For IT departments, the challenge is supporting the explosion of access mobile devices and Cloud-based applications that contain your data, but are not within your visibility or control. Often, the only thing between your data in the Cloud and attackers is a password – and passwords alone are vulnerable, costly and complex.
By integrating Single Sign-on with Active Directory, you can login once with username/password and get access to all of your allowed applications wherever they reside.
As a standard user, if you wish to access systems or applications that are tagged with a higher level of security policy, a strong authentication event will be triggered asking you to provide an additional factor of authentication such as a unique 6 digit security code, push authentication request etc.
If you are identified as a privileged user within the system such as a financial controller or network administrator, you would typically have higher levels of access to sensitive information, systems or applications. If this account is compromised, the risk of “damage” is higher, therefore strong authentication should always be required.
As a standard user, if your behaviour is considered outside the “normal” range (such as logging in from a new location or if no “normal” profile has been established) you will automatically trigger a strong authentication event and need to add an additional authentication method.
As a standard user, if you move outside the network boundary, the system can collect data on what your “normal” behaviour is over time as you login. i.e. perhaps you work from home some days or travel interstate regularly and stay at the same hotel. If you’re logging in via a public network and your behaviour is within the “normal” range, then you can still use Single Sign-on and get access to all of your normal apps as if you were in the office. This access could extend to customers, suppliers etc.
Just like an internal user, access to sensitive apps or information from outside the network will always trigger a strong authentication event.
The highest level of security is reserved for behaviour identified as very suspicious such as geographically impossible logins, for example, an initial login from Australia then 10 seconds later a login from overseas. In these situations, strong authentication would be immediately triggered requiring multiple methods of identification – i.e. something you have (smartphone), something you know (security question) and something you are (fingerprint).
For IT departments, the challenge is supporting the explosion of access mobile devices and Cloud-based applications that contain your data, but are not within your visibility or control.
Often, the only thing between your data in the Cloud and attackers is a password – and passwords alone are vulnerable, costly and complex.