What is Continuous Authentication?
The practice of continuous authentication is monitoring a user’s behavior on an on-going basis, continuously ensuring that the user is who they claim to be. With the rise of hacking, breaches, and ransomware, continuous authentication is a crucial modern security protocol that can passively re-authenticate users without needing to notify them and can lock users out of a system or platform due to inactivity or when it observes irregularities or anomalous behaviors. This approach reduces the opportunity for a hacker to harm or disrupt a computer or mobile device.
There are numerous authentication methods, and many may ask “how are those different from continuous authentication?”
Let’s take a look at two common ones:
Single-Sign-On (SSO): Only requires one single ID for users to identify themselves. Mance Harmon stated in an RSA Conference presentation, “an employee logs in to their corporate system using SSO, but then not have to authenticate again when those individuals go to each of the different applications that an enterprise uses.” If a hacker can bypass that single ID, they will have access to all systems and data within an organization – leaving them more vulnerable to a breach or attack.
Traditional-Two Factor Authentication (Commonly Known as MFA): Requires a two-step verification. Again, after the second verification, a user will not have to re-authenticate. Also, a two-factor authentication has an option that allows a platform or system to remember the user or device for x number of days which leaves a window for hackers to get in.
Both SSO and MFA have fallen short due to their easily phishable factors and their static, one-time verification. This is where continuous authentication fills in the gaps, by monitoring the user’s behavior on an on-going basis and constantly re-authenticating them – this reduces the window of opportunity for malicious actors getting into a system or platform.
Benefits of Continuous Authentication
Continuous authentication is primarily known for reducing risk, but it also provides additional benefits for organizations and users that may be overlooked.
Below outlines additional benefits:
-
Minimizing User Interruptions and Frustrations: By passively re-authenticating users, continuous authentication reduces the number of steps and interactions people are forced to go through without compromising security.
-
Insights into User Behavior and Access Patterns: Continuous authentication monitors behavior and patterns. Some of the patterns include what sites the users go on, how data is accessed, and how a user interacts with the software, hardware, and platform. This approach allows continuous authentication to mitigate risk by creating a user profile and reporting deviations or unusual patterns.
-
Alignment with Zero-Trust Security: Continuous authentication aligns with zero-trust security, as 1Kosmos CTO Rohan Pinto stated, “It becomes part of a zero-trust infrastructure as the trust-but-verify component that makes it effective.” Like zero-trust security, continuous authentication repeatedly validates a user throughout the session, not just at the log in entry. Combining zero-trust security and continuous authentication will strengthen an enterprise's security measures.
Considerations for Implementation
Some key considerations for organizations to implement to achieve that delicate balance between security and user privacy and compliance with regulations include:
Privacy-Preserving techniques
Encryption helps protect data by converting it into a code or message so only the authorized user will know what it means. If a hacker comes across the encrypted message, they most likely will not be able to read the sensitive data due to coding. Specifically, homomorphic encryption techniques help mitigate the privacy challenges for continuous authentication.
Anonymization is another tool used to protect user’s privacy. For example, anonymization will cross out a user’s full social security number and only leave the last four digits (e.g., XXX-XXX-1234) while ensuring the information can still tie back to a specific individual. An organization can authenticate a user by asking them to provide the last four digits of social, credit, or phone number.
Encryption and anonymization are critical to minimize the risk of unauthorized access to personal data.
Compliance Regulations
Identity Governance and Administration (IGA): IGA helps reduce risky activities by managing user identities and access across an organization.
Risk Scoring: By monitoring in real time, an organization can use a risk scoring system to compare previous behavior and conditions to determine whether access should be granted or if additional authentication steps are necessary.
Biometrics: There are numerous forms of biometrics such as facial recognition, fingerprint, and voice recognition. Organizations should enforce multiple biometrics in high-risk activities or transactions.
As hackers and threats evolve, continuous authentication is a critical security protocol across enterprises. To learn more on how to implement continuous authentication into your organization, visit RSAC’s marketplace, where we have an entire ecosystem of cybersecurity vendors and service providers who can assist you with your authentication needs.