Are you getting ready for the upcoming RSA Conference, the
world's leading information security conference and
exposition? The
event kicks off next week in San
Francisco. Ahead of the show, VMblog spoke with Shahrokh Shahidzadeh,
CEO at Acceptto, a leading provider of Continuous Behavioral Authentication.
VMblog: Identity Access Management (IAM)
is considered to be a hot topic this year. What trends are you seeing that
we should be aware of in 2020?
Shahrokh Shahidzadeh: Next generation multifactor-authentication
(MFA) that reduces drag but increases security will become more mainstream.
Specifically, the concepts of continuous versus binary and biometric/behavioral
versus classic SMS and Captcha.
VMblog: What is not working with current
binary authentication solutions like passwords and MFA solutions?
Shahidzadeh: Passwords, two-factor-authentication
(2FA) and MFA alone are a thing of the past. Clearly once a cybercriminal has
breached the one and only authentication, they become authorized to do whatever
they want. With continuous authentication the authentication process still
continues throughout the session to ensure no one hijacks that session. We need
to also be assessing things on a behavioral level to make sure you are who you
say you are.
VMblog: How do you see the evolution of
behavioral affecting MFA and 2FA?
Shahidzadeh: Behavioral MFA will emerge as a truly
immutable form of identity authentication as it is the closest thing to a
nonrepeating pattern available for identifying an individual. This is similar
to the way credit card companies track (securely and privately) spending habits
to detect fraud.
VMblog: Are biometric-based solutions any
better than good old passwords or a combination of passwords and MFA/2FA?
Shahidzadeh: Clearly password-based solutions have
long outlived their usefulness based on the number of reported breaches and
stolen credentials. Classic 2FA and MFA also impose more drag but don't
necessarily create a more secure environment, so a new method like continuous
behavioral authentication is needed.
VMblog: What role do you see artificial
intelligence (AI) and machine learning (ML) playing in IAM?
Shahidzadeh: AI and ML will all algorithms to learn
and adapt with more data and thus help develop a more immutable identity
strategy.
VMblog: What stories/themes do you think will
come out of RSA 2020?
Shahidzadeh: We expect more horror stories of how
people are still the weakest link in the IT security chain and that will begin
with how they are grated access to the network, cloud and other resources.
VMblog: As a long-time attendee, any tips
for handling the conference?
Shahidzadeh: Plan your time on the floor and in
meetings ahead of time, then keep to your plan. You won't be able to deep dive
on everything so make sure you spend enough time with your "A" priorities, then
time slice between your "B" and "C" priorities to round things out.
##