RSA Conference 2020
Shahrokh Shahidzadeh, CEO at Acceptto, a Portland, Oregon-based provider of Continuous Behavioral Authentication spoke with VMBlog about IAM trends to help you navigate RSA.
VMblog: Identity Access Management (IAM) is considered to be a hot topic this year. What trends are you seeing that we should be aware of in 2020?
Shahrokh Shahidzadeh: Next generation multifactor-authentication (MFA) that reduces drag but increases security will become more mainstream. Specifically, the concepts of continuous versus binary and biometric/behavioral versus classic SMS and Captcha.
VMblog: What is not working with current binary authentication solutions like passwords and MFA solutions?
Shahidzadeh: Passwords, two-factor-authentication (2FA) and MFA alone are a thing of the past. Clearly once a cybercriminal has breached the one and only authentication, they become authorized to do whatever they want. With continuous authentication the authentication process still continues throughout the session to ensure no one hijacks that session. We need to also be assessing things on a behavioral level to make sure you are who you say you are.
VMblog: How do you see the evolution of behavioral affecting MFA and 2FA?
Shahidzadeh: Behavioral MFA will emerge as a truly immutable form of identity authentication as it is the closest thing to a nonrepeating pattern available for identifying an individual. This is similar to the way credit card companies track (securely and privately) spending habits to detect fraud.
VMblog: Are biometric-based solutions any better than good old passwords or a combination of passwords and MFA/2FA?
Shahidzadeh: Clearly password-based solutions have long outlived their usefulness based on the number of reported breaches and stolen credentials. Classic 2FA and MFA also impose more drag but don't necessarily create a more secure environment, so a new method like continuous behavioral authentication is needed.
VMblog: What role do you see artificial intelligence (AI) and machine learning (ML) playing in IAM?
Shahidzadeh: AI and ML will all algorithms to learn and adapt with more data and thus help develop a more immutable identity strategy.
VMblog: What stories/themes do you think will come out of RSA 2020?
Shahidzadeh: We expect more horror stories of how people are still the weakest link in the IT security chain and that will begin with how they are grated access to the network, cloud and other resources.
VMblog: As a long-time attendee, any tips for handling the conference?
Shahidzadeh: Plan your time on the floor and in meetings ahead of time, then keep to your plan. You won't be able to deep dive on everything so make sure you spend enough time with your "A" priorities, then time slice between your "B" and "C" priorities to round things out.
Learn more at VMBlog.com website.