KuppingerCole & HID Global Review the Latest Trends in Advanced Authentication Solutions
At HID Global, we believe in partnering with world-class experts to develop, refine, and implement industry-leading authentication solutions. That’s why we were delighted to partner with KuppingerCole to review and understand the latest authentication trends. Here is a summary of the topics reviewed, presented at a recent webinar:
- Business Requirements for Authentication Solutions
- Zero Trust
- Workforce Identity
- User Preferences and Trends in Authentication
Our presentation and analysis focused on authentication solutions and trends as well as how vital good identity and access management is to the modern enterprise.
The Importance of Modern Authentication Solutions
Cybercrimes, and the reputational and financial damage to businesses that suffer from them, rise every year. It’s estimated that the cost of breaches, identity theft, and other cybercrimes will double, from $3 trillion in 2015 to $6 trillion in 2021. Advanced authentication prevents 70% of account fraud, meaning that security teams can focus their efforts on attacks that are more difficult to stop. Identity and access management (IAM) is changing too, with more and more employees moving to location-independent working and access through mobile devices. Authentication solutions are increasingly moving away from passwords, driven both by new authentication trends and employee demands. This makes it critical to choose the right advanced authentication platform, that can combine ease of use with the right security policies and credential management while functioning across the largest range of devices and endpoints.
The Latest Trends in Authentication
Cybersecurity technology evolves quickly, and it’s important to balance that technology against your security policy needs. Three of the main trends are biometrics, mobile authentication, and risk-based authentication. Types of Biometric Authentication Proving your biometric identity means using “something you are” to authenticate yourself. This could range from a fingerprint to an iris scan as a security credential. The types of biometrics you can choose from include:
- Fingerprints: Pattern matching of the unique factors of fingerprints.
- Facial recognition: Identification and measurement of points on the face.
- Voice recognition: Voiceprint analysis against a known, good baseline.
- Iris recognition: Scanning the eye for the pattern in the iris.
- Behavioral biometrics: Using subtle factors like typing style, swipes on a mobile device, dwell time, and technical identification.
Each of these areas has advantages and disadvantages, so customizing biometric authentication and making that authentication easy to use is critical. Mobile Authentication Mobile authentication has been embraced by device manufacturers. The latest IAM platforms can integrate with on-device and other factors to authenticate users across a variety of areas:
- Secure mobile apps using features like SDKs and secure enclaves.
- Mobile push notifications that let you swipe or accept to authorize.
- Built-in mobile biometrics like fingerprints and facial recognition.
- SMS one-time passwords for one-off authorizations.
- The FIDO 2.0 architectural standard for mobile.
Risk-Based Authentication More and more IAM platforms are moving to a risk-based authentication approach. This is an adaptive and continuous approach that constantly evaluates how people are trying to access your systems and data, and then challenges them to provide multiple authentication factors based on perceived risk. Smart algorithms can quickly establish the level of authentication needed, matching convenience against the need to maintain a secure environment.
Evaluating Business Requirements for Authentication
Business authentication and IAM needs will differ based on sector, industry, size, workforce location, and several other factors. Some of the main drivers are:
- Fraud minimization, from transaction-level analysis and comparison of multiple risk factors associated with fraud.
- Regulatory compliance with government, industry, and other frameworks.
- Risk-appropriate authentication that manages the friction of authorization against the sensitivity of data and systems.
- Security policy compliance that allows fine-tuning of technology to meet overall corporate and cybersecurity strategies.
- Ease of use to drive better, more fulfilling authentication interactions with employees and customers.
- Integration with multiple types of devices, both the latest technology and some legacy phones, tablets, and computers.
Public Key Infrastructure (PKI) and the FIDO framework are some of the strongest foundations for new cybersecurity technology. Both PKI and FIDO use public key cryptography to securely identify users and provide a secure ‘password-less’ environment. FIDO uses a device-generated key pair registered between a user and a service, whereas PKI uses a publicly trusted digital certificate and enables wider security applications such as secure document/email signing and encryption.
User Preferences and Ease of Use
Introducing strong authentication requires a careful balance between robust security and minimizing user friction and frustration. The easier that an authentication solution is to use, the more likely that employees and customers will happily use the system. Users Want More Authentication Options Passwords are often the weakest link in the security chain, so it’s not surprising that both businesses and users are looking for better ways to authenticate. Fortunately, modern credential management systems provide lots more options. From biometric authentication to security tokens, and device usage analysis to location and time-of-day access, IAM platforms can use smart algorithms to implement varied credentialing needs. BYOD Maximizes the User Experience Other features that can create a frictionless user experience include a “Bring Your Own Device (BYOD)” policy that lets users employ their own devices to access your business systems. Users don’t have to learn new ways of doing things, meaning more productivity and ease of use. Modern risk-based authentication solutions can often integrate with a diverse range of existing devices to provide strong protection across both a standardized and a BYOD environment. As you can see, all of these trends mean that IAM and cybersecurity are evolving fast. HID Global’s flagship products like DigitalPersona® make it fast and easy to roll out strong IAM across the business without compromising on the user experience. Learn more about what’s possible with modern advanced authentication. Get the latest blogs on identity and access management delivered straight to your inbox. John MacInnis, CISSP, is a Product Marketing Manager for Identity and Access Management (IAM) Solutions. A former SW engineer, he has a background in cybersecurity and has held product marketing, product management and technical marketing positions at Philips Healthcare, Cisco, Intel and Phoenix Technologies. About KuppingerCole KuppingerCole Analysts, founded in 2004, is an international and independent analyst organization headquartered in Europe. The company specializes in offering neutral advice, expertise, thought leadership and practical relevance in Information Security, Identity & Access Management (IAM), Governance (IAG), Risk Management & Compliance (GRC) as well as all areas concerning the Digital Transformation. KuppingerCole supports companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges.