Thales Blog

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

June 6, 2023

Paige Elliott Paige Elliott | Product Marketing Manager, B2E Offers More About This Author >

Regarding identity and access, it's becoming harder and harder, if not impossible, to distinguish the "good guys" from the "bad guys." Organizations must adapt to the evolving risk and threat environment to protect their valuable and sensitive assets. Access security and authentication play an important role. However, organizations face many challenges preventing them from mitigating expanding threats against identity theft.

How do we support expanding user authentication journeys while balancing strong security with a smooth user experience?

Why is there a need for a different approach to user authentication?

If there is one lesson we all learned from the volatile pandemic period, it is the ability to adapt to a changing environment. Adaptability is what separates businesses that thrive from those that are still struggling to survive while working remotely. Surveys indicate that two-thirds of global enterprises will continue to support work-from-home arrangements for the foreseeable future. In addition, according to a Gartner report, by the end of 2024, the change in the nature of work will increase the total available remote worker market to 60% of all employees.

Hybrid working environments will continue to create further security challenges. Part of the threat is that in today's attack landscape, the identities of remote users have become a lucrative target. Cybercriminals are looking for the weakest link to get into a corporate network. Once inside, they will elevate privileges of the compromised identity to take control of other accounts and either ex-filtrate sensitive data or disrupt operations.

Also, we are witnessing an increasingly diverse type of employee. There are users accessing on-premises data from their homes using their private laptops. Others may access data through a cloud app using the corporate network and laptop, while their colleagues could log onto services via an insecure Wi-Fi network in an airport through their mobile phones.

How can you accommodate all these different authentication requests using a monolithic approach to access security?

One of the challenges with IAM is that it means different things to different people

While trust takes on a slightly different meaning in cybersecurity, it also means something important to the end user. The need to balance security without hampering their experience is paramount today. So, how do we separate bad actors from good actors without introducing massive inconveniences to users? Security teams need to secure this diverse way of connecting to corporate resources and do so in a frictionless manner.

According to analyst reports, 90% of all data breaches start with compromised credentials. Compromised credentials allow criminals to become undetected and elevate privileges to steal sensitive data. Protecting only liable users and apps is not enough to safeguard organizations – especially when remote is now the new normal.

How can modern authentication support user authentication journeys?

Security teams need to realize that not all users are equal, and they shouldn't be treated as such. Each user travels their unique authentication journey every day, several times per day. How can you make these journeys smooth and safe? Adopting a 'Discover, Protect, Control' approach to access security is a start.

  • Discover

    The first step is to identify the specific authentication needs of your users and uncover where there are authentication gaps. Consider that user constituencies in your organizations will likely grow as you adopt more cloud services. Identify the access context and map all roles, responsibilities, and system access requirements. Identify the resources – systems, data, applications - the users need to access and determine their criticality.

    Businesses need to identify all the factors shaping a user's authentication journey and deploy an authentication solution that works for all their employees and helps mitigate the increasing risk of cyber-attacks.
  • Protect

    Once you have completed the discovery phase, you will be better positioned to support all identified user authentication journeys, balancing security and convenience. Consider transforming your authentication solution into a modern one – dynamic and flexible – based on passwordless authentication, policy-based contextual access, and continuous risk assessment.
    • Offer users a choice of multiple authentication methods to accommodate all their needs.
    • Optimize security and convenience using step-up, conditional access.
    • Allow users to enroll at their convenience, manage your solution remotely, and scale your solution easily.
  • Control

    As organizations expand in the cloud, the need for scalable access security and authentication increases. The ability to flexibly add new services to your access security regime, gain visibility into access events and fine-tune policies as your environment grows is fundamental to delivering efficient business outcomes.

In increasingly complex hybrid IT environments, taking a 'one size fits all' approach to authentication can create vulnerabilities by creating easy targets for cyber-criminals. Adopting a "Discover, Protect, Control" approach to access security will enable organizations to identify each employee's user authentication journeys, address their specific authentication needs, and continuously enforce a robust access control regime as they scale in the cloud.

Consider this

Every digital interaction begins with identity. Building a secure and user-friendly environment includes a trusted identity and access management for employees and customers. With the acquisition of OneWelcome in 2022, Thales is now positioned for a comprehensive IAM and CIAM platform, allowing organizations of all sizes to manage internal and external identities.

Dive deeper into the technical aspects of authentication to learn more.