In all successful data security systems, the goal of the organization should be to combine multiple authentication strategies with the right combination of enterprise security solutions to better assure the organization that the user on the opposite end of the online transaction is the person the company expects to be executing that specific transaction. 

Authentication is only one component of an overall defense-in-depth strategy where an organization deploys an integrated multi-layered program (and related technologies) for optimal protection. However, strategies and technologies that protect an organization against an attack that exploits errors and weaknesses will be much less effective if someone can pretend to be a legitimate user. The reverse is also true: if an application is not properly written and is vulnerable to cross-site scripting (XSS), session hijacking, and SQL injections, then multi-factor authentication will not be as valuable in mitigating overall online fraud.

Many organizations have already invested time and resources into various technology solutions that help increase the security and risk mitigation posture of the enterprise. Adding functionalities like strong two-factor authentication with security information management (SIM) appliances and systems, sometimes called security information and event management (SIEM), can help organizations in their goal of collecting data for further analysis of security events and detecting malicious activity.

This additional layer of forensic information from authentication logs can be used in different ways. One would be for a cross correlation of known bad IP address that are attacking the enterprise firewall or application. If the enterprise has flagged an IP address that has performed suspicious actions such as a denial of service attack (DoS - DDoS) and a particular IP address is the same as that of users who are authenticating to the portal, the organization would be able to report this and raise a security event or alert for further investigation for proper controls and restrictions. If an organization has access to a set list of global “known bad IP addresses” gathered from security organizations that offer this as a paid service, this IP address list can be cross correlated with internal authentication logs and therefore provide higher levels of assurance that an organization’s portal users are not fraudsters. 

Including authentication as part of a strong Data Loss Prevention (DLP) process can help organizations have better control of the type of data that is leaving the organization and who is accessing this data. Organizations must discover, monitor, and protect all PII. Disk encryption, host intrusion detection and prevention, end-point protection, anti-virus, firewalls, network-access controls, and many more of the most commonly used security solutions will not be as valuable to the organization if the authentication process is based on just username and password because with weak authentication attackers can bypass security measures by pretending to be legitimate users.