OTP Vendors to Offer Authentication Options to Keep Pace with App Evolution
Published on: 16th Dec 2013
The growing sophistication of online threats are encouraging service providers to integrate mobile one time password (OTP) OTP tokens and USB tokens to plug the security gaps in static passwords. Security vendors realise that the time is ripe to expand their product portfolios beyond traditional hardware OTP solutions especially since new OTP vendors are offering risk based analysis and out of band 2 factor authentication.
Frost & Sullivan finds that the market earned revenues of $824.7 million in 2012 and estimates this to reach $1.18 billion by 2017, at a compound annual growth rate (CAGR) of 7.5 percent. The study covers application sectors of security, physical access, logical access, digital signature and mobile payment.
"By expanding their portfolios to include hardware, software mobile, desktop, USB, transaction signing, and out-of-band authenticators, vendors allow IT administrators to assign a certain authentication product to unique employee types," said Frost & Sullivan Global Programme Director, ICT, Jean-NoŽl Georges. "In addition, some vendors enable organisations to host their authentication platforms in-house or as authentication as a service (AaaS). This type of flexibility provides organisations with greater transparency."
The portfolio expansions appear timely considering that more than 94 million records containing personal information have been exposed since 2009 in the US alone. Nearly 81 million of these were due to the loss or theft of mobile devices.
To make the most of the opportunities, OTP vendors are striving to change the popular perception that their deployments are complex. They are looking to achieve this by developing platforms that promote interoperability and multiple forms of 2-factor authentication. They also take initiatives to educate decision markers of the benefits of software-based authentication and the use of more than a single form factor.
Meanwhile, as data security is a hot topic among enterprises, compliance regulations and legislation will continue to push organisations to employ technology that will ensure the proper handling of sensitive data. Some of the current compliance regulations, including Payment Card Industry Data Security Standard (PCI-DSS) and Health Information Technology for Economic and Clinical Health (HITECH) Act, are propelling the uptake of OTP solutions.
OTP vendors will also do well to deploy flexible solutions that are easy to personalise and which integrate value-added services such as eSignatures. In due course, the evolution of security threats and the growth of remote devices will force OTP vendors to expand security mechanisms to cover actions such as SIM verification.
"Competition and market maturity have made digital identification deployment both affordable and faster," noted Georges. "To thrive in this dynamic environment, OTP vendors should accelerate their progress toward this technology in the next two to three years."