Our Next Workforce May Require Continuous Authentication
The person who has signed onto the phone is not necessarily the person using the phone. If you’re a parent who has ever handed your phone to a child, or you’re a teenager who has unlocked your phone and handed it to a friend, you know that this behavior happens all the time.
Because of this common practice of logging on to a device and sharing it with a friend, a new trend in behavioral science technologies has emerged that can detect who is using a device (or at least know it’s not the owner) purely by watching how the user interacts with the applications. By looking for anomalies in behavior, they can see that the primary user is no longer using the device.
“And by continually looking at that, you get a continual login,” explained Edward Haletky (@texiwill), managing director of The Virtualization Practice, in our conversation at the 2015 RSA Conference in San Francisco.
This behavior of handing off authenticated devices to non-authenticated users is extremely common among teens. They’re operating under the assumption that this person is my friend and I can trust them.
“For teenagers, that’s probably enough [trust], but for the business world it’s not,” said Haletky. “Without some sort of behavioral analysis that’s going on there’s no way to tell who’s using the device.”
This is something businesses have to worry about now because these teenagers will be in the workforce very soon. And young people do not adapt well to new stringent rules of security and communications. Given the level of shadow IT, companies have to adapt to new forms of communications and how people manage their data and devices, said Haletky.
“If you’re doing this with your kids and your kids are doing this with their friends, this is the next workforce. They’re going to constantly do it. You just can’t change a person’s behavior by saying, ‘You have to be more secure,’” said Haletky. “Your security just has to adapt to go with them and make it more secure.”