In the relatively quick journey from don’t-even-think-about-bringing-your-own-device to please-absolutely-bring-your-own-device, identity management has experienced some dramatic transformations. And it’s still evolving now, as security policy continues to move away from limiting user options and toward expanding them.
Organizations haven’t taken long to come around to thinking that giving users more ways to access the resources they need is the best way to take care of business in the age of mobile and cloud. Who hasn’t figured out by now that trying to confine people to employer-issued devices and employer-approved applications is just plain counterproductive? It slows people down, makes them less efficient and ends up driving them to find ways around the rules anyway.
So instead of continuing to resist more openness, organizations find themselves looking for ways to embrace it. It’s a challenge, to be sure, because more openness by definition invites more risk. And on that quest to find the holy grail of delivering access that’s both convenient and secure, identity has a pivotal role to play.
Making the Move From Identity Management to Identity Assurance
At RSA, we’re providing the path to convenient and secure access in an approach that focuses on identity and access assurance as a way to deliver the confidence of knowing that users are who they say they are and are accessing only what they should be. If you can be assured that people are who they claim to be when they seek access, you can free them to do more with fewer restraints on them. The challenge is to get that assurance without placing undue demands on users to provide it. To that end, we’re focusing our efforts on approaches to authentication that reduce the onus on the user without compromising security.
For example, if you detect a user connecting to the network on the same approved device in the same manner they use every day, or signing into applications they rely on all the time, then that presents relatively little authentication risk. But what if there’s something different this time? Perhaps they’re trying to sign into an application for the first time, or they’re using a different device from a different location. How do you contain the potential risk without burdening the user?
We have a few thoughts on that: You can get identity assurance with contextual clues and anomaly detection, as in the example above; by using machine learning to help recognize behaviors that will provide assurance; and by having a rich ecosystem of data sources to provide as much information as possible to learn from. And if you do have to require step-up authentication in real time, having a broad range of flexible multi-factor authentication choices (e.g., mobile push notification, fingerprint scanner and eyeprint reader) will give the user freedom to choose the most convenient path.
Convenient, Secure Access Is the Whole Point of RSA SecurID® Access
We’ve seen some new two-factor authentication solutions that respond to the need for more convenient access by providing it at the expense of security. And we’ve seen others do just the opposite, attempting to manage risk by weighing down users with cumbersome requirements. Neither approach, frankly, recognizes the possibility—really, the necessity—of reconciling those two approaches. Ultimately, you have to balance the two, which is the whole point of identity assurance.
That brings us to RSA SecurID® Access, the solution that achieves the elusive balance between convenience and security through identity assurance. RSA SecurID Access provides a range of authentication options to keep users happy and also keep the business secure. It allows for access policies that gauge risk from contextual clues and enable risk-based authentication decisions. With it, the security team has the control over access that’s needed to keep the organization safe, and business users have the freedom and flexibility to keep moving forward.