Executive View

RSA SecurID® Access

RSA SecurID Access is an integrated offering for Adaptive Authentication, supporting a broad range of different authentication methods on virtually any type of endpoint and integration to a large range of on-premises applications and cloud services. It supports context-aware authentication and uses machine learning to assess user risk and simplify the user experience.

Martin Kuppinger

mk@kuppingercole.com

1 Introduction

Authentication based on usernames and passwords is both insecure and cumbersome. Despite its shortcomings, it is still by far the most widely used approach for authentication. However, in the age of Cloud Computing and in times with ever-increasing cyber-risks, organizations need better ways for authenticating their users, that serve both the security requirements and the demand of users for a convenient, easy-to-use authentication.

Adaptive Authentication is the solution for these requirements. It allows organizations to implement a flexible yet strong authentication scheme across the broad range of applications they are running, be it on-premises or in the cloud.

Adaptive Authentication in the KuppingerCole definition is adaptive in two areas:

  • It supports a variety of different authenticators and thus adapts to the needs of organizations and users. It is not limited to a specific type of authenticator, but allows changing and combining authenticators in a highly flexible manner.
  • It is adaptive regarding the required level of authentication strength and identity assurance. Depending on the criticality of information and systems that are accessed, the minimum level of authentication varies, including support for step-up authentication e.g. by adding another authentication factor.

Adaptive Authentication is the umbrella approach, integrating concepts such as strong authentication, Two-Factor Authentication (2FA), Multi-Factor Authentication (MFA), and Risk-Based Authentication (RBA). It supports strong authentication through using multiple factors whenever required. It integrates the concept of RBA by identifying the context risk of users such as their location and mapping it to the required strength of authentication and identity assurance for a particular access.

The underlying concepts that are integrated within Adaptive Authentication are already in place and have been for a long period. 2FA has been available for decades and RBA is also established in certain use cases, in particular access to online banking. However, this is changing nowadays. An adequately strong authentication is understood as being mandatory for helping to mitigate cyber-risks, well-beyond specific use cases. On the other hand, organizations increasingly have learned their lesson that authentication must be convenient. Users are familiar with biometric authentication on their mobile phones and users want to use something that works smoothly with their device of choice. Thus, a higher degree of flexibility than ever before is required when it comes to supporting different authenticators, while on the other hand the need of some form of strong authentication is higher than ever before.

From our perspective, organizations of all kind must support the concept of Adaptive Authentication for both aspects of adaptiveness, i.e. the flexible support for different kinds of authenticators and the flexibility regarding the required level of authentication.

Thus, organizations must move from isolated, per-system approaches for strong authentication towards centralized authentication platforms supporting Adaptive Authentication to a variety of different applications, from on-premises applications to cloud services, VPNs (Virtual Private Networks), and the endpoints themselves.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.