Have you considered or implemented multiple levels of authentication to your network resources based on the sensitivity of the information in use?
This question is similar to the previous question, where we have two separate operational boundaries on the network. One was open and available to anyone who wanted to connect. The other network was available only to employees accomplishing the day-to-day work tasks. The difference with this question is based on the variety of sensitivity levels of information on the network. Does your customer's network have multiple levels of sensitive information to which access should be strictly controlled?
For instance, a hospital might have a basic operational network for general employees that requires only basic authentication methodologies. It might also have a more sensitive network area where all patient information for the hospital is processed, transmitted and stored. The authentication methods used on this more sensitive network should be more robust and in-depth to avoid unauthorized access to patient information. If you happen to work in the medical field, you'll understand the importance of this perspective.
It's best to stop and consider where those boundaries of sensitivity may exist within your customer's organization and how you as a solution provider can ensure the confidentiality and integrity of that sensitive information.
Return to the authentication FAQ guide and read the rest of Russ's expert responses.
This was first published in September 2008