Identity and Access Management (IAM) systems have continued to evolve significantly over the last two decades. Increasing security and improving usability have both been contributing factors to this evolution. Data owners and IT architects have pushed for better ways to authenticate and authorize users, based on changing risks and newer technologies. Businesses have lobbied for these security checks to become less obtrusive and provide a better user experience (UX). One of these such enhancements is Adaptive Authentication.
Adaptive Authentication (AA) is the process of gathering additional attributes about users and their environments and evaluating the attributes in the context of risk-based policies. The goal of AA is to provide the appropriate risk-mitigating assurance levels for access to sensitive resources by requiring users to further demonstrate that they are who they say they are. This is usually implemented by “step-up” authentication. Different kinds of authenticators can be used to achieve this, some of which are unobtrusive to the user experience. Examples of step-up authenticators include phone/email/SMS One Time Passwords (OTPs), mobile apps for push notifications, mobile apps with native biometrics, FIDO U2F or UAF transactions, SmartCards, and behavioral biometrics. Behavioral biometrics can provide a framework for continuous authentication, by constantly evaluating user behavior to a baseline set of patterns. Behavioral biometrics usually involve collecting environment data (such as IP addresses, geo-location, nearby WiFi SSIDs, etc.), keystroke analysis, mobile “swipe” analysis, and even mobile gyroscopic analysis.
The Leadership Compass presented in this session provides an overview and analysis of the Adaptive Authentication solutions within the IAM market. These solutions are sometimes referred to as Contextual Authentication, or just Step-Up Authentication. All registered EIC delegates have access to this Leadership Compass and the complete KuppingerCole Research until End of May 2017.
