Cisco’s Ash Devata on the Future of Secure Access
Authentication used to be binary:
I give you access or I don’t give you access. But with the rise of
remote/hybrid work and the growing number of cloud applications in use,
organizations need an even more precise approach to authentication, says Ash
Devata, vice-president and general manager of Cisco Zero Trust and Duo Security.
“Every time you’re giving access,
you have to inspect the user [and] inspect the device,” Devata says. “End users
just want to get their work done. They don’t want to go through all the
security checks.“
The security landscape has
increased in complexity, with the rise of remote and hybrid work and the
accelerated pace of cloud adoption. “The key thing is around, how do we make
sure only the right people have access to the applications?” Devata says in his
Fast Chat with Dark Reading’s Terry Sweeney.
Devata also expands on the
concept of post-login security. “You log into [xbox.com]. You just have the
login cookie for six months,” Devata says, in reference to session cookies. So
long as the cookies don’t expire, the session is valid and users don’t have to
log back in again. However, the session cookie presupposes that nothing has
changed to affect the security of the session. It could be the device needing
new security updates, or the geographic location.
This is more than risk-based
authentication, though. The idea behind continuous password access is to continuously
measure all the signals – such as whether device encryption is turned on, if
there are pending patches, if the firewall is enabled, and the network location
— completely in the backend, without adding friction to the user experience. Once
a signal changes, details about what has changed is then communicated back to
the application. Depending on the change, the user may be prompted to
re-authenticate, even if the session hasn’t expired.
“Once we give trust, how long can
the trust last?” Devata asks.
Read More HERE