What is adaptive authentication & how does it enable zero trust?

The number zero is everywhere these days. You’ve got zero-code, zero-day, Coke Zero, and of course — everyone’s favorite — zero trust. What’s the deal? These “zero” terms all convey a baseline that is considered the ideal state. In the case of zero trust, zero means “trust no one and verify everything.” 

In theory, zero trust makes a lot of sense, but how realistic is it to achieve? It requires all apps and identities to adhere to modern authentication tools. How can an organization possibly verify everything when they have thousands of distributed apps and users, all of which require verifying? 

Apps that are decades old and living on-premises don’t understand modern authorization systems. We need a way to authenticate that bridges the gap between old and new. That’s where adaptive authentication comes in. 

Let’s dive a bit deeper to understand the concept of “zero,” what it means to cybersecurity, and how adaptive authentication through Identity Orchestration can help you achieve zero trust. 

The meaning of “zero”

The concept of zero is relatively new to human thinking because you can’t experience nothing (double negative intended). Rather, to understand zero requires that we recognize the lack of something. It’s an abstract construct that exists only in our minds. Early humans couldn’t grasp this, but as our brains got smarter over time, we began to comprehend complex thinking. 

So how do you measure something that doesn’t exist? For Zero Trust, the success metric is when you have an iron-clad security environment that even the hackiest hacker can’t break into and destroy. That’s not likely to happen while passwords are being used to authenticate users. But passwords aren’t going to disappear anytime soon. So we adapt.

What is adaptive authentication?

Adaptive authentication (also known as risk-based authentication) is a method of access to data that matches user credentials to the risk of the authorizations requested. The point of adaptive authentication is to fortify security while not making the process of logging in and authenticating more difficult than it has to be for the users. 

This Dark Reading article by Strata Identity’s CEO, Eric Olden explains that the friction caused by trying to implement zero trust practices ironically causes greater risk. With adaptive authentication, the identity management system can tell the location of the user, along with which network and device they are login on from, as well as if that device is misconfigured. Policy checks from the established content can be made to verify the user.

Getting to zero trust with hybrid & multi-cloud

Adaptive authentication is similar to how our brains adapted to understanding new complex thinking. It takes a situation and puts context behind it to simplify processes while still understanding that change is gradual. Adaptive authentication is a context-based approach that can help organizations achieve a zero trust security architecture when implemented. 

When someone within an organization tries to access a resource, adaptive authentication doesn’t require them to re-authenticate themselves when there is no need. This reduces the irritation end-users often experience with multi-factor authentication when they have to use an authenticator app or prove in some other way that they are who they say they are.  

Yet, adaptive authentication can have implementation challenges. Any company that’s been around for a while will have loads of older applications that can only authenticate with usernames and passwords. You could rewrite/recode each app to understand new technology… if you had unlimited time and money…

Identity Orchestration is the key to making authentication work

A better way to enable adaptive — or risk-based — authentication than rewriting code is through Identity Orchestration software that makes modern and legacy apps and IDPs work together seamlessly. Identity Orchestration decouples applications from their identity systems to allow adaptive authentication to work throughout your infrastructure without having to touch your apps. 

An Identity Orchestration platform uses an abstraction layer that integrates heterogeneous identity management systems to make many policies, APIs, and sessions work seamlessly together.  Authentication is possible since it doesn’t matter where your apps and identities are — on-prem or in the cloud, or both. 

Adaptive authentication removes the extra step used in MFA, meaning that there’s less chance of a user finding a way to bypass the extra security layer.  Adaptive authentication through Identity Orchestration helps to make verifying users easier to for the protected information to be more secure. You may not have zero headaches, but you will be closer. 

Learn how Maverics Identity Orchestration software can help you have your legacy apps protected with modern authentication without changing the code.