The recent Ping-Keyless deal has shed light on a critical issue: the authentication gaps faced by frontline workers. This acquisition, announced by Ping Identity, emphasizes the need for robust identity protection measures tailored to those working outside traditional office environments. But here's the catch: many existing authentication methods fall short when it comes to the unique challenges faced by frontline workers.
Ping Identity's CEO, Andre Durand, highlighted this aspect, stating that the company sought a solution not just for white-collar employees but for the vast majority of the global workforce. According to Beekeeper, a frontline workforce technology company, frontline workers make up an estimated 80% of the global workforce, with Gartner estimating their number at a staggering 2.7 billion worldwide.
So, what are the challenges these workers face when it comes to authentication?
The Frontline Authentication Challenge
Frontline workers encounter several barriers that limit their authentication options and increase identity risks. For instance, many frontline workplaces, such as healthcare, construction, and manufacturing, prohibit the use of cell phones for safety reasons and to prevent distractions. This creates a significant hurdle for multi-factor authentication (MFA) methods that rely on SMS, push notifications, or mobile apps, as these often use phones as the authenticating device.
Additionally, frontline employees often use shared terminals for authentication, which presents its own set of identity management challenges. Insecure practices like password sharing and using sticky notes for passwords are common in shared workstation scenarios, as noted by Yubico, an authentication hardware provider. These practices pose a heightened risk in critical infrastructure sectors, where a lack of user traceability can lead to compliance gaps and devastating consequences, from data theft to critical system shutdowns.
The Role of PPE
Another overlooked aspect is personal protective equipment (PPE), particularly gloves. In environments like hospitals, laboratories, and factories, gloves are widely used or required, and they can make it difficult to type or use touchscreens and fingerprint scanners. This leads to workers either struggling to enter access data while wearing gloves or removing their gloves to gain access, which can be time-consuming and potentially unsafe.
The Impact of Neglecting Identity Protections
The consequences of neglecting identity protections for frontline and critical infrastructure workers are evident in real-world attacks. An assessment by the Cybersecurity and Infrastructure Security Agency (CISA) found that 41% of successful critical infrastructure intrusions involved the abuse of valid accounts. Shared accounts and the lack of MFA increase the risk of such attacks, as seen in the 2021 cyberattack against a water treatment plant in Oldsmar, Florida, and the Colonial Pipeline ransomware attack.
Closing the Identity Protection Gap
Vendors like Ping Identity and Keyless are stepping up to address this gap through more secure and seamless solutions, such as facial biometrics. Ping's acquisition announcement emphasizes the ability for workers to authenticate with a simple glance at the camera, eliminating the need for dedicated devices or password entry. This is particularly crucial in sectors like manufacturing, healthcare, and logistics, where shared workstations are common.
Keyless' technology takes a step further with "privacy-preserving" biometric authentication, using cryptography to protect biometric information from theft or reconstruction. Beyond biometrics, physical security keys and smart cards/badges offer passwordless options for workers at shared terminals without mobile phones. Microsoft Entra ID suggests security keys as a great option for frontline workers, but also highlights the need to consider cost-effective alternatives like smart cards and certificate-based authentication.
RFID-based badges, as noted by ELATEC, a provider of RFID authentication systems, are especially reliable in difficult industrial environments where other technologies may falter. They don't require workers to remove PPE, making them a practical choice.
The Way Forward
The Ping-Keyless acquisition is a sign that the identity industry is recognizing the need to expand authentication options for frontline workers. By addressing these gaps, we can improve security outcomes not only for critical infrastructure but for all industries that rely on frontline workers. But here's where it gets controversial: how can we ensure that these new authentication methods are both secure and accessible to all workers, regardless of their work environment or personal circumstances?
