This is where behavioural analytics will play an increasingly important role, allowing factors such as the type and volume of data being accessed to prompt additional authentication stages and assessment of the time of day and location to be matched against an employee’s ‘normal’ behaviour to detect any discrepancies.
This type of analytics has been used in the online payments arena for years will likely be applied to a much broader set of enterprise situations in the future. There will also be an increasing use of more sophisticated attribute-based controls where authorisation decisions focus more on the user context than the use themselves. For example, a hospital A&E ward may allow access based on attributes such as a ‘nurse with burns expertise’ rather than to ‘Susan’ or a ‘nurse’ in general.
This shift towards adaptive and situational access controls creates a whole new problem, and that problem is at the system level. With basic authentication schemes the primary vulnerability of the authentication system was the theft of the password database and we have all seen news stories of these databases being breached. In a more sophisticated, more contextual authentication model the amount of highly sensitive and critical data that needs to be protected is much higher and includes private and personal data such as location, usage patterns, entitlements as well as biometrics. For this reason, it is crucial to ensure that back end systems such as decision engines, big data analytics and storage systems are secured with the highest possible protection. Authentication is not just about the user but about the entire system. If one element fails, the entire chain can be compromised and all other security measures rendered useless.
It is easy to get carried away amidst all the hype around emerging authentication schemes and devices – ultimately whatever means of authentication is used will only be as strong as the technology securing the back-end. Authentication data is highly treasured and will work its way up cyber criminals’ agendas as it gives access to increasingly sensitive and personal information. The key to minimising risk of compromise is to encrypt all authentication data, securing the critical keys and cryptographic processes from physical and logical tampering. After all, your biometric data is meant to belong to you only.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.