Authentication should be smarter. When it comes to digital interactions, too often there is a lack of trust between organizations and their users. Employees and customers are forced to jump through hoops to prove their identity and access their accounts, applications, and data. Security measures have become less intuitive, adding to the cost of doing business, as employees are less productive and frustrated customers bounce from business webpages altogether. When will we finally admit that passwords and other outdated forms of authentication are dead?
Modern Authentication for a Modern Enterprise
Today’s users aren’t static. The world isn’t static. Yet, historically, we’ve built policies based on static attributes: user names, passwords, and knowledge based authentication. But it’s clear that these attributes are increasingly both ineffective and inefficient. They don’t do much to prevent fraud or unauthorized access, and they are frustrating for users. This type of authentication is a relic from a different era.
We must adapt to this new decade and expand our understanding of the individual user, taking advantage of the rich context behind every user interaction. This means going beyond usernames and passwords. It means looking at device IDs, geolocational data, behavioral biometrics and more. This deep contextual information can then transform the way users are treated.
Legacy identity and access management (IAM) strategies take a black and white approach, setting seemingly arbitrary thresholds between trusted and fraudulent users. Of course, if the bar is set too low—perhaps in a quest to create a more frictionless experience—the risk of inadvertently authorizing malicious users grows. Over-correct, and set the bar too high, and the additional friction leads to frustration, reduced productivity, and eventually, customer churn.
Build Digital Trustworthiness
What’s needed is digital trust. When we truly understand the full context behind each of our users, we don’t need to frame each one as a potential bad actor. Instead, we build trust in the digital relationship at the outset, looking for ways to minimize the security interactions that remove focus from the services afforded to the user.
Instead of asking users to come up with increasingly complex and difficult-to-remember passwords, or dealing with the endless stream of username requests and password reset tickets, today’s enterprises should be looking for ways to build a future that is simple, intuitive, and passwordless.
By building digital trust, users can feel valued and respected, rather than as potential threats. The goal should be to treat customers as customers – people who want to use a given organization’s products and services for their intended purpose and benefits – not as potential villains. Digital trust can be built by implementing an identity-as-a-service solution to assess the full context of a user’s identity as they access and interact with digital services. This type of solution is intended to progressively learn about the user across their end to end digital journey. By allowing streamlined access to low-risk users and blocking or challenging access in higher-risk conditions with a variety of second factor authentication methods, organizations can optimize both user experience and risk considerations.
Adapt to Adaptive Access with IBM
IBM has recently introduced new adaptive access capabilities to IBM Cloud Identity. With access to a rich set of insights based on the full context of the user’s attributes, behavior, device, network environment, and activity, IBM Cloud Identity can enforce multifactor authentication for only the highest risk users or known fraudsters. Adaptive access needs to have great reach, or as we like to say, support mainframe to mobile. To this end, Cloud Identity integrates with the IBM Unified Endpoint Management (UEM) platform, IBM MaaS360, and IBM Z Multi-Factor Authentication to make access seamless, flexible or even passwordless for trusted users.
So, instead of a hardline, yes-or-no approach, businesses can embrace shades of gray along the way, adapting access policies based on level of risk, rather than arbitrary thresholds. Trade-offs between security and user experience can be relegated to the past, with security enabling an intuitive, satisfying user experience, helping to deliver a digital transformation that embraces customer and employee demands.
Authentication should be smarter, and smart authentication adapts. Learn more about how IBM can help you build an adaptive access strategy here.