Poor security could hamper web services take-up

Firms need to adopt technologies such as smart cards and digital certificates, says analyst

Businesses must adopt stronger user authentication technology, such as smart cards and digital certificates, if they are to take advantage of emerging web services, according to a report by the Butler Group. The research, Identity and Access Management, says traditional username and passwords are not secure enough for the next generation of online services and are also becoming too difficult and costly to manage both for network managers and end-users. "On its own the password is no longer a secure authentication mechanism. One of the problems with today's computer systems is that everybody in the online world is required to be an administrator, not least having to register and enter profile information at every website visited," said the report. Industry standards are vital to the wider adoption of stronger security technologies and Butler Group predicts that the WS-Security standard, backed by the likes of IBM and Microsoft, will become as pervasive as TCP/IP currently is. Web services will be one of the main drivers for businesses moving to stronger authentication methods. The report said: "Without a streamlined and effective identity management process, organisations will never be able to fully utilise the web services model. It is essential that companies move to an identity-centric approach where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter control and detection." Firms should in particular look at security technologies that interoperate with portals, with Butler Group predicting this will be the mechanism most users and customers will interact with an organisation. Smart cards and digital certificates are the best authentication methods recommended by the analyst group but the report warns that biometrics are still some way off achieving the necessary levels of reliability. The report also attacks the UK government's plans for a national biometric ID card, calling it an "inappropriate use of this technology".