A layered approach to modern identity
The
way we work is evolving. Traditional desktop computers and laptops are
slowly giving way to the mobile device. From smartphones to tablets, a
growing number of employees are embracing the flexibility that
accompanies such devices. In fact, 55 percent of all email was opened on
mobile devices from May 2017 to April 2017 – up from just 29 percent in
2012.
In addition to keeping tabs on the office, consumers have come to
rely upon mobile devices for a whole host of capabilities, including
mobile banking, shopping and even payments. Today, Americans spend an
average of 5 hours per day on mobile devices – a 20 percent increase
compared to 2015.
With this shift towards mobile access at work, home and everywhere in
between, comes a shift in both user expectations and behaviors. Instant
access to information – anytime, anywhere – is the norm, which means
our tolerance for friction
has greatly diminished. This new attitude allows employees to be more
productive and responsive, and even make more informed decisions.
However, this digital era consumers have grown accustomed to is built on
a house of cards from a security perspective. The apps consumers access
at the touch of an icon or the imprint of a finger are all protected
with passwords
– and with more and more work and personal data moving online, hackers
are having a heyday circumventing passwords to get at this information.
Implementing more rigorous security seems like an easy next step, but
many organizations are slow to adopt new security approaches due to the
presumed negative impact on user experience. Dealing with password
resets and multiple login IDs just doesn’t make sense anymore. The
answer, it would seem, may be right in our hands – using our mobile
device as the foundation to a modern digital identity.
Whether working from laptops or accessing applications straight from
mobile devices, modern digital identity can be virtually transparent or,
at most, require a quick touch of a button to provide instant access
while keeping hackers at bay.
While using mobile devices for authentication is not entirely new,
most implementations such as SMS codes do little to remove user friction
or address more advanced security issues. The answer lies in a layered
approach to intelligent identity – one that blends a number of
technologies, so security remains in the background and only involves
minimal effort from the user when absolutely necessary.
Device reputation
The first step to creating a trusted identity is vetting the device
itself. The more information enterprises can gather on a device and its
activity across the internet, the better. Spot a history of fraud or
malware? That may be enough to raise concerns over the integrity of a
smartphone or tablet.
Similarly, devices that are modified in a way that circumvents native
controls – such as jailbroken iPhones – may face an increased risk of
fraud. Carefully review any and all changes to a device as well as its
history to ensure the device is worth trusting both before provisioning a
credential and maybe once a week or so to keep tabs on device
reputation.
User identity proofing
Once a device’s reputation is confirmed, an authorized user of that
device must be established. Validate a user’s identity during enrollment
using secure registration email links or out of band codes from IT
methods, coupled with identity vetting questions. If you’re looking to
add an extra layer of security, conduct a biometric check of a potential
user. By simply taking a selfie or providing a fingerprint, users can
give you the opportunity to compare biometrics to those on file and
ultimately bind trusted devices to specific employees.
Provision a secure credential
With a credible device and user in place, the next step is to create a
trusted identity foundation using a mobile smart credential. As the
strongest credential-based security you can deploy, a mobile smart
credential helps authenticate employees as they interact with different
portals, applications and VPNs. And since the authentication process
takes place in the background, employees don’t have to worry about
logging in each time they need to access sensitive information. This
extra layer of transparency helps set the stage for a secure and
convenient user experience.
Adaptive authentication
From how they type and swipe to where they’re located to what they
are transacting, each employee works differently. By comparing behavioral analytics
across sessions, adaptive authentication can provide greater insight
into whether a device is being operated by the correct user. With
monitoring constantly occurring in the background, you can rest assured
that anomalies in behavioral biometrics or transactions will not go
unnoticed. If a recognized pattern is broken, the user can either be
denied access or challenged with step up authentication.
Step up user authentication
As the final layer of protection, step up user authentication brings
in the user for explicit acknowledgement. Anomalies in contextual
information gathered as part of adaptive authentication trigger a
security challenge that typically only takes an instant to complete. For
example, a fingerprint or facial recognition
may be required to proceed. By using step up user authentication to
quickly collect a biometric point combined with the sign-on credential
on the device to validate a user’s identity or even a transaction with
minimal impact to the user experience.
The growing importance of mobile devices – both inside and outside of
the office – has sparked the need and opportunity for a modern security
strategy. From identity proofing to adaptive authentication, cater to
the fast-changing lifestyles of today’s workforce using a layered
approach that improves security without sacrificing convenience.
Comments
Post a Comment