The Trusted ID is Becoming Central to IT Cybersecurity
The latest technology trends and best practices in advanced authentication have evolved way beyond passwords. The way that employees, customers, partners and others access systems and data is driving change in how IT cybersecurity professionals create strong, safe, protected environments. As businesses move to the mobile enterprise and customers conduct more of their business on-the-go, risk-based authentication solutions are becoming one of the best options. This is especially true for Zero Trust environments and trusted digital IDs.
An Overview of the Zero Trust Framework
The Zero Trust framework, an increasingly common security architecture, drives the need for a trusted ID. The foundation of Zero Trust thinking is that people and devices cannot be trusted until they are verified through an integrated, digital ID service. The approach is built around high-assurance digital identification, especially for authenticating employees. This digital identification depends on risk-based authentication solutions and allows for multiple ways an employee can verify their identity. Secure authenticators can include:
- Which account name they use to access systems and data
- What they know, such as a password or PIN
- What they have, such as a hardware or software-based tokens, one-time password (OTP), or smart card
- Who they are, e.g. using biometric identification like fingerprint, face or voice recognition
- How they use a device, including common gestures, keystrokes, mouse tracking and other user behaviors
- Where they are, by tracking their GPS location, geo-fencing and IP address
- When they act, including the time of day, week, and month and geo-velocity
Assuming a starting point of Zero Trust, risk-based authentication solutions use algorithms to decide how many factors are needed to verify an employee before they’re allowed access to the system. For example, if they’re trying to log in from a new location they may need to provide additional authentication to access systems or data.
The Rise of the Trusted Digital ID
The main advantage of a trusted ID is that a risk-based authentication approach can provide an optimal mix of authentication factors that balance ease-of-use and security. Cybersecurity teams are then able to implement intelligent, policy-driven solutions that adapt to today’s dynamic threat environment. As the number of endpoints, applications, employees and requirements continues to increase, a trusted digital ID can be used to secure all systems, applications and data. Businesses are becoming increasingly location-independent, and the global workforce is growing. Global workers are set to increase from 1.52 billion in 2017, accounting for 39.3% of the global workforce, to 1.88 billion in 2023, over 43%. This shift away from traditional, desk-based workplace roles means enterprises have never had a greater need to properly authenticate employees. Trusted digital IDs are the answer.
The Latest Trends in User Authentication
As a risk-based authentication vendor, we’re seeing interesting and exciting new trends in the cybersecurity industry. In addition to multiple authentication and credentialing factors, combined with algorithms, the way teams issue credentials is also changing. Modern credential management systems allow for the remote issuance and delivery of credentials to trusted users. Administrators can issue cryptographic credentials directly to devices, and virtual credentials can be issued remotely or locally. The use of biometrics is expanding too, with fingerprint and face recognition coming standard on many modern mobile devices. Risk-based authentication vendors can take advantage of these technologies, ensuring full integration across the enterprise. Secure mobile ID is becoming increasingly important. As more businesses move to a “Bring Your Own Device” approach, consistent mobile ID technology is a key enabler for creating trusted digital identities.
The Move Toward Continuous Risk-Based Authentication
Continuous risk-based authentication, the process of verifying employees based on multiple credentials, is adaptive and customizable to any industry. Authorization needs vary widely and there’s often been a disconnect between application/data access and physical access. Whereas one type of access has traditionally relied on logins and passwords, the other has primarily operated on smart cards and PINs. Risk-based authentication and Trusted IDs bring those two worlds together, allowing businesses to use one authentication platform to provide access to facilities and systems. Risk-based authentication can support any number of authentication scenarios across the enterprise. Because you have so much choice when it comes to credentials, it’s easy to create granular cybersecurity policies that balance convenience, speed and security. Behavioral analytics are a key part of security evolution, taking into account the subtleties of user interaction, device usage and other idiosyncrasies as yet another part of the authentication toolkit. Importantly, it’s very difficult to fake or fool behavioral analytics, making it a central part of any digital identity platform.
The Benefits of Cloud-Based Authentication and Credential Management Services
More and more businesses are moving to cloud-based solutions, and authentication and credential management services are no exception. It’s easy to understand why:
- Low, transparent and understandable total cost of ownership: Cloud-based authentication vendors typically offer transparent pricing, based on services and total seat count. This makes it easy to understand budget requirements and cybersecurity spending.
- Subscription-based services: Cloud solutions means there’s no need for one-off licensing and payments. Instead, you get continually updated software with the latest features and functionality.
- Fast deployment: With no need for local installs, many cloud-based security platforms work out-of-the-box with minimal configuration. This makes it fast to deploy authentication across the environment, allowing you to set and refine access policies as you go.
HID Global’s advanced approach to intelligent authentication is DigitalPersona®. The solution incorporates an adaptive, risk-based methodology, providing users a frictionless authentication experience. Through our family of solutions, our partners and customers can ensure trusted identity authentication and lifecycle management for people, places, and things. By offering the broadest choice of authentication factors, we ensure the security of trusted transactions, physical and logical access, and digital engagement needed to stay agile in today’s highly connected Zero Trust environments. Visit HID Global to learn what’s possible with modern, advanced authentication. Get the latest blogs on identity and access management delivered straight to your inbox. John MacInnis, CISSP, is a Product Marketing Manager for Identity and Access Management (IAM) Solutions. A former SW engineer, he has a background in cybersecurity and has held product marketing, product management and technical marketing positions at Philips Healthcare, Cisco, Intel and Phoenix Technologies.