Government regulations have a tendency to push the burden of complete protection on organizations for every aspect of communication and transactions for complete privacy. In doing so the potential for breaking compliance increases exponentially with even a single misused digital credential, so ensuring your Identity Access Management strategy is completely leak-proof when it comes to authentication, not just at the perimeter, but continuously throughout a session, becomes paramount.
Specific regulations have specific issues that should be explored, even if they don’t affect your organization today. Why “roll the dice” and gamble on your compliance when the lessons learned for one regulation may help you navigate others?
Solvency II And STS Compliance
Europe tends to lead the world when it comes to putting for strict regulations to protect the average citizen in their digital dealings with organizations. In addition to the likes of GDPR, industry-specific regulations like Solvency II and STS for Insurance come to mind.
According to Wikipedia, Solvency II is
“a Directive in European Union law that codifies and harmonises the EU insurance regulation. Primarily this concerns the amount of capital that EU insurance companies must hold to reduce the risk of insolvency.”
And according to the European Securities and Markets Authority, the Securitisation Regulation
“establishes a general framework for securitisation and creates a specific framework for simple, transparent and standardised (STS) securitisation. The Regulation was published in the Official Journal of the European Union on 28 December 2017, and is a cornerstone of the EU’s efforts to establish a capital markets union, by creating a single market for investment services and activities and to ensure a high degree of harmonised protection for investors in financial instruments.”
Both of these regulations require transparency at the core of their directives and that begins with how people access sensitive information.
4 Common Inadequate Measure
For decades, there have been numerous technologies and cyber security measures that organizations have relied upon that unfortunately don’t really meet the standards required to truly prevent inappropriate people or actions entering your network today or affecting data. The top four you should investigate further include
- Trusting Your Employees:You have probably figured out by now that your employees are your greatest asset but also your most vulnerable liability when it comes to cyber security. Just trusting that employees won’t mismanage their passwords, share credentials or leave their workstation unattended after logging in is a recipe for disaster.
- Trusting Passwords in any form:Passwords have been the method of choice for accessing critical IT resources and sensitive information since the dawn of computing. Unfortunately, because of this, they are also the most vulnerable form of digital identification as seen by the billions already stolen worldwide. You have to assume that every password-based credential has already been stolen, even those not yet created to truly design an immutable solution.
- Trusting two factor authentication:The answer for most companies looking to extend the life of their password-based solutions is to add a second authentication (i.e. an SMS code or fingerprint). Unfortunately, all this does is add more confusion and drag for the user base and often results in increased help desk costs.
- Trusting biometrics authentication alone:You would think that something as unique as your retinal scan or finger print would provide the maximum amount of security. Unfortunately, you would be wrong again. Fingerprints actually have less security than a 6-character password.
So, if the standard security measures are ineffective, then what should you do?
Continuous Cognitive Authentication Improves Accountability
As you can see, Solvency II and STS require transparent governance and regular risk assessments for greater adherence and security. Leveraging an authentication solution that utilizes AIML for biobehavioral authentication will effective provide immutable identity verification and improve transparency in the Insurance Sector and therefore aid in compliance.
Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. This provides both inference and prediction, so every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. IN doing so, you can be assured of improved employee accountability in relation to transactions and investments.
eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, assigns real-time risk scores to continuously validate your identity prior to, during and post-authentication and is easily integrated into infrastructure such as Microsoft Azure and Citrix AD.
Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.