Digital transformation is moving more of the modern workforce into digital workspaces where organizations can deliver any app on any device—including personal devices—and more easily manage the growing number of apps and devices the workforce relies on today. The key to maximizing the effectiveness of these access-anywhere workspaces is making sure they are as secure as they are convenient. And that's where multi-factor authentication comes in.
Add Multi-Factor Authentication to Get the Identity Assurance You Need
If a user already presents a set of credentials (usernames and passwords) to access applications and other resources in a digital workspace, then why do you need multi-factor authentication? Credentials-based access works as long as the credentials the user presents actually belong to that user. There's always the risk the password has been stolen—and it's a significant risk when you consider 81% of hacking-related data breaches today are password-related.
With multi-factor authentication, users can provide assurance that they are who they say they are, using a variety of convenient authentication methods, such as biometrics, push notifications, one-time passcodes, and hardware and software tokens. You need a broad range of methods to ensure all users in your organization can authenticate no matter where they are or what the circumstances. For example, a method that's ideal for mobile users may not be practical in a call center, where mobile devices aren't used and a hardware token makes more sense. The authentication solution you choose should provide maximum flexibility to meet a range of digital workforce needs.
Choose a Risk-Based Solution to Minimize Friction for Users
A risk-based multi-factor authentication solution will only ask for additional authentication when it detects a high enough level of risk to warrant it, based on the security policies your organization defined. Risk-based multi-factor authentication employs sophisticated risk and behavioral analytics capabilities to gauge the degree of risk an access attempt poses, based on context. For example, is the user logging in from a known and trusted device, or one they've never used before? Are they in the office or are they in an unexpected location or geographic region? Is the IP address within normal behavior patterns? Are they trying to access sensitive data on a critical application server, or something as innocuous as the cafeteria menu?
By taking all these contextual clues into account, a risk-based solution can determine whether it's reasonable to ask for more assurance from the user. And if the solution has machine learning capabilities, this type of information can become something it "knows" and automatically takes into account for that user—further reducing the need to ask for additional authentication unless anomalous behavior warrants it.
Get More Done with a Solution That Extends Beyond Digital Workspaces
Keep in mind that even though a digital workspace may be an essential part of your digital transformation, your operations likely still rely on a VPN and other resources not part of the digital workspace environment, or there may be on-premises applications not accessible through the digital workspace. Access security at those points can also benefit from multi-factor authentication. To reduce costs and increase operational efficiencies, look for a single solution you can apply beyond the digital workspace, rather than investing in multiple point solutions for different resources.
Digital transformation is creating a wealth of new opportunities for organizations that embrace it, but at the same time, it can also introduce digital risk. Adding multi-factor authentication to digital workspaces is one way organizations can transform secure access to help manage that risk.
# # #
This is the fourth in a series of posts about transforming secure access in five key areas to address today's changing access landscape. To learn more about transforming secure access in other key areas, watch this space for other posts exploring the rest of the five areas in depth. And in the meantime, sign up for the RSA webinar series Access Transformation in Action.