Why identity, analytics, and biometrics are key to proactive security
Security

Why identity, analytics, and biometrics are key to proactive security

In an age where data breaches are major headlines, getting security right is more of an imperative than ever. But instead of looking at it like a chore, companies should look at better security as a way to make the business better.

“Companies are looking at security a lot differently than they used to,” says Lina Liberti - VP Product Management & Strategy at CA. “When you think back over the years, security used to be the afterthought.”

“Today, things are significantly different. Security is used differently; it's not just about making sure that the bad people can't come in, it's also about making sure that good people can.”

 

Better, more predictive security

It’s a tried and tested mantra within the security realm that it’s a matter of not if, but when a company will suffer a breach. What Liberti - and CA as whole - is looking towards is promoting a smarter approach to security.

“We've always had the technology to look back; something bad happens we can figure out what happened, which is wonderful, who cares? It'll help for the next thing but the unfortunate reality is that the fraudsters, the hackers, that come in, they don't do the same thing ten times.”

“Trying to get to that zero, panacea, the zero breaches, is probably not realistic. Really what companies are looking for is; how do I get to that point where I can predict it based on these anomalies of behaviour? And that's where the threat analytics really comes into play.”

A lot of CA’s future plans revolve around analytics & identity. Last year saw the New York-headquartered company launch both an Identity-as-a-Service offering and a machine Learning-based behavioural analytics solution.

“When you look at the breaches and you read the coverage and you start talking about what really happened, how it occurred, it's usually an identity that has high access,” explains Liberti. “Maybe it's an identity where the person is sitting there waiting to get more information and get more privileged access. Tying that analytics to privilege access really helps turn it around and it's more predictive and more of a proactive approach vs reactive.”

“Understanding the behaviour of what's happening, understanding the context of the person that’s interacting with you from a business perspective helps you make better decisions on the business side but also from the security side.”

 

It’s all about context

Predictive and proactive are words Liberti uses a lot throughout the conversation. As an example, she explains how a person making one transaction from a new location they’ve never been to before wouldn’t necessarily raise too many red flags. But if they start making lots and lots of small transactions that would normally stay under the radar, perhaps it needs closer inspection. The ability to tie analytics into these security systems means non-normal behaviour can be monitored to a closer degree, stopped if necessary, and then the system can learn from this example in the future.

“You're starting to predict what could happen. Maybe it's a low risk; it's just unusual for the user, so let me just flag their boss or administrator and just say; “Hey this is happening, little red lights are going off” or; “They're starting to do stuff and this person has never done it before, they shouldn't be doing it, I'm just going to stop it,” and then we're going to prevent it.”

“We can stop something bad from happening, and it could learn. The small transactions, I need to lower that threshold, it needs to look not only at the dollar volume but the quantity of the transactions; how many are they trying to do and how quickly are they doing them apart, is it a robot doing it or is it a person doing it?

“Those are the kinds of things that the software can learn, adapt, and then change the behaviour, so we get to the point where artificial intelligence and analytics really becomes more proactive, today it's very policy-based because people are hesitant to just let the technology make the decisions, but the technology is there where it could get to that point.”

 

Biometrics: Powerful but near-frictionless security

While the password hasn’t been killed off, new methods of quick and easy authentication are giving organisations new options to create powerful security based on biometrics.

“This is the big challenge that companies are facing: how do I add the security I know I need because I need to open the doors more broadly, but still maintain the business need of frictionless environment? In the very large companies that drive various industries, biometrics are becoming a huge thing for them because identity is becoming so important.

“If you remember back way back in the day we were all smart card happy, we all thought everyone would have a smart card in their hands by now. Guaranteed. And that every laptop would come with a smart card reader. But what do you see more often on laptops? The thumbprint reader.

“It's not my computer that's really the primary point of entry. It's my phone. This is where it's a great device, it doesn't matter which device; Samsung, Apple, they are all at the same level, and I think biometrics soon will just become more prevalent.”

The ubiquity of mobile phones – many of which now ship with thumbprint scanners – means everyone is carrying an instantaneous authentication device tied to their identity wherever they go. The cameras on phones have a reached such a level of quality that facial recognition is another option for application developers to use as a security feature. Some manufacturers have even experimented with retina scanning authentication. The thumb, however, seems to the biometric option of choice for most.

“With biometrics, I can write my app to verify the authentication. I do it today with my Amazon app. I think we're going to see more and more of that. It's an ease of use feature; Amazon's not doing it because they're afraid someone's going to steal a million dollars off my credit card, they're doing it because it's easier for me to just put my finger on and execute a transaction than it is for me to type in a password every single time I go into that app.”

Where biometrics can become especially powerful, however, is when it starts to become integrated with the identity and analytics capabilities Liberti previously highlighted. 

“I think we're going to see more and more of that because I, as the user, have to prove who I am, and if I'm starting do things that are not normal, the software's now going to be able to tell I don't normally do that. How do I know it's really you, someone didn't find your phone and just access the application? Doing the facial or the retinal whatever it might be depending on what I'm doing [could be the answer].”

While she admits an eCommerce company such as Amazon might not be obliged to put facial or retinal scanning into their systems for small purchases, that extra barrier makes far more sense in an industry such as financial services.

“If I'm executing a transaction and I'm somebody that has a lot money in a trading facility and I'm going to trade 10,000 shares that are valued at $1,000 a piece, it starts to matter.”

“It's understanding the value of the transaction, tying it to the level of security, understanding the behaviour of the user, and then putting all of that science to work, tying it all together, understanding where I am, what my device is - device fingerprinting is huge as well - that's where biometrics become very interesting very quickly. 

 

Also read:
How biometrics is changing Latin American banking
FacePhi: ‘Selfie’ verification spreads across banks in Latin America
The vast biometric privacy landslide is starting to break…

PREVIOUS ARTICLE

«How Jeremy Piven took on a new part… Mimecast infosec ads

NEXT ARTICLE

Typical 24: Nader Mikhail, Elementum»
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech, from driverless cars , AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?