Large enterprises face a number of identity issues, SecureAuth chief marketing officer Brian Czarny told iTWire, including the need to manage the identities of large numbers of employees, customers and others, and to comply with various regulations.
The new SecureAuth Identity Store is a cloud directory that helps organisations secure personally identifiable information relating to non-workforce (eg, temporary employee) and customer identities. Directories can be deployed in specific regions within SecureCloud's cloud infrastructure to comply with local requirements, and user data can be anonymised to comply with regulations such as GDPR.
SecureAuth solutions engineer and architect Ames Fowler explained that while SecureAuth is able to tap into other identity stores without replicating the data, organisations do not always want to add temporary workers, partners, customers and others to their enterprise identity stores.
SecureAuth Identity Store provides a secure way to store this information, and provides a mechanism to support individuals' 'right to be forgotten' while retaining the identity.
Organisations can implement separate stores for different purposes. The stores can be organised into groups, and then actions – such as expiring identities – can be taken on an entire group at once.
"Identity and data management is critical in the business world," said information security company (and SecureAuth partner) Optiv CTO Todd Weber.
"If anything, the post-pandemic landscape is further driving the need for enterprises to protect workforce identities in new ways, like SecureAuth's Identity Store. Built-in privacy control functionality is an important element of any holistic cybersecurity program."
SecureAuth already supports adaptive authentication, where the requirements can vary according to the circumstances. For example, if a user is in a low-risk group and in their usual location, they may be allowed to authenticate without using multifactor authentication. Or if they are in a 'designated traveller' group and outside their home country, they may be allowed to authenticate only via a biometric device. Conversely, if the user's location has changed more quickly than is possible by a commercial airliner, they could be denied access.
This feature has been enhanced with the addition of what SecureAuth calls questionnaire as a factor. This allows to incorporate a questionnaire as part of the adaptive login flow, with the responses used to allow or block access, or redirect the user to a specific application.
Organisations might use this feature to ask employees if they have recently experienced COVID-10 symptoms, and if they have, allow them to sign-on from home but not in the office.
SecureAuth's new support for PIN protection for all FIDO2 WebAuthn-compliant portable authenticators such as the YubiKey 5 hardware key is intended to reduce the risk of lost or stolen authenticators being abused.
The new SecureAuth Endpoint client enables multifactor authentication at login for Windows, Mac and Linux devices, including support for passwordless login by using – for example – a biometric WebAuthn authenticator and a PIN.
Finally, the new SecureAuth Mobile SDK allows organisations to quickly integrate multifactor authentication into their own apps, avoiding the need to use a third-party authenticator.