To achieve optimal security in today's rapidly evolving computing environment, companies are turning to sophisticated authentication mechanisms. Next-generation authentication is identity and access validation that adapts to protect assets against both static and continuously changing variables. This type of authentication needs to accommodate the following:
- The burgeoning of bring-your-own-device (BYOD) trends
- The growing reliance on programs and services that are not authorized at the corporate IT level
- The explosion of the Internet of Things (IoT)
- The proliferation of software-as-a-service (SaaS) and other cloud services
These infratructure changes necessitate much more flexible and sophisticated authentication methods. In essence, the old way of doing things-for example, using passwords only-just won't suffice. There are simply too many known and developing identity-related threats, and too many reasons for users to shun legacy controls.
A Multidimensional Security Environment
Authentication environments can be visualized as rotating, four-dimensional expanses that are composed of time, space, users, and peripherals such as device dimensions. There are numerous considerations that must be taken into account. For instance, what time did the user log in? From what location? From what device? Advanced authentication is required to accommodate these multidimensional characteristics.
To add more complexity on top of these dimensions, permitted users must be able to easily interact with the authentication controls. If the system is complicated or difficult, employees and other authorized users may introduce unseen risk factors into the system. For example, a system that uses passwords as one authentication value can be weakened if actors use redundant or easily replicated passwords.
Another usability factor to consider is the impact of using biometric authentication such as fingerprints or iris scans. Some users are resistant to authentication measures which they view as invasive, particularly when they are imposed by employers or regulatory authorities.
Because of these complexities, many organizations opt for single sign-on systems in which employees only need to authenticate once at a single point in time. While single sign-on does provide ease of use, it also provides ease of unauthorized access if improperly configured. For these reasons, a multidimensional security approach is necessary to an enduring next-generation authentication strategy.
Adaptable Mixtures of Advanced Authentication Tools
Next-generation authentication mixes authentication models that are context- and risk-based. Context-based authentication examines what is going on around the attempted login to see whether everything checks out with the user and the environment, while risk-based authentication increases the complexity of access according to the value of the information or capabilities in question.
Experts advocate for context-based aspects of next-generation authentication because they provide "granular levels of access based on contextual factors such as who the user is, what device he is using, where he is accessing information from, and the sensitivity of the resources he is attempting to access." These tactics can then be combined with risk-based authentication, which is integral to meeting the flexibility requirements of next-generation security systems and has the additional benefit of vastly improving the user experience. Stronger and more complex authentication techniques that require more user engagement or effort are only utilized for the most sentitive resources or the riskiest observed behavior.
Today's intrinsically variable computing environment, composed of fixed and moving parts in an endless number of configurations and settings, requires sophisticated and multifaceted authentication to enable security systems to fluidly adapt and perform. These new authentication paradigms combine advanced methods such as context- and risk-based authentication to deliver both increased security and increased user convenience.
Category: RSA Fundamentals, Blog Post
Keywords: Authentication, BYOD, Internet of Things, IoT, Next Generation Authentication