In our “Risky Business” webinar, we discussed where the industry is today in terms of Zero Trust maturity; perspectives on how it’s evolving in the realm of identity and access; and how AI will transform the way organizations can track and manage user behavior risk, ultimately eliminating this “risk” from business altogether.
“Just use your best judgment, you know we trust you.”
With those words from a pair of unsuspecting parents, the 1983 Tom Cruise comedy Risky Business kicks off. If you haven’t seen it, the TL;DR is that Cruise’s Joel Goodson is a straight-A, straight-arrow who doesn’t heed his parents’ advice during a week home alone, and things spiral out of control spectacularly, derailing his promising future.
It’s a lesson that applies not only to parenting, but also to cybersecurity: even the reliably trustworthy are prone to poor judgment and can make bad decisions that put everyone – especially themselves – at risk. So how do we manage behavior risks for users when IT can’t always be around to keep an eye on things? Well, I’m glad you asked.
Just this month, Idaptive hosted a webinar that we also called Risky Business that featured Forrester VP, principal analyst, Andras Cser, and our own Chief Product Officer, Archit Lohokare. The pair talked about everything from managing user risk behavior to Zero Trust maturity, and you can check out the full discussion here.
If you’re unable to absorb it all right away, here are some of the key takeaways from the conversation:
1) Passwords alone are not secure and drain your budget
When a security breach occurs, more often than not compromised credentials (aka lost or stolen passwords) are at fault. Of course, poor security hygiene, like using the same password across apps (65% of users do this we learned in the webinar) and sharing logins with coworkers (32% of users), are part of the problem. But we also learned that with clustered computers and the exponential growth in computing capacity, passwords alone are inadequate for business users and systems today.
In addition, they can be a huge burn in IT’s spend and time. We also learned that 20% of all IT help desk calls are password-related – costing businesses on average $31 to resolve each issue. Think about all the users in an organization and how it adds up.
2) Eliminating friction and the user experience is king
Users crave a frictionless experience that seamlessly grants access to the apps and services needed to do the job. It’s simple: the more time employees spend recalling or resetting passwords, the less time spent on profit-generating activities. Make them jump through too many hoops, and users rebel and figure out workarounds outside the scope of IT.
We learned in the webinar that customers and partners, too, want seamless access to their accounts – or they will take their business elsewhere. More than half of U.S. online retailers “unequivocally believe” that a better user experience will improve conversion rates and revenue at checkout.
3) The future includes user behavior context
The key to improving both access and security today and tomorrow is context. Machine learning can assess and understand human behavior to make intelligent access decisions in real-time. Whether the user attempts a login from a recognized device, during normal work hours, and at their usual location or not – smart technologies can decide whether to allow that user to pass through or to add further security steps until the person can prove they are who they say they are.
4) Zero Trust Access is the answer to eliminating user behavior risk
Managing behavior risks and poor judgment may prove difficult when you’re a parent, but a clear answer exists for cybersecurity professionals. That answer is Zero Trust Access. Using the right technology to enable an AI-powered model for identity and access, organizations can both track and manage user behavior risk in order to mitigate it in real-time, and ultimately eliminate it altogether.
Idaptive’s platform does this, learning from and adapting to millions of risk factors and logins, evolving from the need for manual, policy-driven identity and access. This automation – made possible through machine learning – brings us one step closer to Zero Trust access and the promise of security nirvana.
So, if AI-powered access control is the next step in the Zero Trust evolution, where are we in the journey towards this vision? To find that out, watch the on-demand webinar to learn more about the Zero Trust maturity model and how Idaptive can help complete the path.
 All stats cited here are from the report, Five Best Practices to Alleviate Employee Password Burdens While Reducing Security Risks, Forrester Research, Inc., September 18, 2015
*** This is a Security Bloggers Network syndicated blog from Articles authored by Corey Williams. Read the original post at: https://www.idaptive.com/blog/takeaways-risky-business-webinar/