Intel's granular trust model is somewhat unique because it integrates multiple technologies, such as risk-based authentication and geolocation. Gartner analyst Gregg Kreizman says lots of vendors have products with some of those capabilities. Examples include Adaptive Authentication tools from EMC's RSA security division and Adaptive Access Manager from Oracle.
Proximity to replace passwords?
Intel's next goal is to eliminate passwords by using so-called proximity technologies. Maintaining multiple passwords across multiple sites and applications is a beast of an issue for Intel, but Harkins is starting to see emerging technologies that could enable IAM products to use contextual data to verify users' identities with the help of voice, biometric and facial recognition systems.
"If my phone is proximal to my laptop, my wireless is on in the building, I badged in this morning to the building, the [laptop] camera sees me, the mic can hear me — why even ask me for a password?" Harkins says. "When you start tying those elements together, I think that ends up being a stronger multifactor authentication that's more resistant to advanced persistent threats or misuse by someone who's gained physical control of the device — and a much better user experience because I don't have to remember all of those passwords or go through all that complexity."
If an employee wanted access to highly sensitive data on a system, a policy setting could be put in place that authenticates the employee but still asks for an extra level of security, such as a one-time password sent to his smartphone that can be used as another authentication mechanism, Harkins adds.
Preventing the loss, theft or misuse of devices
Proximity technology could even prevent devices from being lost, stolen or tampered with, Harkins says. Many employees forget to lock their computer screens when they leave their desks. With proximity technology, Harkins foresees screens locking automatically when an employee walks 10 feet away. The device would know that the employee was out of range because her employee badge or smartphone would go with her. When the employee gets 100 feet away, the device would be automatically encrypted.
Such technology exists today. It's now a question of integrating multiple technologies and coupling that into the company's infrastructure for policy decisions.
"We're moving toward more contextual and adaptive-based authentication," Kreizman says. "Things that mobile devices now help support — such as cameras in the phone or tablet, the voice interface and voice biometrics, GPS, touchscreen interfaces, cell tower location, IP address — are coming together to reduce the friction for users, and we're moving toward this notion of not having to overtly authenticate."
Rules to follow
There are still some wrinkles that need ironing out. For starters, IAM systems aren't easy to deploy at companies with BYOD policies because not all devices, operating systems and platforms are created equal. "If I've got Handheld A, and I don't trust it as much [as other devices] then I'm going to let it have access to [only] certain apps and data," Harkins explains.
Sign up for CIO Asia eNewsletters.