Get started Bring yourself up to speed with our introductory content.

Will regulatory requirements affect the type of authentication used?

Regulatory compliance can be a thorn in your customer's side but an opportunity for you as a solution provider. Find out how you can use regulatory requirements to help choose an authentication solution for your customer.

Is the organization required to comply with any regulatory requirements that may affect the type of authentication used?

As the federal government or other regulatory agencies get more involved in the protection of customer or patient information, organizations may find themselves required to follow regulations or face stiff penalties. These could include HIPAA for healthcare, PCI for companies that work with customer credit card information or FERPA for educational institutions.

About the author
Russ Rogers is an information security expert and author of Nessus Network Auditing, 2nd Edition. Russ is currently a penetration tester for the federal government.

One of the bigger issues at play here is the fact that the organization may not even be aware of these regulations. As the security professional and adviser to the organization, you should point out what the customer needs to consider. It will also have an impact on the recommended solution you end up installing. Protecting customer financial information may be a high priority for the organization, so consider what methodologies will provide the best protection for the organization while still taking into account any financial or complexity constraints.

Dig Deeper on Identity and access management (IAM) security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.