Think of it this way, you wouldn’t get into a car without a seatbelt. It’s second nature for most of us, and easy to do. In the 1970s when seatbelt laws were first passed, fatalities with car crashes went down. If we all had MFA and good cybersecurity hygiene, the bad stories about data breaches could be avoided or reduced too. We need a “cyber safety belt” – something that’s simple doesn’t get in the way, and become second nature.
There are two extremes with security. On one end, you can unplug everything from the internet, while constantly requiring physical and digital verification. That’s maximum security, but it’s also maximum inconvenience. On the other side, you can create a totally frictionless user experience, but leave your employees and systems completely exposed to malicious actors.
Security is all about balance. The goal with cybersecurity has to be a balance between becoming more secure while reducing time and cost burdens on IT and minimizing friction for end-users. A solution that can address that balance embodies the “cyber safety belt.”
For a while, access technologies were all about adding additional layers, barriers, and friction into the user’s path in the hopes of deterring a bad guy. But it’s not that simple – this is a huge burden to the end-user and ultimately IT who has to step in for every forgotten password.
Putting MFA on every single access request is tiresome. But it isn’t about fewer MFA requests or tougher passwords. Adaptability and intelligence are the answer. Adding a layer of intelligence into any identity and access solution can remove the friction. Next-Gen Access solutions use analytics powered by machine learning to intelligently determine the authenticity of a digital user and their device through SSO or MFA, while also actively governing access across an organization’s resources and reacting when risky behavior is detected.
We are firm believers that in security – especially identity and access – complexity introduces risk. The goal for us is effective security without performance gaps and difficult integrations and maintenance.
This post originally appeared in a Quora Q&A session hosted in May 2019. Our CEO Danny Kibel was asked to give his opinion on the state of cybersecurity, Zero Trust, working in the security field and entrepreneurship, among other things. For more of his answers visit Quora.
*** This is a Security Bloggers Network syndicated blog from Articles authored by Danny Kibel. Read the original post at: https://www.idaptive.com/blog/end-user-security-experience-and-process/