The Stack Archive Feature

Why machine learning is set to transform identity and access management

Fri 19 May 2017 | Alvaro Hoyos


Alvaro Hoyos, CISO at OneLogin, suggests why sophisticated access control should be a key priority in a business’ security strategy…

Security breaches, ransomware, and (suspected) state-sponsored cybersecurity incidents, are making headlines every day and the average person is on higher alert for anything security-related. This, of course, has percolated into boardrooms and management discussions. If security and risk management is not one of the top five priorities your business is focused on, then you might be in for a rude awakening, sooner rather than later.

There is no end to the new and emerging security tools out there for CIOs to leverage. In this competitive environment, security vendors must be able to differentiate themselves by being able to quickly integrate into existing IT environments and improve a team’s ability to do more with fewer resources. In other words, innovation is integral to building out a successful, and manageable, security and risk management program.

Ensuring you are addressing the right risks can be complicated by the differences inherent to cloud, on-premise environments, and mobile applications. Granted, a large majority of risks are common amongst these three environments, but there are sufficient differences to invest the time and effort making sure these are addressed. Following that, how these risks are addressed can also vary for each, so, unfortunately, there is not always a one-size-fits-all solution.

The role of IAM

Identity Access Management (IAM) can be a powerful tool to address some of these risks. The technology can empower both end users and admins to seamlessly authenticate into the applications they need to use every day, and for admins to manage those identities centrally and securely. 

This helps to reduce the amount of IT tickets opened and the time it takes to onboard and off-board personnel. The technology also allows you to quickly and securely authenticate into your own apps from any location and any device, and more effectively focus your efforts on securing your user endpoints, and not just your network edge.

The number of applications companies use, especially with the high rate of cloud adoption, makes IAM use indispensable

Additionally, as IAM serves as the central hub for your identity management, it already captures a lot of information that is key for your governance strategy, including provisioning and de-provisioning data, application usage, and other security events. 

Security controls required as part of many frameworks and regulations leverage IAM data in order to validate compliance or as part of everyday security operations. 

The exponential growth of the number of applications companies use, especially with the high rate of cloud adoption, makes IAM use indispensable. And it is not just security risks that are at play, IT teams face significant operational risks if they cannot centrally administer some or all of these applications.

Operational failures can translate to unmitigated security risks, which can lead to security incidents, legal and regulatory repercussions, and even branding issues for companies that make the headlines.

The future: Machine learning 

Because passwords are easily compromised, multi-factor authentication (MFA) is critical for strengthening security. But traditional MFA tools use static rules that can’t keep up with today’s constantly evolving security risks. Adaptive authentication uses machine learning to score the risk of each login attempt and challenges users making high-risk logins to authenticate using MFA.

Adaptive authentication uses machine learning to find anomalies at the time of login. Anomalies can be related to the user’s network, geographic location, device fingerprint, velocity, or time of access. If a user always logs in from the same network and location, with the same device, at the same time, that’s typically a low-risk login. But if something seems off – for instance, if they’re coming from a known botnet, or a new geography or device – they will be challenged for MFA.

Users aren’t going to adapt to security products that reduce their productivity

Adaptive authentication is especially useful for preventing phishing attacks. Typically a phishing attack tries to install malware on a user’s computer. From there, the malware, running on a trusted company network, may try repeatedly to log into company apps. Eventually, the malware finds the right password, and when it does, it isn’t challenged for MFA, because it’s running on a trusted company network. 

Compare this to adaptive authentication where the malware would be flagged as a new device fingerprint and would get challenged for MFA. The malware can’t, of course, respond to an MFA prompt, and the hackers are prevented from accessing company apps.

For IT, acquiring products to increase security is only half the battle. The other half is getting people to use those technologies. Users aren’t going to adapt to security products that reduce their productivity. With adaptive authentication, you make it so that low-risk logins aren’t forced to use MFA.

Machine learning could eventually transform the identity and access management market, by expanding the range of signals that we feed into our machine learning algorithms to find different kinds of risks. These new signals could include biometric data, making it increasingly difficult for hackers to defeat authentication systems. 

For this reason, it will become increasingly important for IT teams to understand that they need not just MFA, but MFA underpinned by machine learning. IT buyers need to be aware that, just like some vendors have engaged in ‘cloud-washing’, vendors might start to over-hype their machine learning solutions – ‘AI-Washing’.

Experts featured:

Alvaro Hoyos



feature legal security
Send us a correction about this article Send us a news tip