Paving the way to smarter phone security
|Robert Capps in Security Wednesday, October 19, 2016|
Let’s imagine another scenario whereby authentication may require this data, but doesn’t rely solely upon it. Instead, identity verification is reliant upon a myriad of data points that form intricate web of complex, rich and real-time data that is impossible to spoof, mimic or replicate by nature of its interconnectivity and complexity. Friction dissolves in this scenario because the verification of the user is so accurate and complete that ‘white-glove’ experiences can be offered to what we know to be the genuine human user.
"The security industry, as a whole, typically is most comfortable requiring that customers conform to methodology."
Companies using this approach can monitor behavior in real-time, interdicting where appropriate with options that can escalate based on the risk level. In effect, choosing to interrogate the identity based on what they know about the offered risk behavior. Another way to look at this new methodology is that users ‘earn’ the type of experience they have based on their own offered behavior over time. And, the model continues to learn about users as time progresses developing a more robust understanding, all without collecting any private PII data.
So, while we might continue to bemoan user stubbornness in up-taking basic security protocols against their own best interests, we can start to see that users’ natural behavior can be the basis of the security method. Analyzing sessions in terms who how users are behaving, how they typically behave, and how other humans behave in this context, offers non-invasive pathways to stunningly accurate identification. Online merchants and financial institutions have been focused mostly on checkout, or on transactions where money was moved. This new method allows enterprises, who already collect volumes of account-based data, to now use this data to inform their authentication processes by looking at account creation and login placements in addition to checkout and transaction.
By building authentication on multi-modal data models rather than single point authentication and using user’s natural behaviors, banks and ecommerce companies have powerful frameworks for verifying users that devalue any PII data that hackers collect from unsecured devices. We can stop enforcing security methodology and our tactical requirements on end users and start working with what they are offering -- natural behavior and the potential to discern who they are from it. Currently, many major online retailers and banks are beginning to utilize this powerful passive biometric model. We anticipate that while usernames and passwords will always have some relevance, they will become less and less relevant for user authentication and verification in the future to come.
Companies who are using this new paradigm are learning to doing something really quite old fashioned. Something every successful brick-and-mortar retailer learned long ago. Something so fundamental it used to be pounded into the head of every business grad everywhere, but was somehow forgotten or deprioritized in our race to build online the economy. Know your customer. Learn what they do and what they want, and this knowledge will give you the keys to succeed in all aspects of your business.
Read more: https://nudatasecurity.com
The necessary steps to secure your environment for all of the components that are involved in a z Systems cloud infrastructure that uses IBM z/VM and Linux on z Systems.
Learn the best ways to organize your app development projects, and keep code straight, clients happy, and breathe a easier through launches.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.
How to create a profitable, sustainable business developing and marketing mobile apps.
This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.