29 Aug Is it Time to Evolve Your Authentication Strategy?
Security Brief: Is it Time to Evolve Your Authentication Strategy?
At CyberlinkASP, cybersecurity is one of our core competencies.
With organizations embracing digital transformation, they’re increasingly concerned about protecting their data and controlling who has access to it.
Remote workers, distributed teams, and online users add another layer of complexity because they often need remote access for their jobs.
Organizations often have legal obligations to protect user data in accordance with data protection laws required by specific industries.
Improving your authentication system is one way to achieve this. There are two main authentication methods: multi factor authentication and adaptive authentication. The latter is sometimes referred to as “risk-based authentication”.
This post will provide a brief overview of these methods and explain why it might be important for you to consider upgrading to adaptive authentication.
Understanding Multi Factor Authentication
With the advent of online services and resources, there was an increasing demand for identity and access management (IAM).
For a while, using traditional login methods was enough to provide a secure authentication process. With the rise of the internet, the number of people using computers grew exponentially.
Consequently, cybercriminals have become increasingly sophisticated at cracking user IDs and passwords. They can now use direct attacks and even social media tricks to get into user accounts. One factor authentication leaves companies entirely too vulnerable to data breaches and other cybercriminal activity. Even complex passwords are easily cracked by today’s cohort of global hackers.
Multi-factor authentication was the solution created to mitigate these access management security challenges.
Because multi-factor authentication (MFA) requires a user to verify their identity by providing two or more factors, this security protocol creates an additional layer of defense.
It makes it more difficult for a bad actor to access a system or network. With a “backup” factor in place, even if a single factor is compromised, the attack has to penetrate another defense before gaining access.
MFA can operate using many different authentication factors, most commonly:
- User knowledge or a fact or security answer
- Possession of a device, usually verified with the “one time code”
- Biometrics, like fingerprints
- Location, either GPS or IP address
- Time based usage patterns
- Behavioral patterns, like keystrokes or typing speed
While MFA can be helpful in thwarting a cyberattack by reducing system vulnerabilities, when developing the MFA protocols, the end user experience should be a consideration.
For industries, like healthcare with specific security requirements (HIPAA), a MFA strategy allows data and sensitive information access to be restricted to only authorized users.
MFA also reduces password risk due to people’s tendency to reuse passwords, improves control over access by remote workers and vendors, and minimizes exposure from single sign on unsecured networks or devices.
What is Adaptive Authentication?
Adaptive Authentication, also known as Risk-Based Authentication (RBA) or Adaptive Multi-Factor Authentication (AMF), is a method for verifying user identities by combining multiple factors including user roles, locations, devices, and behaviors. Adaptive authentication uses these contextual factors to identify who needs to be authenticated.
These contextual factors help adaptive authentication systems determine who should have access to which resources. During the session, these factors are continually assessed, providing zero trust, and improving security for both the user and the company.
Adaptive authentication is more dynamic than traditional one-factor or MFA authentication methods since it recognizes security requirements can vary depending on the user role, location or the situation. Because each user, vendor, or partner may need different access rights, IT security policies must allow for flexibility.
An adaptive authentication strategy might implement two-factor authentication to protect against phishing attacks by requiring an extra layer of verification when logging into an account from a different device than usual.
A hybrid employee would be treated differently if adaptive authentication were used depending on whether they were working from their own computer, work laptop, or if they logged into their account from an unknown device from a new location.
Adaptive authentication can convey many benefits and advantages to organizations. While there may be more factors being considered by the system, adaptive authentication provides a better user experience because it requests less direct information from the user.
It enhances the overall security of a company’s data because the system is designed to analyze user behavior and if anomalies are detected, future logins will face greater scrutiny.
Adaptive authentication also increases productivity since employees and vendors aren’t required to constantly input the required multipart authentication responses.
Is Your Current MFA System Putting You at High Risk?
MFA systems have the risk baked right in and for many industries and even those using a hybrid or distributed workforce, it’s time to consider the benefits of upgrading to an adaptive security protocol.
We’d like the opportunity to discuss your business needs and show you how our products, cloud services, and commitment to cybersecurity make CyberlinkASP a cloud partner you can count on.