internal location, or held externally
in the cloud? Is it federated with a
third party?
• The device they are working from –
is it a recognised device or is it one
they haven’t used before to access
the assets they’re requesting?
• Who the user is – are they the right
age, for example?
These multi-factors can make a lot of
difference to the decision on how to
validate that user, what they should be
given access to and what type of access
to provide.
Policy management
Validating all of these aspects of user
context requires robust management.
Policies must be created to enable
This will mean that banks will begin
to ask their customers to prove their
identity using additional authentication
factors when PSD2 is enforced from
September 2019. They may choose to
ask for biometric information such as a
fingerprint, or a one-time-password sent
to the customer’s mobile device. Some
organisations have already started to
introduce this, even beyond banking and
financial services. Google, Facebook,
Twitter and Dropbox and others now allow
their customers to use certain additional
factors when logging in. At present, this
is an optional extra to provide users with
a sense of security but it may become
mandatory and more commonplace in
future. Another challenge for businesses
will be to adapt to these changes without
spending inordinate time and investment
changing existing architecture.
For now, keeping
credential data off
the cloud sounds
like a safe bet. Changes such as these make it
important for organisations looking to
introduce IAM solutions to choose one
that allows the CIO to adapt without
complex integration at each stage. The
best way is to find an IAM solution that
enables you to manage your identity and
access policies without the need to alter
or abandon existing systems.
The right balance between security and
simplicity can be found by identifying
users dynamically, considering not just
who they are, but also the context in which
the transaction or session is taking place.
IAM solutions can help you understand
as much user context as necessary
to provide simple, secure access in a
seamless user experience. For the safest
result the IAM solution should enable you
to consider the following factors: the good guys through the gates.
Meanwhile, digital evolution will not
stand still. The way that we use systems
will change as we integrate new
technology and enable users to interface
in different ways, so policies will need to
be altered to adapt. For example, there
will soon be a greater focus on multi-
factor authentication throughout Europe,
when the second payment services
directive (PSD2) is introduced. Flexible IAM solutions enable the CIO to
define access policies without significant
recoding or systemic change, so the
organisation can keep up with the
ongoing technological revolution without
significant effort and investment.
• The location of the user – where in
the world is the user? Are they within
the business’ offices or remotely? Are
they at home or in a public place?
• The location of the application or
data they’re requesting – is it in an As outlined by Visa in its report, Securing
Internet Payments: The current regulatory
state of play, PSD2 along with guidelines
from the European Banking Authority, will
mandate ‘strong customer authentication’
for certain online payment transactions.
www.intelligentciso.com
|
Issue 05
This may all sound rather complex and,
for organisations with large user bases,
it is. Indeed, it is now too complex for
those organisations’ IT departments
to manage identity and access
independently. What’s required is a
flexible IAM solution that bridges multiple
environments and enables a simple,
secure customer journey, while keeping
sensitive data where the IT department
can control it. u
75