Authentication in Context: Add the Right Controls for Every User

Robert Haynes Miniatura
Robert Haynes
Published October 12, 2016

Applications have escaped from the data center. Your business may have applications running in many different environments serving users who switch between locations and devices rapidly. As your infrastructure evolves to meet the challenges of this dispersed, interconnected world, you need to re-evaluate your authentication and access management solutions.

Are usernames and passwords sufficient for a world where hackers are constantly trying to steal passwords through software or social engineering? Should you treat a user on a corporate-managed machine on a company site the same as you would a user coming in using their personal device from a café on the other side of the world? While the easy answer to these questions is “no,” the idea of actually doing anything about the situation might seem overwhelming. The good news: finding solutions to difficult problems is what IT is all about.

For critical systems, simple usernames and passwords might be too weak to be the only authentication method. For the new world of the dissolved perimeter, you need context. Where is the connection coming from; is the source IP address suspicious? Is it a corporate-managed device?  What time of day is it? Once you have a solution that can capture and use that contextual intelligence, you can decide which controls to apply to any given situation.

Do you need two-factor authentication? One-time passwords or a flat denial? With a flexible authentication solution, you can apply different controls to the same user depending on where they are, what device they are using, and when they are attempting access. This gives you the control to impose the correct level of authentication while minimizing the friction for valid users as they log into systems. A key factor here is single sign-on; once your users have authenticated once, they can be seamlessly signed into other applications for a set period of time. 

The technology to implement this kind of solution is essentially an intelligent authentication proxy. This kind of service provides a centralized user login facility, which establishes a user’s identity in one or more ways, then proceeds to authenticate them into different applications, possibly by dissimilar authentication schema.  

To function efficiently, this service requires several features: compatibility with a number of authentication systems, an easy-to-configure access policy, and the ability to authenticate users into a range of applications. Add in some centralized management and you have a comprehensive access and identity solution that is ready to provide secure and appropriate access control for your applications—no matter where they are.