Trusting that users are who they say they are is a challenge that businesses have faced since the internet entered workplaces.
The most common method of identity assurance is through passwords, but over the years it’s quickly become apparent that they don’t actually guarantee a user’s identity.
In fact, 80 percent of all big data breaches are down to weak or stolen credentials and most people will have, at some point, have received that email with instructions to change passwords after a company’s had a breach. It’s become part and parcel of being online.
Another issue with passwords is that they only identify a user at the start of a session, but what if that person leaves their laptop unattended in a café? Anyone can access their accounts and there is no way of knowing it isn’t the stated user.
These issues are why many organisations are looking for a more robust way to verify users at the start of a session and throughout it. Identity assurance does just this, using rich context at the moment of authentication and continuously throughout to provide evidence of the user’s identity.
Data points taken into account with identity assurance include things like location, device, mobile device, and authentication history and, based on these consistently correlating, allow a user to continue without needing to provide anything else. The technique uses Advanced User and Entity Behaviour Analytics (UEBA), to understand what is normal for individual users and only challenge them when their behaviour deviates from the baseline of normal activity.
Over the years we’ve found out that security has to have a good user experience. It can’t be intrusive, and it can’t require too much input. If it is people either become frustrated or they do what they can to avoid using the solution that’s impeding them.
That quickly negates the point of it. Identity assurance tools therefore need to be proportionate and frictionless, only challenging the user to re-authenticate based on configurable thresholds, or in other words, when absolutely necessary.
Identity assurance can work with any accounts, whether that’s your CRM or team collaboration tools, and provides peace of mind that only your employees have access to company data.
Combining it with multi-factor authentication (MFA) means that you can almost guarantee there are no rogue individuals poking around your sensitive data. As data breaches continue to rise and employees increasingly work outside the office, identity assurance becomes one less thing for the business to worry about.