SecureAuth on Adaptive Authentication
Part 1: The benefits of adaptive authentication: The KuppingerCole Leadership Compass Report
Part 2: Evaluating adaptive authentication for your organization
Part 3: Adaptive authentication during an attack
Part 4: Best practices for adaptive authentication
This is Part 1 in a series of four posts on adaptive authentication and the KuppingerCole Leadership Compass Report.
Recently we wrote about the KuppingerCole Leadership Compass Report, which not only named SecureAuth as an adaptive authentication leader, but rated the SecureAuth IAM solution with distinction in all five categories of the report. Review the full KuppingerCole report as it offers a thorough deep dive into today’s identity and access (IAM/IDaaS) market. If you’re looking to augment your identity and access management strategies with adaptive authentication, there’s no better resource to consider the solutions available to you.
Stronger defense vs. user friction
The report also goes beyond ranking vendors to examine why adaptive authentication has become so vital to a strong defense. The need for improved identity security has accelerated for multiple reasons. Simple username and password based methodologies are no longer sufficient. Most IT leaders are typically managing a complex tech stack of platforms across on-premise and cloud, protecting a diverse ecosystem of users, and facing off against skilled criminals. Stopping breaches is a partial goal for most organizations; the security technologies used must also be intuitive and user-friendly.
That’s where adaptive authentication enters the game. We’re all familiar with the cumbersome security methods of yesterday, such as hardware tokens or smart cards that get lost and are expensive to replace. We also know that users will opt for convenient workarounds rather than following a multi-step login policy. Security teams have learned the hard way that more friction actually means less security when it comes to authenticating users.
Context in adaptive authentication
Adaptive authentication fits the bill precisely because it offers a better user experience and enhances older methodologies like two-factor authentication. Behind the scenes, the solution relies on user and device-based attributes like geo-location, IP addresses, device fingerprints and other data to validate them against risk-based workflows. Those context-based tools distinguish between authorized users and possible bad actors. The user doesn’t perceive any of those steps. Instead, users quickly access the resources they need without being asked to supply their grandmother’s maiden name or a string of numbers from a hardware token. It’s all about smoothly and efficiently confirming user identity without disruption.
Flexible step-up authentication
Flexible adaptive authentication tools address the different nuances of user identities and environments, recognizing that some situations will require step-up authentication. SecureAuth as a modern cloud IAM solution also provides teams with a range of options, such as phone/email/SMS based one-time passwords (OTPs), push notifications or push-to-accept (through SecureAuth Authenticate mobile authenticator). More sophisticated platforms can include behavioral biometrics to analyze physical behavior such as keystroke dynamics and mouse movements. Some advanced cloud IAM platforms will also offer behavior analytics to analyze logical behavior, such as the historical region of the user, or usual time of day they are active (behavioral analytics is available for example in SecureAuth Risk Service). Behavioral biometrics and behavioral analytics are key benefits of modern adaptive authentication.
The KuppingerCole report examines these authenticators and adaptive authentication methodologies, including SecureAuth’s tools. If you’re curious how different vendors stack up, you’ll find detailed comparisons in terms of functionality, user experience, flexibility and security. You can also consider solutions in terms of integration and on-premise and cloud enterprise applications.
The report is a must-read for any team serious about making a smart investment in their identity and access management technology – and a roadmap to partnering modern authentication technologies with effective security strategies.
Adaptive Authentication Webinar with KuppingerCole and SecureAuth
Watch the webinar with KuppingerCole’s lead analysts, John Tolbert and Stephen Cox to get an insider’s view into The KuppingerCole Leadership Compass report and better understand how to evaluate and implement adaptive authentication.