Access Management , Identity & Access Management , Multi-factor & Risk-based Authentication

Applying CIAM Principles to Employee Authentication

Streamlining and Enhancing Authentication for the Workforce
Applying CIAM Principles to Employee Authentication

Many organizations have updated the authentication process for customers to help ensure frictionless transactions. Now, some are starting to take similar steps to streamline and enhance authentication of their employees - especially those working remotely

See Also: Why the Future of Security is Identity: Experts Discuss Why Protecting Identities Requires Tailored Controls

Thomas Malta, head of identification and authentication at Navy Federal Credit Union, says not many companies have adopted multiple layers of authentication for employees yet. "This has become the need of the hour, since employees are no longer inside your secure network,” he says.

Richard Bird, chief customer information officer at Ping Identity, adds: “I believe we are seeing the beginnings of a new paradigm - not workforce identity or consumer identity, but an expectation for a more universal digital identity that can be used for both.”

Adopting CIAM Principles

To enhance employee authentication for system access, some organizations, including Navy Federal Credit Union and the travel portal Priceline, are adopting customer identity and access management, or CIAM, procedures for their workforces. Those include dynamic authorization, continuous authentication and the use of various forms of biometrics.

"With the death of user ID and password, I am trying to create digital layers of authentication on the workforce side," Malta says. "We are looking to be able to let the hybrid workforce ‘inside our network’ in a very frictionless way."

Joe Dropkin, principal server engineer at Priceline, says he's been applying the concept of CIAM to employee authentication because of the shift toward applications and data storage in the cloud. “We did not want our employees to go through multiple layers of authentication to SAAS applications. The users now have single 'pane of glass' to look at,” he says.

Priceline employees no longer have to log in multiple times to access different applications. Once they're authenticated, using multiple layers, they gain access to all appropriate systems, Dropkin says.

“When you are coming in at the office, username and password are enough to log in," Malta says. "You are inside your office network and multiple layers of authentication are not really required. But now, employees are logging in from different networks. So we need to have those additional layers of authentication, typically for privileged access.”

Keith Casey, who serves on the production team at Okta, a San Francisco-based identity and access management company, notes: “Employees should have a frictionless authentication experience no matter what kind of device they're using to access systems. It is high time we bring in the concepts from CIAM for employees.

"From an IT and support perspective, the easier we make the process of authentication for employees the better it will be, as in the long run it will result in low cost. We need to start having adaptive authentication."

A Complex Process

Multiple factors need to be taken into account while authenticating employees, which makes the process more complex that authenticating customers.

“An organization has data governance policies, and sometimes access to a particular application is required only for a limited period of time. Such factors have to be weaved in while designing an authentication policy,” Casey says.

Bird of Ping Identity says that "creating a unified repository, directory or profile for every single employee is the very beginning step in developing a truly digital identity for that employee.

"Digital identities aren't accounts and passwords. They are a rich, digital representation of the physical you. The richer these digital identities are, the more exact we can be in the certainty that an employee is who they say they are, is doing what they are supposed to be doing and is accessing what they should be."

Tracking Baseline Behavior

Tracking the baseline behavior of employees is important when developing an enhanced authentication strategy.

“Normal behavior isn't a measure that is separate or independent from an identity; it is a part of the identity itself”, says Dropkin of Priceline. "We need to aggregate the types of data that we need to create a rich digital identity. And with that collection comes the learning of baseline behaviors that we can then use to determine normal and abnormal actions."

The goal, he says, is to create unified digital identities "that we can leverage in all aspects of our lives."

Malta of Navy Federal Credit Union suggests implementing enhanced employee authentication in phases. “With any new system, there are bound to be challenges," he says. "Hence, instead of disrupting the entire organization, try and learn from your mistakes by incorporating the changes in one department initially.” (See: Changing Authentication for Employees)

Industries Taking the Leap

The banking, healthcare and air travel sectors are leading the way when it comes to applying CIAM principles to employee authentication.

“In highly regulated environments, adopting CIAM principles is actually incredibly useful,” Bird says. “It allows companies to provide the correct access, roles, resources and assets based upon the user's persona in the instant of the transaction. If I'm a doctor but I'm also a patient, by using CIAM principles, I can ensure that I'm not using my physician-related access credentials to look at information about myself.

“CIAM can actually be a pathway to better compliance results for financial institutions and other highly regulated companies by providing a complete view of the human being in question in both of their roles - as customer and employee."


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.