Authentication: One of the essential questions in digitization: How do I protect my data? More and more processes. It is difficult to enforce that employees use complex and, above all, unique passwords for each access, and even complex passphrases can be cracked. More and more services are therefore offering the option of 2-factor authentication, which provides a significant plus insecurity, but at the same time, is more time-consuming for employees.
Current technological developments aim to solve precisely this problem by ensuring that passwords do not become entirely obsolete, but input is less and less necessary. To enable largely password less authentication while at the same time guaranteeing IT security, a basic security approach is essential: the zero-trust concept.
Authentication: Check All Accesses With Zero Trust
With the zero-trust concept, every data access is initially classified as untrustworthy. It does not matter whether the request is made inside or outside the company network. Every user, every app and every device has to be explicitly authorized for every access. In a certain way, Zero Trust is an alternative to previous security models because at least internal access from one’s network has often been automatically considered secure. But cybercriminals are becoming more resourceful in their methods, and both the frequency and the quality of their attacks are steadily increasing.
With Zero Trust, the foundation is laid to make access more secure. However, Zero Trust does not mean that the user has to authenticate himself manually with every login. In advance, guidelines are drawn up that determine when a user receives direct access, and additional authentication steps are necessary. The access request is assessed based on various factors.
Authentication: Take Security Factors Into Account
A decisive factor in authentication is the device used. If the device is known and managed by IT, the device can be rated as trustworthy. Conversely, unmanaged devices should be viewed with greater suspicion. The users themselves also serve as a factor. An employee who is entered in the Active Directory, for example, is generally classified as more trustworthy than an unknown user.
The applications represent a further security factor. If a company has its app store, it can continuously check the applications provided there and thus guarantee their security. When using such an app, there can be greater trust. However, in the case of apps downloaded from public app stores, a check is only possible to a limited extent, and the leap of faith is not recommended. Certificates can also be distributed to mobile devices that prove the device’s identity and thus play a role as a security factor.
Thanks to new technologies such as deep learning, assigning individual usage habits to individual users is now possible. For example, you can see how much pressure a user is exerting on display or how fast he is typing. If unusual behavior is discovered here, this can also affect the authentication.
Authentication: Implement Zero Trust With UEM
A suitable management system is required to define and enforce guidelines. Many companies, therefore, rely on a Unified Endpoint Management System (UEM). This allows various end devices – from cell phones to tablets to laptops – to be managed centrally. The UEM can distribute the established guidelines to the devices. If an employee then wants to access an application, the UEM checks the various factors and decides whether and in what form authentication must occur. The UEM can cover multiple security levels: If all elements are met, access can even occur entirely without a password.
Introduce Stronger Authentication Methods
If individual factors are not met, successively more robust authentication methods can be queried: If an employee is stored in the Active Directory, uses a device managed by IT with a secure certificate and works with a managed app, he is not asked for his password. However, if an employee tries to log in with a remote device, access can only be possible with 2-factor authentication, for example. This scaling of the authentication steps means that everyday work becomes significantly more user-friendly for employees – while at the same time, the data is better secured.
The Zero Trust concept increases the security of company data and IT processes on the one hand and user-friendliness on the other. With this approach, companies can protect their data much better against attacks and at the same time enable their employees to work effectively and productively, which has a significant effect on employee satisfaction and motivation.