Breach Prevention: A New ApproachCA's Charley Chell on Passwords that Can't Be Stolen
Amidst a year of high-profile and costly data breaches, what can organizations be doing to help ensure they aren't the next victims? Charley Chell of CA Technologies discusses new authentication solutions.
In the wake of breaches such as Target, PF Chang, SuperValu, business and security leaders are well aware of the hard costs of such incidents - lost business, legal costs, regulatory fines. But the so-called soft costs are often overlooked.
"The soft costs are the bigger part of [breach impact]," says Chell, senior director of product management in CA Technologies Advanced Authentication line. "In a lot of cases, customers may end up going somewhere else with their business. The brand damage is just huge."
Because compromised credentials are often the entry point as well as the bounty of a breach, CA Technologies has been working to develop new solutions that eliminate the need to store and transmit passwords. Chell is enthusiastic about this authentication evolution.
"We have a solution that looks like passwords to end-users, but under the covers it doesn't actually store them," Chell says. "As crazy as it sounds, we can create a solution that doesn't store the passwords - doesn't require that they live anywhere but in the users' minds."
In an interview about breach prevention and authentication, Chell discusses:
- The most overlooked consequences of a breach;
- Why passwords are so susceptible to attack;
- How organizations can eliminate the need to transmit and store passwords.
Chell is Senior Director for Product Management for the CA Technologies Advanced Authentication product line. He focuses on risk-based authentication and fraud management and consults with many CA customers on their fraud and threat detection practices. Chell brings years of experience in payment and fraud management. Prior to joining CA, he directed product management and development teams at several leading eCommerce and eBanking companies, focusing in diverse areas such as on-line banking security, electronic commerce, back office fraud investigation, credit card and alternative payment.