When managing identities and access today, there’s no question which route you need to take: It’s the one paved by identity assurance, where all roads lead to a higher level of confidence. A place where you can be sure that users accessing critical resources are who they claim to be, and not just who their credentials say they’re supposed to be.
After all, credentials can be stolen. In fact, according to the latest Verizon Data Breach Investigations Report, 81% of hacking-related breaches last year leveraged stolen or weak passwords. That’s an increase of almost 20% over the previous year. As the problem accelerates, it's up to today’s IT security teams to get in front of it. That means moving past simple authentication, using the right information and tools, and following these tips:
Know What’s Normal
Knowing whether someone is who they say they are starts with recognizing them at the outset of access. That’s why a crucial aspect of high-level identity assurance is having enough relevant information about users and their behaviors to provide a clear picture of access risk. For that, you need an authentication solution that’s capable of recognizing normal user behavior – and spotting anomalous behavior, like a login from a suspicious location or a new device. Advanced capabilities, such as machine learning, make a science of this and track user access behavior over time to recognize patterns and set the authentication bar accordingly.
Consider the Context
Business context is the term that defines the who and what of access requests, both of which can inform the authentication process. If the “who” is a user with limited access, for example, a different level of security might apply than for an administrator with greater access privileges. Similarly, if the “what” that’s being accessed is a highly-sensitive resource, the bar should be set higher than for a cafeteria menu.
Watch for Signs
There are signs (both inside and outside your IT infrastructure and environment) that can alert you to security issues. An authentication solution that analyzes information from these signs is invaluable for identity assurance. For example, what if a threat detection system picks up on a suspicious activity – and then communicates that to the authentication solution? It could either block access or require an additional layer of authentication for the user to confirm their identity and deliver the assurance you need.
Be Ready for Anything
When many kinds of users request access from diverse locations and situations – at the office, working remotely, on a plane – you need flexible authentication mechanisms to respond to a wide variety of needs and preferences. Pave your way to higher confidence in user identities with a multi-factor authentication (MFA) solution that offers a range of choices, including push to approve, one-time passwords, biometrics, SMS, and hardware and software tokens.
Learn more about mapping your route to identity assurance in this infographic.