Risk-Based Authentication

Secure access used to be simpler. Everyone logged into the same corporate network, on a managed device, with firewalls to protect internal resources from outsiders. But we live in a hybrid-work world now, with more people working from home, in coffee shops, and while traveling. Each new login attempt from each place and device must be evaluated for risk. Additionally, there needs to be a new model that no longer relied on the corporate network to establish trust and verify access. Zero Trust provides a framework for rethinking trust at each access decision, as employees seek to work from anywhere, on any device. As Cisco Advisory CISO Wendy Nather summarized Zero Trust, “Trust is neither binary, nor permanent.” In other words, no access attempt is either trusted or not; instead, it is measured on a relative scale to determine if that attempt is in a “high” or “low” trusted situation. It also accounts for change. If an attempt once received “high” trust, it does not automatically qualify for “high” trust later, as trust is constantly being evaluated.