Today, there are more users in more places accessing more applications in more ways than anyone could have imagined even 10 years ago\u2014and also, unfortunately, more openings for identity thieves.In "Transforming secure access to take on today's cyber threats," I described how protecting against attacks comes down to making authentication pervasive, connected and continuous. That\u2019s the path to achieving secure access that works everywhere, from ground to cloud; works with other parts of the security ecosystem to thwart threats; and works all the time to make it harder for attackers to get in and do damage, while making it easier for legitimate users to access to the resources they need.Let\u2019s take a closer look at what each of these qualities of entails and why they\u2019re so critical to transforming secure access to meet modern workforce demands.1. Pervasive: Enabling secure access at all points across applications, devices, users, environmentsOne thing becomes clear as the number of applications, users and points of access grows: The more points of vulnerability you have, the more you need a single authentication platform that pervades all of them. Users struggle to maintain multiple sets of credentials based on where an application resides or how they access it, while identity and security administrators struggle to secure multiple points of access and manage a variety unique approaches to authentication and access. They may turn to SSO and password synchronization solutions to connect these \u201cislands of identity,\u201d but that can create the risk that attackers will use weak credentials and security controls to compromise applications that may not be their true intended target \u2013 and then, once they\u2019ve infiltrated, move silently and laterally to the real information jackpot.The authentication and access solutions you deploy need to be pervasive. They should be able to identify and authenticate a user regardless of where the application resides or how the user is accessing it. They must not only work in our new world of multiple cloud environments, but also your on-premises applications and infrastructure, including virtual private networks (VPNs). At the same time, they need to address how users identify and authenticate themselves to desktop and laptop devices. Only when you can provision secure access controls everywhere from desktop to cloud can you provide uniform visibility and control for IT, as well as a common and easy access experience for users.2. Connected: Sharing information and insights across the security ecosystem to strengthen securityOne of the secrets of cyber attackers\u2019 success is their willingness and ability to share information\u2014on underground web forums, through messaging apps, and even on Facebook and other mainstream social media. Think about how bots typically operate, too: not alone, but as an orchestrated group, each taking direction from a command and control server. But when it comes to the security solutions that are deployed to fight cyberattacks\u2014next-generation firewalls, SIEM systems, identity and access management solutions\u2014these tools and the teams that use them are typically walled off from each other. They collect enormous amounts of valuable data about threats, but don\u2019t share it in any meaningful way.A critical step in transforming secure access to take on today\u2019s threats is to make sure security resources are as closely connected as the attackers and their tools. For example, if a threat detection system that spots suspicious devices or user behavior can share that information with the access management system, then the latter can immediately impose additional authentication requirements. Or if an application is shown to have critical vulnerabilities, the system can respond automatically by requiring additional authentication or blocking access. With this connected approach, organizations can verify identities outside the login box, and in direct response to other security systems. It also promotes coordination between access control and identity governance solutions, to help ensure user access is always appropriately aligned to permissions and entitlements as users change roles, or as they leave the organization altogether.3. Continuous: Constantly collecting and analyzing information to stop attacksAs we incorporate identity more pervasively within our environment and start connecting silos of information, we need to think about how to continuously asses our assurance that someone is who they say they are. I am by no means suggesting that we ask users to reauthenticate every five minutes. This would not only slow them down; it would likely cause a mass exodus. I am advocating instead for automated identity and authentication solutions that work transparently in the background, collecting and analyzing information to continuously assess our assurance of a user\u2019s identity. Look for a solution that can:Continuously collect identity insights to create a benchmark for \u201cnormal\u201d access behavior, so that it\u2019s easier to spot abnormalities (such as logging in from an atypical location or at an unusual time, or logging into an application the user has never accessed before)Monitor threat intelligence information to learn about risk factors such as devices that are contaminated with malware or IPs that are being used for malicious activityCreate an identity assurance score that enables a running assessment of the degree of confidence in a user\u2019s identity, based on whether the user deviates from normal accessRecognize and learn from changes in risk profiles and adapt accordingly to ensure the level of access control is always appropriate to the level of riskIdentity assurance that is pervasive from ground to cloud; connected communication and cooperation among all the components of the security infrastructure; and continuous assurance that someone is who they claim to be: They\u2019re all part of the secure access transformation that\u2019s essential to meeting today\u2019s modern security challenges.