R-Evolution: The Evolution of Risk

Ten years ago, when a user needed to access a corporate application, his or her usage was on a company-owned device and typically confined to company-owned networks. These applications were nicely tucked behind corporate firewalls, and managed by dedicated IT organizations. To identify themselves, users would often enter complex, lengthy passwords when accessing such resources,…

Slow Down! You’re in a Public Environment

These days, if you’re planning to spend time at an airport terminal or a coffee shop – it’s likely that you’ll look for a public Wi-Fi hotspot to connect to, and perhaps a charging station, to make sure you don’t run out of power. While our distraction level is  high when we’re out and about…

Wearables leaking your passwords? We can solve that.

Recently, I wrote about  a newly published white-paper showing the power of wearable devices to help determine if users are who they claim to be, on a continuous basis. The paper describes a method, which in part relies on correlating a user’s gestures and movement on 2 devices in proximity of each other: The user’s…

Continuous Identity Assurance Allows You To Step Away

Have you ever wondered how do applications know if “its still you” 10 minutes after you log in to the app? Suppose you have to join a conference call, leave for a meeting, or take a bio break. As far as the app is concerned, since you haven’t performed any activity for a given period…

Making Smart Choices for Identity Assurance

Good news: in 2015, device makers, OS providers and authentication solution providers all picked up their momentum on initiatives tackling user authentication challenges. Cases in point: the support of fingerprint sensors in Google Android M, the proliferation of Apple Touch ID supporting solutions, Microsoft Windows 10 multi-method biometric support, Samsung’s fingerprint enabled devices, and the…

The Compromised Affair

If people’s credentials are compromised, that is a bad thing. Everybody knows that. But what if those compromised credentials include people’s biometric data? What value does a stolen fingerprint template or an encrypted voice profile provide to hackers? And what steps can companies take to reduce the risk associated with dealing with such information? Six…

Imagine no VPN, it isn’t hard if you try! (Part 2)

The previous segment of this blog described some of the reasons for transforming from a perimeter driven model that uses VPNs/Firewalls to a device-centric, reverse-proxy based approach. As mentioned, the proposed new model is not yet an entirely paved road, and there are challenges. Here are some of them: Inventory data quality; Device identity: To…

Imagine no VPN, it isn’t hard if you try! (Part 1)

A transformation is brewing within IT, requiring the strong need to remove all privileges granted to devices for having “corporate network addresses” and demand end-to-end encryption between apps & services. However, both of these lead to the question: Do we still need firewalls & VPNs? There are many factors behind this transformation, including: An exploding mobile workforce, with a…

Hardware: The Safe Anchor

Last year (a couple of months after Apple’s announced the availability of Touch ID enabled iPhones), I blogged about mobile biometrics, stating the need for biometric solutions to “blend” with the rest of the moving parts of a multi-factor auth ecosystem. Over the past year, a “series” of related events have occurred; we’re seeing both the availability and adoption of various biometric methods and…

The P Word, in an Online World

It’s true: the younger generation of 20 somethings over-share. Not just their birthdates and addresses, but also what they listen to, movies they like to watch, people they like, where they hang out, places they go (or are planning to go to), businesses they used that were awesome, and those that “failed” in serving them.…