The expression “a leopard cannot change its spots” maintains that it is challenging to alter ones’ inherent nature — not only who you are but also what defines you. Your spots, in this case, include your ways, habits, and behaviors. In this age of big data, the concept is fitting, because this kind of information is increasingly being used to identify individuals and even machines.
For years identity management has relied on three factors for authentication:
1. What one knows (passwords)
2. What one has (tokens)
3. And what one is (biometrics)
Behavior, a fourth factor, is now shaping the evolution of identity management.
In this blog post, and in one by my colleague Sandy Carielli from Entrust Datacard, we discuss big data analytics and how it is enabling the evolution of new behavior-based authentication for easier and more robust identity management. In the following, I focus on the analytics component, how it is increasingly used across enterprises, and why it is important to protect big data. I encourage you to read Sandy’s blog Leopard Spots and Zebra Stripes: Fraud and Behavioral Analytics to learn more about behavioral biometric authentication and get a more complete picture of this interesting and timely subject.
Big Data Analytics
Everyone claims to be using “Big Data,” but what is it really? Merriam-Webster defines big data as “an accumulation of data that is too large and complex for processing by traditional database management tools.” However, when analyzed by new algorithmic data mining methods, big data can reveal patterns, trends, and associations that can, among other things, relate to human behavior and interactions. This is how big data analytics is enabling behavioral biometric-authentication mechanisms.
The 2018 Data Threat Report commissioned by Thales and conducted by 451 Research revealed 99% of respondents (a sample of 1,200 senior security executives from around the globe) are using or planning to use big data. With such a high adoption rate, big data is already transforming many areas of business, including identity management at the individual and device level.
With the advent of more interconnected systems and the Internet of Things (IoT), advanced data aggregation capabilities, and big data analytic engines, organizations can now collect and review previously overlooked facts, figures, trends, and behaviors to “paint a bigger picture,” have better situational awareness of the environment within which they operate, and, ultimately, become more competitive.
Increasing volumes of data can provide unlimited benefits for enterprises seeking to better understand their customers and their business. However, with more data available for analytical purposes, the harder it becomes to protect it across distributed repositories. And with data breaches continuing to make headlines, big data, which includes sensitive and personal data, must not only be protected for privacy concerns, but its integrity must also be preserved to ensure its value as a resource. At the end of the day, if one cannot trust that the data being used for knowledge discovery and decision-making is authentic and has not been altered, it becomes pointless to collect, analyze, and make decisions based on the data.
With continued high-profile data breaches and more sophisticated attacks that can leverage synthetic identities or impersonate real identities (be sure to check Sandy’s blog post for more on this), the overall security landscape continues to change. As attacks actively target sensitive information, organizations must continue to protect their aggregate big data from internal and external threats to protect their customers’ privacy and their organization’s reputation, and to comply with mandates such as the General Data Protection Regulation (GDPR).
The challenge faced by organizations wanting to use behavioral analytics for authentication is how to implement security solutions without hindering the big data aggregation and analytic processes required to produce the desired insights. Because behavioral biometric data can contain confidential and personal information, and reveal sensitive insight, it can also be a high value target and represent a honeypot for attackers.
Focus on Enhanced Security
Industry best practices call for the use of robust encryption solutions to protect sensitive and personal data. Solutions that protect data-at-rest, in use, and in transit form an important part of the enterprise’s information security strategy. But cryptographic key management and the mechanisms that facilitate auditing and compliance are also best practices vital to effective data security.
Strengthening the management of cryptographic keys that protect sensitive and personal data, is essential to ensuring that only authorized users, devices, and applications are allowed access to critical systems. Enhanced security with key management delivered by hardware security modules (HSMs) and transparent data encryption not only hardens the solution to FIPS 140-2 and Common Criteria standards, but also facilitates security auditing and regulatory compliance.
Pioneering companies in trusted identity and secure transaction technologies like Entrust Datacard, enable organizations to make transactions easier, secure and reliable for their customers. By providing the tools necessary to gain valuable insights into not only their business, but also their employees’, associates’, and customers’ behaviors — organizations can become more productive, profitable, and competitive. By combining their solutions with those of Thales eSecurity, they can ensure this all happens within a secure environment.
The way forward
Carefully using big data to paint that bigger picture of users and their behaviors enables organizations to develop more sophisticated identification and access control mechanisms to protect their business, and ensure privacy. Deploying solutions that aggregate previously overlooked resources in a secure manner makes it easier for users to be authenticated and allowed access to systems – which in turns makes the enterprise more secure. Whether you are a human user, a device, a leopard or a zebra, protecting your identity is critically important.
To learn how you can apply these new technologies to your business in a secure manner visit Thales and Entrust Datacard. To ensure you stay #FITforGDPR take our free readiness assessment. You can also reach me @asenjoJuan.