CIO OPINION authentication applications on mobile devices for additional layers of security .
However , overly complex passwords and frequent changes can lead to user non-compliance , undermining security objectives .
While multiple security layers are essential in preventing bad actors from gaining unauthorised access , the goal is to make this as seamless as possible for users . Authentication has thus evolved to become hybrid and more adaptive . Single sign-on , SSO has become a standard for many businesses , allowing users to enter their login credentials just once and then access a range of trusted Software as a Service , SaaS applications .
Contextual adaptive authentication can also be put into place , so that if users are accessing applications and networks from a trusted location and a trusted IP address , fewer authentication layers are required , but if they change networks , then additional steps are implemented . This can also help to detect anomalies and prevent suspicious logins from getting hold of sensitive information .
These contextual and adaptive solutions also assist in fortifying cybersecurity posture by providing the foundation for enhanced identity management . With contextual controls in place , it is possible to see system information such as IP and MAC addresses , devices , and the location of the connection , all of which contribute to ensuring that people who are connecting to networks are who they say they are .
Adding MFA and SSO on top of this helps to ensure that users are authorised , but it is essential to also ensure that they only have access to the applications and data they need .
Once people are inside the network , organisations need to ensure they have least privileged access in place , essentially restricting users to the minimum data and systems they need to perform their job . This is another layer of best practice zero trust architecture ; it has become necessary to start from zero and then only add on permissions as they are required to lock down security as much as possible .
It is also vital to have monitoring solutions in place to see what people are doing once they are inside and flag activities that fall outside of their permissions and access .
The goal is to become more proactive about security , to prevent unauthorised access and unauthorised
Cybersecurity should be a collaborative relationship between the service provider and the business to ensure the provider can become an extension of an enterprise ’ s security team .
www . intelligentcio . com INTELLIGENTCIO AFRICA 35