Samsung VP says behavioral analytics key to public sector mobile identity management
Behavioral analytics (BA) are the extra step beyond derived credentials, including biometrics, necessary to secure access to public sector systems for a mobile workforce, according to a post contributed to GCN by Samsung VP of Federal Chris Balcik.
There were 22,788 cybersecurity incidents affecting the public sector in 2017, according to Verizon’s 2018 Data Breach Investigations Report, and while multifactor authentication techniques combining a physical credential such as a Common Access Card or a biometric factor with a password are a good start, they do not go far enough to protect against sophisticated adversaries, Balcik argues. One of the key benefits of BA is the capability to continuously authenticate the user. Furthermore, detecting anomalies in the form of deviations from a baseline of behaviors significantly reduces the amount of information needed, which helps agencies quickly detect and neutralize mobile threats.
BA, often referred to as behavioral biometrics, is also valuable for the ability for administrators to configure baselines to suite agency security needs, and the convenience of authorizations leveraging BA for employees, Balcik says. Likewise, loading a physical smartcard onto a mobile device makes it more convenient than carrying the physical card, while enabling richer insights into the user’s identity through BA.
Balcik recommends implementing security down to the user’s device, along with multifactor authentication to protect against breaches through stolen devices.
“Requiring security down to the chipset, combined with stronger multifactor authentication methods will be central to the way government manages identity verification,” Balcik concludes. “BA functionality in particular plays an essential role in defending devices and networks from malicious cyber hackers as well as insider threats, such as disgruntled employees or those unintentionally misusing mobile devices or data.”
Experian fraud consultant Chris Ryan recently called for public sector agencies to take advantage of NIST digital ID standards and biometrics to eliminate friction from interactions between citizens and the government.
The global market for behavioral biometrics is expected to reach nearly $4 billion by 2025, according to a recent report.