Access Simplified
With how incredibly broad the term "CyberSecurity" can be altogether, the one subcategory that has always maintained my interest is access and authentication. While that sentence in itself may put some people to sleep, it is important to note how relevant those two topics are to everyone's daily life. Throughout a given day, every one of us goes through countless processes of authentication from the moment we wake to the moment we sleep.
Think about it, your day starts and whats the first thing you do? You check your phone. That phone likely has a passcode or biometric at the point of access. Then once you are in, depending on the application you want to check, you must again provide credentials or some form of authentication to access that mobile application.
You leave your home and approach your car, in order to unlock and start your car, you must use a key. From there when you arrive at your work building, it's likely required that you use some sort of key fob to enter the office. Once you get to your desk and set up your laptop you then must authenticate into your machine. After you have accessed your machine you then may need to access programs or applications internally that again require some sort of authentication. Lunch time rolls around and you purchase a meal. You use your debit card and must type in a 4 digit code to prove it belongs to you.
The point is, in order to live our lives securely we must constantly authenticate that we are who we say we are. And with this, it begs the question of "why have we done so little to improve the processes in which we authenticate ourselves?" The answer is simple, but I think we are just now arriving at beginning of its journey.
In terms of CyberSecurity, it appears authentication and access have begun to slide their way under the scope of what is considered to be Risk Analysis. And although authentication certainly deserves focus and attention, I believe the move to categorizing these two themes (authentication and access) under Risk will bring nothing but positives. Why? The reason is data.
Almost all Risk Engines/ Analytics/ scoring AI machines collect data to provide a score. That score then determines a response based on the likelyhood that person is who they say they are or that transaction is what it should be. This is huge. This opens thousands of new avenues for better and more secure user experiences and is in fact providing that ideal user journey THROUGH security. Useful data is essential for the next evolution of access management.
Let's simplify it. For this example, your home is your sensitive information. With no gate surrounding your home, anyone could pull into your driveway and enter your property. So with that, you put up a fence with a simple gate. This is more secure, however, now every time you approach your home you must exit your vehicle, manually open the gate, drive in and shut the gate. Extremely inconvenient. So, you decide to get a remote gate opener. Now when you pull up, you press the button and the gate opens. Certainly more convenient, however if someone steals the opener they can enter. Now, you decide to put a pin code on the gate so, when you pull up you can simply type the pin in and the gate will open. This evolution of adding layers of security has many parallels to what we have seen in the CyberSecurity world of access and authentication. As in, multiple minor improvements that have been essentially all rested upon the same rail/ train of thought.
It has not been until recently that we have realized it isn't necessarily the act of authentication but instead the data surrounding that authentication that is essential in providing an accurate and seamless user experience. Everything becomes simplified in that now when arriving at your gate to enter the property, the gate will use data. The gate will be able to process things like the time of day you are arriving, the car you are driving, the license plate on the car, the speed at which you are traveling, the direction in which you are coming from, the facial recognition of the driver, the proximity of your mobile device, the station the radio is on in the car and thousands of other data points. Collectively, these factors create a score that can identify you as the person approved to enter the gate and allow you access without having to change what you are doing in real time.
This is the future of authentication, leveraging the data surrounding the event instead of using the event itself as the data and it is exciting.
OneSpan, Field Chief Technology Officer for Americas and Official Member at Forbes Technology Council
6 å¹´Great insight Dan!? This really sums up where we are moving in the world of authentication and risk management.
Advisor to Global B2B Organizations | Transformation Expert | Master Networker | Thought Leader | Branding Buddha | Public Speaker
6 å¹´Good read and reason why I have no AI in my home.....makes life just so much more complicated
Brand & Creative Strategist
6 å¹´Wow, Dan! This is great. Very interesting perspective, and one I was actually able to understand thanks to you distilling the information down for me.?
Instant digital identity verification. Easy and safe at every step.
6 å¹´Excellent analogies. Well done!
Vice President - North America Security Sales
6 å¹´Nice job!