For continuous authentication tools to take hold in the enterprise, much more research and development is needed to ensure precision. People don’t have the tolerance or patience for inaccuracies. For example, if you are authorized to access a particular Web application and the device continually restricts access, the frustration mounts. You are you but explaining that to the computer requires IT intervention.
Think of it in these terms: You try to enter a bar with a legitimate ID, but the bouncer believes it’s a fake and won’t let you in. You know you have the right to go in, but there’s little you can do. The bouncer has made up his mind. Obviously not being able to get into work devices and Web applications has more severe consequences, as it hinders productivity and your overall livelihood. It leaves you turning to less-secure devices and Web applications, getting less done or potentially compromising confidential information.
It’s unlikely that employees will ever rid themselves of the bad habit of device and password sharing – a recent survey shows 46% of respondents share logins with multiple users. The onus to recognize these challenges and amp up security falls on you.
While continuous authentication is still in its early stages, businesses are adopting technologies like context-based authentication that define trust by contextual elements such as user role, geolocation, device type, device health and network. When you log into a Web application, contextual factors are analyzed and access is granted or denied.
Beyond authentication lies authorization – what you can and can’t do within the application. If you are already logged into a Web application and move from the trusted corporate network to an unknown wireless network, context-based authorization can dynamically re-shape the features, functions and data that you are able to access.
What’s clear is continuous authentication needs to evolve into a more accurate and proven method before enterprise adoption is seen. But once this step is taken, the security and convenience it provides will be an ideal fit for today’s increasingly mobile workforce.
Walters is SVP of security products at Intermedia.
Sign up for CIO Asia eNewsletters.