Evaluating adaptive authentication for your organization

March 19, 2019

By Stephen Cox

This is part two in a series of four posts on adaptive authentication and the KuppingerCole Leadership Compass Report. You can read part one available here.

Today we’re going to continue our four-part series on the KuppingerCole Leadership Compass for Adaptive Authentication report and talk about evaluating solutions. Previously we covered why adaptive authentication is so effective at providing strong security and a seamless user experience.

If you haven’t read the report yet, you can still download it for free. We especially recommend this if you want to understand how to sift through different adaptive authentication vendors to identify the one best for your organization. The report compares the different adaptive authentication methods used in these solutions, including multi-factor authentication tools and contextual analytics, as well as delivery models and the capabilities required to implement your solution.

So how do you evaluate vendors and solutions to understand which works best for you?

You start by performing a risk assessment for your organization by answering some key questions:

  • What type of environments you are trying to protect?
  • What type of threats are you facing?
  • What type of data are you protecting?
  • How diverse are your users and what is their normal behavior?
  • Where are your security gaps?

Those answers will shape your security strategies – and you’ll have a sharper idea of what you need from your adaptive authentication vendor.

Understanding Functionality

The report notes that many solutions share the same basic features. Adaptive authentication works behind the scenes, doing the heavy lifting of validating identity while the user experiences quick and easy access. Much of this has to do with context and risk-based analysis. That’s where the main differentiators come into play, particularly in terms of features that can step up the authentication requirements.

For instance, the solution might examine the user’s IP address, geo-location, and device fingerprint to determine if there is risk present or if they match expected data. Logical behavior models such as the user’s historical locations, common resources they access, or time of day analysis can help differentiate legitimate users from attackers. Physical behavior such as keystroke dynamics or mouse movement patterns could also be used to confirm an authorized user or alert your system to a possible bad actor. When necessary, your authentication workflows kick in and require additional steps. Evaluate the available methodologies in the context of your user base and security needs. Providing immediate access to critical medical data for doctors traveling hospitals might require a different set of features than an employee who needs to check an internal database of sensitive financial information.

Another question to consider: Do you need a complete identity access management solution, or would it be simpler to adopt a more targeted adaptive authentication solution that integrates easily with your existing technology?

The KuppingerCole Leadership Compass report covers the features and functionality of the top vendors in the space. In addition to being named a leader for Product, Innovation, and as Overall Leader, SecureAuth IdP was rated with distinction in all five categories of the report: Security, Functionality, Integration, Interoperability, and Usability. Your organization likely needs to balance each of these categories in every use case you have.

Yes, SecureAuth supports more authentication methods and adaptive risk checks than any other vendor. It’s an extensive list, including Android and iOS biometrics, behavioral biometrics, CAC/PIV/SmartCards, email/phone/SMS OTP, federated logins, mobile apps and push notifications, OATH tokens, RADIUS, RSA SecurID, social logins, Yubikeys, and more. Our risk analysis is sophisticated, spanning device fingerprints, geo-location, geo-velocity, IPs, user attributes and behavioral analysis.

The report also noted SecureAuth can integrate with any standards-based identity providers or repositories, such as Ping Identity, Okta, RSA, and Microsoft Active Directory. But that is not enough: We make it easy for you to use and flexible for any environment or use case you have.

Again, we recommend reading the report to get a thorough view of the adaptative authentication market today and what different vendor products can do for you.

Watch the webinar with KuppingerCole’s lead analysts, John Tolbert and me to get an insider’s view into The KuppingerCole Leadership Compass report and better understand how to evaluate and implement adaptive authentication here.

Suggested reads

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!