To protect against internal threats, companies have chosen password systems and valid statistical often “ad vitam aeternam” and used to protect access to sensitive applications information system. So log-export, financial data, trade data and search data, companies have installed some windows dialog requesting the password for users. These methods have proven to have great limitations. Highlighting only a few of them:

Using a too simple password: Each user saves a minimum of 10 different passwords and to access their information they will have to use a simple password with between 4 and 6 characters easy to identify (name, surname, children, favorite color, year of birth, etc.).

Impersonation: A users password does not prove their identity, so any person can use that password.

Face Management: Gartner analyzes have shown that 35% of calls to the help desk information company are related to password management (forgetfulness, replacement, …).

Today many employees of large industries can access critical business data from anywhere on the planet. A few years ago, these accesses were exceptional and did not need special security. Today, each executive has his own laptop and each accesses their messaging, financial data and trading via remote access.

How to ensure that the person accessing the user is authorized?

Maybe the laptop is stolen, or has fallen into the hands of competitors and recover all this information. All this looks like something out of a spy movie, but cybercrime between companies exists and is growing. These are risks that must be considered very seriously.

The confidentiality of business data (financial data, legal, research and development) is paramount. But a real solution is effective only if encryption is transparent to the user, can be shared and is secure enough to prevent leakage of information of the entity in which it is stored.

Numerous companies are related to section 11 CFR21 standards, which require accountability of the production system. The password system has once again shown its limitations. Some agencies prohibit systematically American products whose accountability is not safe.

Dematerialization of electronic exchanges have suffered a major development in recent years, thanks to the legal recognition of electronic signatures. Beyond the relations between the company and the government, the electronic signature is in place within the company, usually associated with applications “voice” ERP type. Whichever security system is set in place, it will always face challenges with the use and protection of a private key, usually protected by a confidential code or, better, a code phrase. This can save time with the ease of use and substituting this information (which are lost or forgotten forever) for a personal information can neither forget nor lose.