http://www.authenware.com/careers.php

Today we live in an environment where we are constantly analyzing the economics of investing in security and determining the value of the assets that we are protecting.  In healthcare today, there is an ever increasing concern with protecting patient privacy  as nurses, technicians, doctors, billing clerks, payers, providers and many others have practically unlimited access to their private information.  The biggest disappointment that I have with HIPAA is that it offers healthcare organizations a rare opportunity to update their technology platform with best practices, proper procedures and policy enforcement, but very few have actually done so.  Too many times the concern of business continuity or ease of use for medical workers drive the strategy and deployment of secure infrastructure, applications and platforms for healthcare enterprises.  It is estimated that the healthcare invests approximately 2% of its revenues towards Information Technology, while other industries such as financial services invest nearly 10%.

Healthcare demands large amounts of trust related to the handling of confidential patient propriety data. The dramatic increase  in patient information that has been compromised will eventually accelerate the need for providers to invest more solidly in Electronic Medical Records.  Luckily, the American Recovery and Reinvestment Act of 2009 has provided incentives for them to fuel EMR investment, primarily through the HIPAA High Tech legislation.

As organizations continue to utilize the userid & password paradigm as the primary way that data is accessed, it is imperative that all enterprises, hospitals and care providers incorporate additional layers of identity authentication to ensure that data remains safe and confidential.  Strong multi-factor authentication will protect patient privacy and provide secure access to information in electronic personal heath records.  Incorporating keystroke dynamics offers a transparent approach that will dramatically improve secure access to information. It also fulfills the strong security requirement by providing “something you have” in addition to the “something that you know” norm.  AuthenWare deploys innovative technology that will identify whether a user of a set of  credentials is in fact the rightful user of those credentials or not. In doing so, we significantly increase the protection of healthcare data by preventing access by anyone who has inappropriately acquired a users’ credentials.

It is with this in mind that the protection of privacy and the security of the patient information online be finally be ensured. The usage of a multi-factor authentication technology such as keystroke dynamics would have eliminated the types of breaches that were attributed to the use of login credentials such as the 400,000 health records compromised in Puerto Rico, the 15,000 Social Security numbers stolen from computers at the State of New York’s Office of Temporary Disability Assistance, or through the password-stealing Kroxxu botnet.

Diligence, investment and enforcement of policy can help us have the most secure and trusted healthcare system of digital medical records.

While there is plenty of blame to go around, there are a lot of people already passing judgment so I won’t comment further there. However, I do want to weigh in on a different point that seems to be completely overlooked – that this could have been completely prevented.

Keystroke dynamics, by its very nature, eliminates the password sharing issue. For example, AuthenWare uses a series of biometric security algorithms that record and measure a person’s unique typing patterns (and other information). But the point is, once a pattern is set for a userid/password combination, the software can disallow any other person from using that set of credentials, even if the userid and password are correct. That alone could have stopped Vodaphone’s problem. In fact, one of our customers is using our software for just that purpose – eliminating password sharing.

There are a number of reasons why this is important. Of course protecting access to your web and internal system access is first and foremost, but there are also other reasons: knowing who is accessing what at all times, stopping invalid users from causing harm, complying with auditors and other regulatory statutes, and protecting revenue (for software vendors). I encourage you to contact us to learn how we can help you reduce or eliminate password sharing in your organization.

The City is integrating AuthenWare with its case management and single sign-on (SSO) solution so that it can protect user id and password access to both internal and external applications.

Jorge Linskens, City of Buenos Aires CIO, had this to say:

“AuthenWare offers us robust security in three ways:  high protection for our citizens and employees without the use of hardware devices, the  flexibility to deploy the system as we need, and the added benefit of extreme user convenience.”

To learn more, read the entire story here, or visit our website.

The agreement, which includes licenses for our keystroke dynamics software for up to 150,000 users, is designed to help authenticate and protect the credentials of both internal employees and external users of the City’s Self-Service Citizen portal, as well as other City applications.

Jorge Linskens, the City’s CIO, says that “We selected AuthenWare for three reasons:  strong security without the use of hardware devices, system flexibility and user convenience.”

To read the rest of the press release go here.

Perhaps the best indication of how well the market perceives our innovative multi-factor identity authentication software is by this metric — our company grew revenues by more than 130% over 2009.

We also dramatically increased the number of  user licenses to over 75 million people during 2010. There are a lot of equally impressive performance figures, but none are so important as the figures that represent your faith in our company and software. Being selected to help to protect your users from Identity Theft and other malicious threats is a trust we do not take lightly. From all of us, thank you.

To read the rest of AuthenWare’s 2010 performance results, access the press release here.

Here is what Wasatch’s CEO Rebecca Jensen had to say: ”We evaluated several keystroke dynamics solutions before selecting AuthenWare. The software helps us affordably protect against unauthorized access and stop password sharing without impacting our users.”

That’s what we are all about at AuthenWare – cost effectively protecting users against Id Theft, Web Fraud and other System Breaches. You can read the entire press release here.

Well here we go again. BBC News reports that millions of web users are being asked to reset their passwords as concerns spread over a major hacking attack.

Ugh. Major websites such as Yahoo, Twitter and LinkedIn have asked users to change their details, days after gossip site Gawker was hacked. Additionally, World of Warcraft, an online gaming site which has more than 12 million subscribers, has also asked some users to reset their passwords as well.

It never ceases to amaze me that these websites are not doing more to their users from hackers, keyloggers, phishing, unauthorized credential usage and other breaches. The technology is out there and it doesn’t have to cost a lot (at least with AuthenWare it doesn’t). And most importantly they can be easily implemented with nearly no user impact.

BTW, the article lists the top 10 passwords people used – reading that is especially maddening. If you have been following this blog for a while I’m sure you can understand, but if not, read Ron’s post from a few weeks ago.

FreeBalance is a Government Resource Planning (GRP) software vendor (think ERP focused on the unique aspects of government), and they are integrating AuthenWare into their flagship FreeBalance Accountability Suite. Effectively they are packaging and providing AuthenWare as an additional layer of protection within their system to ensure that the credentials of FreeBalance government agency users cannot be compromised or used maliciously.

This is a win-win for both companies.

While obviously FreeBalance users immediately benefit with stronger security, the technology is also “zero-footprint software,” meaning it is requires no tokens or additional end-user hardware, making it virtually undetectable to the system users – which was an important consideration for FreeBalance since it did not want to change they way they use the system today – only make it more secure.

The addition of AuthenWare creates a nearly impenetrable line of defense for the FreeBalance Accountability Suite that stops identity theft, web fraud and system vulnerability. It helps make user authentication and validation easy, cost-effective and most importantly – reliable – which are critical aspects to sustaining security within any government organization. You can read more about the FreeBalance GRP Suite here.

Yesterday I saw a Forbes report out of Washington that stated it will take several more years for the US government to fully install high-tech systems to block computer intrusions.  The article quoted experts as saying that the drawn-out timeline will most certainly enable criminals to become more adept at stealing sensitive data.

Although very true in this case, the old idiom “A Day Late and a Dollar Short” itself falls far short in describing the magnitude of this problem.

“Intrusion Detection and Prevention Programs” are certainly necessary, but not sufficient, to attack these enormous security weaknesses.  As I have said before, “If someone steals your Password by another means, you are still highly susceptible to be the next victim of cybercrime.”

The dire after-effects of a stolen Password can be substantially avoided – using today’s technology!