Over the past year, analysts have been cautioning about the need for layered defenses against security breaches. And we’ve seen many serious breaches by hackers and fraudsters this year. In particular, analysts are calling for a risk-based approach that can ramp up security for more suspect situations, but that always provides several lines of defense against intrusions. We call that approach identity security.
We were recently interviewed by the Information Security Media Group about the future of identity security. The interview discussed how Equifax helps provide a high level of assurance to facilitate more secure remote access and allow government and enterprise shift more transactions to the web with high levels of confidence and trust.
Risk-based, multi-layered security starts with knowing who your users really are. Beyond that, ID access management and authentication systems should also be risk-based. Ideally, risk analysis of suspicious transactions, policy violations, or out-of-normal behavior should trigger varying, progressively more complex authentication challenges. These security authentication parameters should then be customized in real-time so that your organization can present authentication challenges based upon the latest threat assessment. For example, challenges to users based on logins from a particular region or country, login frequency, changes in their ISP, machine characteristics, or other criteria.
If you have additional questions about ensuring the identities of your users or about the security of your data, please contact us.