There has been lot of talk around context based authentication especially to trigger strong authentication. I am not not able to visualize how the foundation can be built in a companies which have hundreds or thousands of applications. When I say foundation, I really mean on which the AM or applications can rely to understand the context of the user. Have you implemented context based authentication in your systems or If you are going to ? How is the "foundation" built?
Sort by:
Information Security Manager in Manufacturinga year ago
We haven´t implemented context based authentication and at this moment is not in our short term initiatives. At least for core applications we´re focusing on maintaining healthy environment with access controls based on job positions, using an IAM solution. In addition we prioritize the use of PAM to mitigate the risks of unauthorized access to our systems.
One of the basic context based authentication factors is device used, geographical location, user behavior and risk score calculation based on it. If need be, you could add more factors for calculating risk score. Based on the risk score, access can be controlled. For instance, triggering MFA for a higher risk score.