The Catch-22 situation for Identity and Access Management (IAM) professionals is having to balance a well secured environment with a user-friendly journey. The more information we demand from users, the less likely they are to enjoy the product or even complete the process (when given the option). On the other hand, easy access for users often means easy access for hackers with malicious intent. How do you welcome guests without risking a break-in? In one word: Context. In two words: Contextual Awareness.
When thinking of offline security challenges that take place in, say, airports and events, it’s easy to understand where context comes into play. In addition to advanced technology solutions, security professionals base their decisions on unexpected behavioral signs. A famous scene in the Tom Hanks movie “Terminal” features an immigration scam that is exposed because not a single person in a group of people pretending to be tourists was holding a camera. Certain behaviors are expected in any specific situation while others simply do not make sense.
In the online world, contextual awareness represents the ability of tools and systems to collect and analyze many pieces of information, and automatically generate accurate responses based on different behaviors. In other words, it gives systems the ability to detect and alert when things are out of place.
While important to any security solution, contextual awareness brings particularly important capabilities to the IAM arena. Jennifer Lin, Vice President of Product Management at Google Cloud, rightfully states that “Context-aware access increases your security posture while decreasing complexity for your users.”
By using context-aware access, organizations are able to ascertain identities more accurately and respond accordingly, all without exhausting the system and its users. By taking into account factors such as timing, location and the nature of content that is being accessed, systems can decide whether or not the request seems trustworthy.
Being able to do so without demanding excessive involvement on the user’s side can significantly improve the user experience. Information Age Editor Nick Ismail explains that “While using these contextual ‘signals’ to determine identity improves security (because it collates a lot of different pieces of information to build up a profile), this expanded way of using IAM opens up new ways to improve digital experiences for customers.”
There are a number of key areas in which contextual information should be gathered: Information regarding the user, device, network, sensitivity and security levels. Each of these categories includes many different considerations that can be unique to the organization, and IAM processes are required to collect these complex sets of contextual data in real time. This makes establishing trust based on a rich set of contextual information both the greatest hope and greatest challenge of IAM today.
Will enterprises rise to the challenge? A survey by Enterprise Management Associates (EMA), which was sponsored by PlainID and titled “Contextual Awareness: Advancing Identity and Access Management to the Next Level of Security Effectiveness”, surveyed 200 IT professionals about their approach to contextual awareness in IAM.
We learned that respondents are concerned with security breaches in their organization, and for good reason. 60% have experienced a breach in the past year and understand the heavy price of insufficient security measures. They state that the most frequent breaches involve compromised passwords and malware and see the direct connection between IAM procedures and the prevention of these attacks. In fact, organizations that suffered a security breach were 58% more likely to be interested in updating their IAM solution.
As far as the adoption rates of contextual awareness go, the EMA survey found that 96% have adopted some level of contextual-based authentication process. Organizations that were quick to embrace such solutions reported positive results that approximately 90% were able to quantify in terms of saved time, minimized cost, and reduced efforts. These organizations were found to be 72% less likely to face ransomware attacks, 74% less likely to deal with unauthorized users accessing business applications, and 34% less likely to suffer from computer viruses.
Contextual awareness arms IT professionals with new and promising risk-minimizing capabilities. In the IAM vertical, it prevents the biggest security threats without compromising the delicate art of forming a user-friendly process, which enables IT teams to improve compliance and lower the risk of policy violations within the organization.
An IAM solution that enhances the advantages of context-aware authorization is Policy-Based Access Control (PBAC), which forms authorization policies based on a variety of factors, such as location, time, and more. PBAC offers greater flexibility, as a wide range of behaviors and access-related data can form the building blocks for context-based policies.
PlainID’s platform takes PBAC solutions even further, by enabling policies to be created in natural language. This simplifies the process and allows managers that are not necessarily IT professionals to control and expand the policies themselves. The result is an IAM system that combines a deeper understanding of the authorization process with upgraded scaling capabilities.
Interested in learning more? We invite you to download the full report here and find out how contextual awareness can help secure your organization.