Manage your risk with risk-based authentication
Calculate the risk of the user requesting access and adapt your authentication accordingly.
No organization, including yours, is immune from the effects of cybercrime. From healthcare to financial services to consumer goods, there isn’t an industry today left untouched by cybercriminals. Whether their goal is to disrupt, embarrass, or profit from private information, the growing cadence of breaches illustrates the challenges of securing corporate information.
While the business impacts of information breaches vary, it’s likely your organization is at risk in some of these areas:
- Regulated industries—the regulations for healthcare, financial and retail agencies continue to mature and become more specific. At the same time, the audits for them have grown more aggressive. And while the consequences of past lapses might have been fairly benign, today the likelihood of fines and even criminal prosecution for negligence is very real.
- Customer trust—based on revenue reports of companies who have been breached, as well as surveys of their customers, it’s clear that loss of trust is a very serious consequence when private or financial information has been compromised.
- Damaged brand—as the Sony, Target, and other valued brands have brought to the forefront, information breaches can result in more than just lost revenue, it can affect the reputation of the brand itself with long-lasting effects and changes to management.
- Difficulty expanding the business—when acquiring loans and other types of debt, the organization’s risk posture may directly affect the cost of leveraging its assets.
Because of the growing threat of being targeted by criminals and the concrete consequences when they are successful, it is essential that you decide on the level of risk that is right for your business.
Ultimately the risk level you choose will determine the proper balance of productivity and customer friendliness against security. After all, it’s relatively easy to lock your work environment down like a digital Fort Knox, but that makes it difficult to get work done and certainly isn’t an inviting customer environment.
The most effective way for you to manage risk while keeping access simple and convenient is to implement a risk-based authentication approach. Risk-based authentication allows you to evaluate a set of contextual factors related to an access request and use those factors to determine the type of authentication experience that meets your business needs.
When a user requests access to private information using a familiar context, the probability is high that the user is indeed who they claim to be, and the authentication can be adapted accordingly.
Contextual factors that help measure the risk of user access requests include:
- Using a device that is known or registered; or using a browser that has been validated
- Expected location: building, city, region, country, etc.
- Expected work time: hours or days
- User has accessed the same document before, or the document is within a folder context where access requests are expected
Additional variables that play a role in determining risk:
- The sensitivity level of the document: low, medium, high; or if applicable—regulated/unregulated
- The document type fits the expected role or group that the user is a member of
Manage to the level of risk you can live with
Access Manager enables you to manage to the level of risk you have chosen. In the vast majority of the instances, as legitimate users access their information and services, simple, quick, and convenient access can be delivered.
But for those times when extra protection is warranted, Access Manager provides that added layer of security, inserting additional identity validation steps. And used with our Advanced Authentication Framework, organizations are able to use just about any authentication method they choose.
As a result, productivity is optimized, customer satisfaction is maximized, and your business is protected to the level you have defined for yourselves.