Page 24 - index
P. 24
Context-Based Authentication for the Enterprise
By Reed Taussig, CEO, ThreatMetrix
Today’s enterprise employees use their own devices on the job more than ever before,
leading to a consumerization of enterprise IT. As the workforce connects onsite and remotely
to critical enterprise applications using personal devices, sophisticated security measures
are needed now more than ever before. Bring-your-own-device (BYOD) is now a business
reality, leaving corporate IT with little visibility or control over the devices that employees and
contractors use to access both critical and non-critical applications.
In this fast-changing IT environment, traditional access security controls – such as password
verification and cumbersome two-factor authentication – are becoming increasingly obsolete.
Today’s employees accessing mission-critical applications look like consumers on business
websites and must be treated as such. Enterprise security practitioners must find new
approaches for securing access to corporate data to address this major source of risk
exposure.
To overcome archaic security measures and efficiently secure today’s workforce, enterprises
must implement a comprehensive security solution that includes context-based
authentication, which establishes trust for each account login based on fully anonymous user
identity, device usage, geo-location, behavior and other factors without compromising
consumer identity or workforce efficiency.
In fact, Gartner estimates that by the end of 2016, more than 30 percent of enterprises will
rely on contextual authentication for remote workforce access. [Source: Gartner Magic
Quadrant for User Authentication, 2013]
Enterprise Challenges with BYOD
Remote workforce logins are open to the same types of misuse and abuse as consumer-
based applications with potentially far greater business risk. A cybercriminal or internal threat
logging into an employee’s account using stolen credentials can do far greater damage to a
company than a customer using a stolen credit card.
Enterprise security professionals must walk a fine line when it comes to securing workforce
access to applications. Cost-effectively mitigating the risks of data breaches must be a top
priority – no company wants to end up in the news headlines because of a data breach.
Conversely, security must be balanced with the user experience so as not to create friction
or negatively impact workforce efficiency.
Time-consuming authentication techniques will erode overall productivity. Worse, the more
inconvenient the security system, the more motivated the workforce will be to find ways
around it.
24 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
