yokuqinisekisa, kulokhu ngokuvamile esebenzisa indlela enokwethenjelwa kakhudlwana.).
Udinga ukuqonda ukuthi umbiko awucabangi ukusetshenziswa kwamathokheni we-cryptographic wokuqinisekisa izici ezimbili ezinhlelweni zokusebenza ze-Windows, Linux kanye ne-Mac OS X. Futhi lokhu okwamanje ukusetshenziswa okusakazeke kakhulu kwe-2FA. (Maye, amathokheni adalwe ngokwamazinga e-FIDO angasebenzisa i-2FA kuphela Windows 10).
Ngaphezu kwalokho, uma ukuqaliswa kwe-2FA ku-inthanethi nezinhlelo zokusebenza zeselula kudinga isethi yezinyathelo, okuhlanganisa ukuguqulwa kwalezi zinhlelo zokusebenza, bese usebenzisa i-2FA ku-Windows udinga kuphela ukulungisa i-PKI (isibonelo, ngokusekelwe ku-Microsoft Certification Server) kanye nezinqubomgomo zokuqinisekisa. ngo-AD.
Futhi njengoba ukuvikela ukungena ngemvume ku-PC yomsebenzi kanye nesizinda kuyisici esibalulekile sokuvikela idatha yenkampani, ukuqaliswa kokuqinisekiswa kwezinto ezimbili kuya ngokuya kuvame kakhulu.
Izindlela ezimbili ezilandelayo ezivame kakhulu zokuqinisekisa abasebenzisi lapho bengena ngemvume amaphasiwedi esikhathi esisodwa anikezwa ngohlelo lokusebenza oluhlukile (u-13% wamabhizinisi) kanye namaphasiwedi esikhathi esisodwa alethwa nge-SMS (12%). Naphezu kokuthi iphesenti yokusetshenziswa kwazo zombili izindlela ifana kakhulu, i-OTP SMS ivame ukusetshenziselwa ukwandisa izinga lokugunyazwa (ku-24% wezinkampani). (Umfanekiso 12).
Ukwenyuka kokusetshenziswa kokuqinisekisa okuqinile ebhizinisini kungase kubangelwe ekutholakaleni okwengeziwe kokusetshenziswa kokuqinisekiswa kwe-cryptographic ezinkundleni zokuphatha ubunikazi bebhizinisi (ngamanye amazwi, amasistimu e-SSO ne-IAM ebhizinisi afunde ukusebenzisa amathokheni).
Ngokuqinisekiswa kweselula kwabasebenzi nosonkontileka, amabhizinisi athembele kakhulu kumagama-mfihlo kunokuqinisekisa ezinhlelweni zabathengi. Ngaphezulu nje kwengxenye (53%) yezinkampani zisebenzisa amagama ayimfihlo lapho ziqinisekisa ukufinyelela komsebenzisi kudatha yenkampani ngomakhalekhukhwini (Umfanekiso 13).
Endabeni yamadivayisi eselula, umuntu angakholelwa emandleni amakhulu we-biometrics, uma kungenjalo ezimweni eziningi zeminwe mbumbulu, amazwi, ubuso ngisho ne-irises. Umbuzo owodwa wenjini yokusesha uzoveza ukuthi indlela ethembekile yokuqinisekisa i-biometric ayikho nje. Izinzwa ezinembile ngempela, zikhona, kodwa zibiza kakhulu futhi zikhulu ngosayizi - futhi azifakiwe kuma-smartphones.
Ngakho-ke, okuwukuphela kwendlela yokusebenza ye-2FA kumadivayisi eselula ukusetshenziswa kwamathokheni e-cryptographic axhuma ku-smartphone nge-NFC, i-Bluetooth ne-USB Type-C interfaces.
Ukuvikela idatha yezezimali yenkampani yisizathu esiphezulu sokutshala imali ekuqinisekiseni okungenaphasiwedi (44%), ngokukhula okusheshayo kusukela ngo-2017 (ukwanda ngamaphesenti ayisishiyagalombili). Lokhu kulandelwa ukuvikelwa kwempahla yengqondo (40%) kanye nedatha yabasebenzi (HR) (39%). Futhi kuyacaca ukuthi kungani - akulona nje inani elihlotshaniswa nalezi zinhlobo zedatha elaziwa kabanzi, kodwa bambalwa abasebenzi abasebenza nazo. Okusho ukuthi, izindleko zokuqalisa azinkulu kangako, futhi abantu abambalwa kuphela abadinga ukuqeqeshwa ukuze basebenze ngesistimu yokuqinisekisa eyinkimbinkimbi. Ngokuphambene, izinhlobo zedatha namadivayisi iningi labasebenzi bebhizinisi elifinyelela kuwo ngokuvamile zisavikelwe kuphela ngamaphasiwedi. Amadokhumenti ezisebenzi, izindawo zokusebenza, namaphothali e-imeyili ezinkampani yizindawo ezisengozini enkulu, njengoba ingxenye yesine kuphela yamabhizinisi evikela lezi zimpahla ngokuqinisekiswa okungenaphasiwedi (Umfanekiso 14).
Ngokuvamile, i-imeyili yebhizinisi iyingozi kakhulu futhi into evuzayo, izinga lengozi engaba khona elibukelwa phansi ama-CIO amaningi. Izisebenzi zithola inqwaba yama-imeyili nsuku zonke, ngakho kungani ungafaki okungenani i-imeyili yobugebengu bokweba imininingwane ebucayi eyodwa (okungukuthi, umgunyathi) phakathi kwazo. Le ncwadi izofomethwa ngesitayela sezinhlamvu zenkampani, ngakho isisebenzi sizozizwa sikhululekile ukuchofoza isixhumanisi kule ncwadi. Hhayi-ke, noma yini ingenzeka, ngokwesibonelo, ukulanda igciwane emshinini ohlaselwe noma amaphasiwedi avuzayo (kuhlanganise nobunjiniyela bezenhlalo, ngokufaka ifomu lokuqinisekisa elingelona iqiniso elenziwe umhlaseli).
Ukuze uvimbele izinto ezinjengalezi ukuthi zenzeke, ama-imeyili kufanele asayinwe. Khona-ke kuzocaca ngokushesha ukuthi iyiphi incwadi eyakhiwe isisebenzi esisemthethweni nokuthi yimuphi umhlaseli. Ku-Outlook/Exchange, isibonelo, amasiginesha kagesi asuselwa kumathokheni e-cryptographic anikwa amandla ngokushesha futhi kalula futhi angasetshenziswa ngokuhambisana nokuqinisekiswa kwezinto ezimbili kuwo wonke ama-PC kanye nezizinda ze-Windows.
Phakathi kwalabo baphathi abathembele kuphela ekuqinisekisweni kwephasiwedi ngaphakathi kwebhizinisi, izingxenye ezimbili kwezintathu (66%) benza kanjalo ngoba bekholelwa ukuthi amagama ayimfihlo ahlinzeka ngokuvikeleka okwanele kohlobo lolwazi oludingwa yinkampani yabo ukuze luvikeleke (Umfanekiso 15).
Kodwa izindlela eziqinile zokuqinisekisa sezivame kakhulu. Ikakhulukazi ngenxa yokuthi ukutholakala kwazo kuyanda. Inani elandayo lezinhlelo zobunikazi nokulawulwa kokufinyelela (IAM), iziphequluli, nezinhlelo zokusebenza zisekela ukuqinisekiswa kusetshenziswa amathokheni e-cryptographic.
Ukufakazela ubuqiniso okuqinile kunenye inzuzo. Njengoba iphasiwedi ayisasetshenziswa (ifakwe i-PIN elula), azikho izicelo ezivela kubasebenzi ezibacela ukuthi bashintshe igama eliyimfihlo elikhohliwe. Okuphinde kwehlise umthwalo emnyangweni we-IT webhizinisi.
Imiphumela neziphetho
- Abaphathi ngokuvamile abanalo ulwazi oludingekayo lokuhlola okwangempela ukusebenza kwezinketho ezihlukahlukene zokufakazela ubuqiniso. Bajwayele ukwethemba abanjalo isiphelelwe yisikhathi izindlela zokuphepha ezifana namagama ayimfihlo nemibuzo yezokuphepha ngoba nje "isebenze ngaphambilini."
- Abasebenzisi basenalo lolu lwazi Ngaphansi, kubo into eyinhloko lula futhi lula. Inqobo nje uma bengenaso isisusa sokukhetha izixazululo ezivikeleke kakhulu.
- Abathuthukisi bezinhlelo zokusebenza zangokwezifiso ngokuvamile asikho isizathuukusebenzisa ukuqinisekiswa kwezinto ezimbili esikhundleni sokufakazela ubuqiniso bephasiwedi. Ukuncintisana ezingeni lokuvikela ezinhlelweni zabasebenzisi akukho.
- Isibopho esigcwele sokugebenga kuthuthelwe kumsebenzisi. Nikeza umhlaseli iphasiwedi yesikhathi esisodwa - ukusola. Iphasiwedi yakho ibanjiwe noma inhloliwe - ukusola. Akuzange kudingeke ukuthi unjiniyela asebenzise izindlela zokuqinisekisa ezithembekile kumkhiqizo - ukusola.
- Silungile umlawuli okokuqala kufanele idinge izinkampani ukuthi zisebenzise izixazululo lokho vimba ukuvuza kwedatha (ikakhulukazi ukuqinisekiswa kwezinto ezimbili), kunokujezisa sekwenzekile ukuvuza kwedatha.
- Abanye abathuthukisi be-software bazama ukuthengisela abathengi endala futhi ayithembekile ikakhulukazi izixazululo emaphaketheni amahle umkhiqizo "omusha". Isibonelo, ukufakazela ubuqiniso ngokuxhuma ku-smartphone ethile noma usebenzisa i-biometrics. Njengoba kungabonakala embikweni, ngokusho kuka enokwethenjelwa ngempela Kungaba nesixazululo kuphela esisekelwe ekuqinisekiseni okuqinile, okungukuthi, amathokheni e-cryptographic.
- Okufanayo ithokheni ye-cryptographic ingasetshenziselwa inani lemisebenzi: ngoba ukuqinisekiswa okuqinile ohlelweni lokusebenza lwebhizinisi, kuzicelo zebhizinisi nezabasebenzisi, ze isignesha kagesi imisebenzi yezezimali (okubalulekile ezicelweni zebhange), imibhalo kanye ne-imeyili.
Source: www.habr.com