William Shakespeare writes in All’s Well That Ends Well “Love all, trust a few, do wrong to none.” For Chief Information Security Officers, this is also somewhat appropriate for your identity access management strategy. Specifically, “love your employees but set up a Device Trust solution that no wrong can be done.”
What Is Device Trust?
The workforce security journey starts with the safety and health of workforce devices used to access the enterprise's sensitive data at all time. Device Trust delivers a core element of a unified risk-based authentication system securing enterprise applications and data across workstations, web, mobile and IoT.
Specifically, Device Trust allows the enterprise to go Passwordless and measure the security hygiene of devices. Besides being the defacto credential provider it tracks and manages who is accessing which company applications through a trust decay model that uses policy orchestration and AIML to deliver continuous authentication throughout the session.
Done right, the solution should have a configurable central dashboard which helps track the devices (mobile and workstation) and security posture, location and last seen cross the network even if they are removed from the network (i.e. stolen or lost). It enables browsers, OS and firmware hygiene and compliance as well as delivering a risked based application authentication that flows across workforce and the enterprise contingent workers (i.e. contractor and/or partners) including BYOD.
The Benefits Of Device Trust
The most significant benefit of moving to a Device Trust solution is the huge decrease in help desk calls and this is a result of the following benefits:
- Go Passwordless: Passwords add significant amount of risk, friction and cost. The productivity cost and IT help desk can add up to $1 million per year on staffing and support logistics of the reset passwords for managed devices alone.
- Identify Managed and Unmanaged Devices: Safeguard company network by applying Zero Trust policies to unsafe devices.
- Identity Governance: Policy orchestration and Smart MFA enabling Continuous Behavioral Authentication™ and dynamic entitlement management
- Support for domain, local and Microsoft user accounts: Enabling lightspeed deployment, covering company-issued and employee-owned BYOD.
- Unified risk engine: across mobile, desktop and Web, measuring threat signals across the perimeter.
Forgotten password results in a password reset process and associated productivity loss, security holes, inefficiencies, and the high cost helpdesk support calls. According to MetricNet’s “10 Key Service Desk Statistics” the average cost of a service call is $2.13 and takes about 10.14 minutes to handle. But a Mandylion Research Labs blog reported:
“According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about $70.”
So now is the time to implement a Device Trust solution for your organization.
Acceptto's Device Trust Solution
Acceptto's Continuous Behavioral Authentication monitors user behavior, transactions and applicational behavior in real-time, our risk engine creates an enriched profile of your user and application landscape that is used to attest if we are in the presence of legitimate or threat actor.
By tracking the user and device posture pre-authentication, our risk engine can calculate if the attempt to access a resource comes from a legitimate user or application, barring threat actors before they even attempt to access the protected resource. Post-Authentication of any action or transaction that deviates from acceptable behavior is subject to step-up authentication or if the risk associated it too elevated the attempt is denied and audited.
The modularity and interoperability of Acceptto solutions integrates with existing enterprise UBA & IAM to enrich the risk profile, maximize the return of investment while reducing cost.
Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019 today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.