Information Technology Reference
In-Depth Information
Figure 4 systematizes the determined success factors. While boxes for
strong
and
moderate
success factors feature solid lines, weak items are labelled with a
broken line. The figure points out that, according to expert judgement, factors
regarding the ease of adoption and the reduction of involved risks are more
important than items related to the perceived usefulness of AaaS. These should
be regarded by service providers in order to provide attractive authentication
products to the market. Here, particularly the importance of security-related
factors is supported by related literature and current research [e.g., 11, 14].
All in all, due to the size, quality and composition of the expert panel, we
assume reliable results of this
Delphi
study for the German-speaking area.
5Conluon
This paper systematically investigates the development, relevant application
fields and success drivers of cloud-based services for multi-factor authentication.
For this purpose, a 3-rounded
Delphi
survey was conducted with 24 experts
of the German-speaking area. The results indicate the significantly increasing
importance of such services for both organizational and user-centric applica-
tions. Certain application fields were identified to be less or not relevant from
a practical point of view. Moreover, seven success factors regarding applied au-
thentication methods, the cloud service design and provider attributes have been
identified. Authentication service providers might use these results to effectively
direct development, certification or marketing programs. Future research should
focus on security controls of such services and on system and interface design.
References
[1] Allen, J., Gabbard, D., May, C.: Outsourcing Managed Security Services. Security
improvement module. Carnegie Mellon University, Software Engineering Institute
(2003)
[2] amazon web services: AWS Multi-Factor Authentication (2012),
[3] Braz, C., Robert, J.M.: Security and usability: the case of the user authentication
methods. In: Proceedings of the 18th International Conferenceof the Association
Francophone d'Interaction Homme-Machine, IHM 2006, pp. 199-203. ACM, New
York (2006)
[4] Clarke, N.L.: Transparent User Authentication - Biometrics, RFID and Be-
havioural Profiling. Springer (2011)
[5] Cowan, N., Morey, C.C., Chen, Z., Gilchrist, A.L., Saults, J.S.: Theory and mea-
surement of working memory capacity limits, pp. 49-104. AP (2008)
[6] Cranor, L., Garfinkel, S.: Security and Usability. O'Reilly Media, Inc. (2005)
[7] Forrester Research: Authentication-As-A-Service: A commissioned study con-
ducted by Forrester Consulting on behalf of VeriSign (2009),
[8] Gomi, H.: An authentication trust metric for federated identity management sys-
tems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS,
vol. 6710, pp. 116-131. Springer, Heidelberg (2011)
