Part 3 Business Continuity and implementation

Business Continuity and Availability – Authenticators and Authentication


One challenge is that with loss or failure of the primary authenticators, users would be unable to conduct any on-line commerce. The ideal way to solve this potential problem would be to have a primary and secondary authentication device. A useful analogy is having a spare set of keys in the event of misplacement, loss or misadventure. This may take the form of a HOTP enabled photo ID or a second mobile phone.


This document has not covered the best way to provide authentication to users seeking access to assets. As in all complex systems, this is where the “devil is in the detail”.
The one given is that the authentication must be resilient and distributed. A useful analogue would be peer-to-peer traffic used to distribute torrent files. For mobile phones users, systems exist but a prioritisation or escalation protocol may be required to ensure authentication is given priority in a similar fashion to Quality of Service (QOS) used for Voice over Internet Protocol (VoIP) in network transport.
The simplest and most inexpensive way to ensure rapid deployment would be for users to authenticate to their existing Financial Service or Mobile Service provider. Establishing a third party to enable interoperability (Australian Transaction Reports and Analysis Centre  - Austrac’s business model is a good example) is a high priority, as long as it is cost effective and doesn’t require an army of public servants to administer it.

Critical pieces of the infrastructure required to implement the Federated System are in commercial production in all organisations around the nation. Here are the nuts and bolts that make these systems work together.

Authentication – a basic overview                                                                                  
What is a Radius Server                                                                                         ?
Authentication  - a basic overview                                                                                     
Australian Transaction Reports and Analysis Centre  -  AUSTRAC                         

Desired Outcomes

Better online security for Australian Citizens
Pundits speculate that criminal activity targeting on-line commerce is in its infancy. By initiating a National system and framework, Australia can demonstrate real leadership in protecting its citizens from online threats.

It’s much better than passwords
Passwords fail to meet the needs of security. Increasing complexity in password management is costing organisations vast sums of money and failing to protect the digital assets they are supposed to protect. Stronger unchanging passwords are easier to administer (and remember) and more challenging to crack. By extending the length of a password to 12 characters the chances of a brute force attack achieving success is minimal. One or two very strong unchanging passwords are better than any number of weak passwords. Adding MFA to this strategy makes the efficacy of the system much better.

Improved Safety and Privacy
By ensuring sign on credentials are valid, the security of users privacy and identity are protected with a subsequent increase of trust in systems and processes. With the ability to extend the reach of this improved security, all stakeholders benefit.

National Defence and Security
By building better security safeguards into Australia’s national infrastructure, citizens are assured that the potential of state sponsored threats is mitigated. By using Information technology as an attack vector, more resilient and protected systems are able to repel infection or attack.

Reduction in Financial Loss and Risk
Online fraud is a measureable cost we must all add to what we pay for the use of Financial Services. The Return on Investment (ROI) based upon this framework is impossible to gauge but like insurance, how do you measure success?

Social Capital
The framework provides greater protection for users of consumer social media (Facebook), business social media (LinkedIn) and hybrids (Twitter). Lives have been lost because of online bullying with little or no legal recourse for the victims. Is digital assault a valid crime? Non repudiation is guaranteed ensuring that the lawless slings and arrows delivered via online media may be curbed to conform to current defamation legislation. 


By implementing a national multi-factor authentication system Australian citizens will benefit from having the highest levels of online security in the world. This technology may provide a significant competitive advantage to business in securing digital assets and could lead to innovation based export opportunities. The headlines report massive breaches of information that directly expose our financial systems to grave risk. Australia must set the benchmark in secure digital vigilance to safeguard our information security perimeter from existing and potential threats.


For Part 1::The business drivers and technology basics of two-factor or multi-factor authentication
And Part 2: Part two – Open standards are the key to building a Federated System


About the Author:
Mike Ryan is a freelance copywriter and marketing contractor with a passion for Information Security. He has presented at an Australian Information Security Association (AISA)  branch meeting prosecuting the case for improved security and that punitive legislation  be enforced to protect  Australian citizens from data disclosure and privacy breaches.

Mike Ryan – Brass Razoo Group      Website:                                                                                          

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mike Ryan

Latest Videos

More videos

Blog Posts