We live in an extremely connected world, and cybersecurity is becoming more and more important each day. As new devices and cloud technologies hit the market, the issue of security through authentication requires a dynamic approach to address ongoing security concerns. According to Gartner, estimated budgets on security will exceed $124 billion in 2019 alone.
The State of Authentication
Authentication has always remained one of the critical problem areas in terms of data security since the advent of digital technologies and the Internet. Traditional authentication involves the use of single logins through the available means such as usernames, passwords, biometric authentication, among others. This form of authentication only checks users at the point of entry - a noted flaw. As an analogy, imagine going to a concert and showing a ticket, then having the freedom to do whatever you want.
The Challenge of Traditional Authentication Methods
While traditional authentication has been effective to some extent, there has been a challenge in maintaining security beyond the proverbial front door. One of the fundamental rules of security in the real world is redundancy. Criminals can steal passwords and devise ways of beating point of entry authentication systems, thus gaining unfettered access to confidential information. This problem has been exacerbated by the rise in device sharing, and shared public Wi-Fi networks.
Enter Continuous Authentication
Continuous authentication is a relatively new technology that is meant to secure data beyond the point of entry. It has been touted as being the future of device authentication and for a good reason. Continuous authentication solves one critical loophole in traditional authentication methods – authentication decay.
Authentication Decay Explained
Take a look at this scenario: you work in an office and require a password and username to log into your work computer. In the morning, you logged in and took a break at lunch and forgetting to log out. You allow a colleague to access a file in your computer, but for some reason, he or she decides to dive deeper into your account and access classified data. Continuous authentication will ensure such a scenario never happens as it will keep track of usage patterns and limit access whenever it senses that you are not at your desk.
Continuous Authentication is Constant Authentication
Users won’t just need to log in at the point of entry to gain full access to features within a system. Continuous authentication should ideally monitor activities to ensure that data is secured from unauthorized access. The process should happen entirely in the background, unless there is a need to prompt the user in case something unfamiliar is detected. Some examples of this are:
- Monitoring usage patterns to identify normal and abnormal behavior (keystrokes, routines etc.)
- Limiting access based on usage patterns
- Learning user traits through voice recognition, biometrics, surrounding, network, geolocation, and more
For example, if a user logs into a public network on a work device, continuous authentication could be used. By limiting available resources and ensuring that only authorized users can log in, there is less risk of compromise.
In Conclusion
Moving forward, continuous authentication will become the new standard. As usage patterns change and new security challenges arise (beyond traditional “front door” authentication) so should our technology. Some of these challenges:
- More device sharing
- Continued use of public networks as the gig economy encourages people to work from anywhere.
- The rise in Smart device and IoT
- The continued popularity of mobile devices, among others.