The Future of Cybersecurity is Artificial: Intelligence Will Transform Enterprise Governance
Over the past several weeks, I’ve explained how to verify every user and then validate their devices as part of a Zero Trust approach to cybersecurity. Now, it’s time to tie everything together with the final ingredient of the Zero Trust formula: intelligently limiting user access.
What do we mean by “intelligently limiting access”? Well, not all people need the same access to the same systems and applications. Some people (like HR or Finance) handle sensitive, private data, others don’t. Some people travel a lot with their job, some almost never. You get the gist. When you intelligently limit access to an organization’s systems and applications, you’re making it easy for each person — whether employee, partner, customer, etc. — to access what they need, when they need it, wherever they are, and on the device of their choosing.
Rise of the Machines
Modern machine learning and user based analytics can transform how you intelligently limit access, ultimately helping strike a balance between security and productivity.
Information about the user, endpoint, application or server, policies, and all activities related to them can be collected and fed into a data pool that fuels machine learning. This system can then automatically recognize out-of-the-ordinary behaviors, such as a user trying to access resources from an unusual location, which immediately raises a red flag requiring additional authentication or blocked access.
By feeding every access attempt back into an analytics platform, you can apply modern machine learning to build individual profiles for every user. Picture this: a user logs into her laptop using Multi-factor Authentication (MFA), while working from the corporate network, on a registered device she always uses, accessing the same apps she always does, at the same time of day as always. Great! You can confidently provide her easy access through silent sign-on to her app instead of prompting her for additional verification.
Machine learning can greatly reduce the complexity of analysis that needs to be performed by IT responsible for overseeing access controls. Instead of writing complicated rules, IT can decide how to respond to the risk level of an access attempt, saving a great deal of time and frustration.
Steps to Zero Trust
Now that we have the three pillars of a Zero Trust approach down, how do we go about piecemealing together a solution with products from various vendors all purporting to solve a piece of the puzzle? Next up, we explore the steps to executing a Zero Trust approach. See how Idaptive Secures Access Everywhere.
Other blogs in this series: