P RE D I C T I V E I NTELLIGEN CE
system. The fanciest, most high-tech
authentication protocols won’t mean
a thing if legitimate users are over-
authorised. Pretty creepy, right?
3. Biometrics
In the authentication framework,
biometrics are a factor linked to
something you are, and they can be
incredibly difficult to steal, spoof or lose.
That’s what’s so strong about them.
Typically, people think of biometrics as
things linked to physical characteristics –
like eyes and fingers. They’re something
you’re born with, right? Not necessarily.
Yes, physical characteristics that you’re
born with still account for the largest
portion of biometric use cases. But
there’s another category: behavioural
biometrics. Your voice, gait, your way of
typing and a whole host of other unique
characteristics are all a part of this group.
These ‘life measurements’ are acquired
over a lifetime and may change subtly, all
while remaining as unique as a fingerprint.
4. Federation and single sign-on
To nail down the differences between
these two terms, let’s start by explaining
the comparatively simple structure of an
SSO authentication environment. Single
sign-on allows you to sign on once with a
service provider for a range of services,
allowing that one authentication event to
give you access to a suite of services.
There are plenty of services that enable
SSO and the beauty of SSO is how
frictionless it is for users.
5. Federation
This works slightly differently, as it isn’t
just requesting access from a single
service provider. There’s still one sign-on
involved on the user’s end, but not on
the back end. Instead, federation relies
on a trust relationship between multiple
service providers, with a single source
for that trust. So, the user signs on to
the source of the trust relationship (a
centralised identity provider or IDP) with
all of the necessary credentials once.
Attempts to access federated services
will involve re-authentication through
that IDP. You won’t be using credentials
to access those diverse services – the
34
Because it can
be devastatingly
successful,
cybercriminals
have continued to
innovate.
IDP will be sending them out. Same time
savings as SSO and similar risks if the
IDP is breached.
6. Zero Trust
A Zero Trust model says that anything
coming onto your network (person or
device) has to have a positive identity
that’s verified by the system. Put simply:
‘Trust never, always verify.’ That way,
access is restricted to licit users and
devices: trusted entities. When hundreds
or even thousands of Internet-enabled
devices are able to come on the network
of a large organisation, it’s crucial to
give them access rights commensurate
with what they need from the network –
which shouldn’t be much.
So how does a Zero Trust security
posture contribute to a safer
organisation? Basically, it makes sure
that what’s on your network belongs
there and heads off breaches by
unauthorised devices that may not be
properly configured. It also addresses
vulnerabilities arising from use of your
network’s resources by devices that
may be communicating remotely over an
insecure Internet connection. Finally, it
keeps users from bringing in their own
less-secure devices and inadvertently
causing a breach. No one wants to be
that guy. With a Zero Trust security
model, they wouldn’t get the opportunity.
7. Phishing
Phishing, as you probably know,
continues to be one of the most common
security scams. Through email (the
usual source), text, phone, or even
messaging, social media and productivity
apps, crooks attempt to steal user data.
Usually, they’ll pose as a legitimate
organisation and steal a bit of formatting
from licit communications from those
organisations. The goal is to get people to
click a malicious URL, log in to a fake site
or download a virus-ridden attachment.
Because it can be devastatingly
successful, cybercriminals have
continued to innovate. They all want to
Issue 23
|
www.intelligentciso.com