How Does Continuous Authentication Work with My Apps and Users?
Continuous authentication requires support, both at the user workstation and at the application layer. On the workstation side, this can mean a web browser plug-in or, more commonly, a small agent that needs direct access to the user’s hardware (such as on-device cameras, microphones and keyboards) or operating system configuration. On the application side, either minor application changes or the addition of a proxy or some other network instrumentation can complete the security chain between user and data center.
How Does Continuous Authentication Affect the End-User Experience?
The effect can be large or innocuous. If continuous authentication is checking device parameters such as the presence of an anti-malware process or whether a USB key is inserted, users may not perceive the difference between continuous authentication and normal mobile device management tools. On the other hand, if the on-device LED is constantly on or if the application logs out when a user’s hair falls in front of her eyes, people will notice what’s going on.
MORE FROM STATETECH: Here’s how identity and access management supports zero trust.
How Are Zero Trust and Continuous Authentication Related?
Zero trust means trusting no one until a user is fully authenticated. For many enterprises deploying zero trust, authentication isn’t just a username and password or multifactor authentication but may include other metrics: location, application requested, endpoint status, time of day and more. This approach of adding risk-based metrics, usually evaluated only during the authentication process, can be extended and augmented to include continuous authentication as an additional technique to reduce risk.
Where Does Continuous Authentication Fit Within Government?
As a tool to reduce the risk of malware and infected workstations, continuous authentication may be appropriate for staff using sensitive applications, such as financial software, citizen records or federally protected information. New software development kits and plug-in tools coming onto the market may offer government IT teams an opportunity to reduce risk and product maintenance costs by consolidating and strengthening continuous authentication for everyone at the same time.