Governance & Risk Management , Multi-factor & Risk-based Authentication , Next-Generation Technologies & Secure Development
Enhancing Authentication: Status Report
As He Departs NSTIC, Jeremy Grant Sizes Up ProgressIn the four years that he led the National Strategy for Trusted Identity in Cyberspace, Jeremy Grant says he saw significant progress among businesses and consumers in the use of new forms of authentication - yet widespread acceptance remains years away.
Grant, senior executive adviser at the National Institute of Standards and Technology, the federal agency that hosts NSTIC, announced last month that he will step down in April.
President Obama signed an order on April 15, 2011, creating NSTIC, which the government characterizes as a strategy to create a vibrant identity ecosystem where identity solutions adhere to four guiding principles: solutions that are privacy-enhancing and voluntary; secure and resilient; interoperable and cost effective; and easy to use.
"The marketplace has really evolved in my view in a way that aligns pretty significantly with the NSTIC ... and I think we've made good progress toward its implementation," Grant says in an interview with Information Security Media Group.
"When we look at what's in the marketplace today, I don't think the full vision [for enhanced authentication] has been implemented, but we're really seeing big chunks of it are."
Grant cites, as an example, "a huge explosion" in the number of online companies that offer their users two-factor authentication.
In the interview, Grant discusses:
- Consumers' reluctance to adopt new forms of authentication;
- Businesses' struggles to find new authentication offerings that consumers will use; and
- How the identity ecosystem is evolving.
Grant began his career as a Senate aide, where he helped draft the legislation that laid the groundwork for the Department of Defense and General Services Administration smart card and PKI efforts. Afterward, he worked at the government services firm Maximus as head of its security and identity management practice and Washington Research Group as an identity and cybersecurity market analyst. Before joining NIST, Grant served as chief development officer for the consultancy ASI Government.