Continuous security innovation in access management (AM: Access Management) approaches requires the application of Continuous Adaptive Risk and Trust Assessment (CARTA) principles. This involves standardized security controls, standardized approaches for a secure architecture, and a standardized framework. Includes integration with complementary technologies such as Cloud Access Security Brokers (CASB), User and Entity Behavior Analysis (UEBA), and Web Application Firewalls (WAF) for continuous assessment and responses in time real for any changes to authenticated interactions.
In the management of privileged access (PAM: Privilege Access Management), just in time access (JIT) is recommended. This is based on the principle that access is only granted for a short period of time and then removed, leaving no permanent privileged access. PAM vendors are increasingly supporting this approach.
Password-less authentication also significantly improves UX / CX, increases security, or both in most businesses over the next two to three years. Biometric authentication methods, potentially in tandem with phone authentication methods as tokens, are a likely component of these initiatives.
A security discipline is the use of IAM or Biometric Identity Access Management (BIAM) for business and risk management, which includes practices, processes and technologies that manage the identities and authorizations of people, services and things, as well as relationships and trust between them.
Uno BIAM allows you to provide the right access for the right reasons, enabling the right interactions at the right time, to help achieve the business results you want.
A BIAM provides administrative capabilities that support common administration models and governance capabilities that provide faster value; A BIAM offers solutions by adding identity analytics and extending solutions to adjacent areas such as data access governance and segregation of duty (SOD) control management.
BIAM solutions allow to support OpenID Connect (OIDC), to protect applications with RESTful architectures, even if provided through API management solutions for the entire life cycle, adaptive access control and biometric multi-factor authentication features integrated (Biometric MFA) are becoming common in AM implementations.
With the growing awareness that security breaches derive from compromise of privileged accounts, it is necessary to use BIAM solutions intended as PAM tools. PAM tools help enforce control, monitor privileged and service account usage, and enable DevSecOps initiatives and infrastructure-as-a-service (IaaS) agility.
A BIAM product must be FIDO (Fast Identity online), that is, it must help free the world from centralized passwords and is well prepared for Internet of Things (IoT) authentication. IoT authentication is beginning to have a strong influence on IoT architectures and security controls in other industries across the enterprise. The growing interest and demand for IoT solutions are accelerating the adoption of IoT authentication.
Phone-as-a-token authentication methods continued to be widely adopted, and mobile push modes became widely available and adopted. However, the security problems with legacy modes (especially those using SMS) make it necessary to use a Biometric solution for access management. Biometric authentication methods such as My-ID must comply with regulations such as those relating to Privacy or GDPR compliant and must be able to face potential vulnerabilities to PAD (Presentation Attack Detection) presentation attacks.