surfaces have rapidly expanded, and are no longer confined to local
networks.
Fortunately, the security industry is continuing to adapt to these rising
threats, becoming more proactive in their techniques and helping to drive
innovation in order to thwart the attacker’s plans. What’s more, with the
General Data Protection Regulation (GDPR) coming into force last year and
the potential reputational damages of a security breach, data protection

BIO
Born in Monza in 1967 ,Sergio joined Safenet in
2014 as Country Manager with the task of leading
the growth of the company in the region organizing
the distribution and partners Cyber Security in Italy
and Malta. Sergio is now responsible for the sales
and expansion strategy of the Gemalto Enterprise
& Cybersecurity division (formerly Safenet) in
Southern Europe for the regions of Italy Malta Spain
Portugal Israel and Cyprus. Sergio has over 20 years
of experience with roles of increasing responsibility
in sales and business both in Italy and internationally
mainly in the Security Enterprise Software Hardware
and Embedded sectors. He has a wide knowledge of
the European market thanks to various positions held
in American multinational companies such as Wind
River The MathWorks and OSIsoft where he held roles
of District Sales Manager and Sales Manager for Italy
Greece and Malta.

and the reputational and financial risks associated with it are now at the
forefront of organisations’ minds.
One area which has taken a particular focus after a raft of credentialbased attacks is identity and access management (IAM). Composed of two
elements, IAM technologies are responsible for both creating and managing
identities and ensuring identities within an organisation access resources
and applications with the appropriate level of security. For example, when
a new employee joins a company, the identity management process will
create that employee’s digital identity in the system, issue them with a
password and determine which applications they need for them to do
their job. After this, the access management system validates the user’s
credentials when they log into their apps, and ensure that the appropriate
access policy is applied.
However, as the sophistication of cyberattacks grows and disruptive
technologies such as AI begin influencing method of attacks, what does the
future hold for Identity and Access Management?

capable of mimicking human behaviour, solutions need
to begin validating users with more than just log-in
details – they need to be adaptive.
Traditionally, authentication has been a one-timeonly decision based on the credentials that the user
presented. While this protects networks from the
majority of current malicious attacks, with machine
learning this will eventually lead to easy, undetected
account takeovers. Access management technologies
now need to be able to track user behaviours to provide
continuous authentication and authorisation.
To determine if a user is who they claim to be, the
site or system needs to read signals from the user’s
interaction, contextual and navigational activity to
understand what constitutes ‘normal’ behaviour for
a certain user. This allows it to then detect and alert
on any behaviour that deviates from this. In short,
if a user logs in from London, and types in a certain
manner, then a log-in attempt from the Ukraine with a
mechanical typing style is likely to be malicious – even
if the credentials are correct. If the behaviours point to
fraud, the access control system should terminate the
session or require additional step-up authentication
from the user.
As the race to master AI for both malicious and
protective purposes increases, it’s clear that access
technologies are at the forefront for keeping businesses
secure. And it’s not just AI that’s set to bolster these
technologies – Biometric access control is set to help
support organisations in highly regulated industries
such as defence contractors and government offices.
These innovations in cybersecurity will translate to
innovations in access management technology and
help keep networks secure. Those organisations that
establish a strong access frameworks will not only

improve their security, but ultimately create a future
where security could be invisible. With adaptive access
management technologies and the right access policies
in place, users won’t be impeded by security: The login process will be based on the intelligent assessment,
enforcement and monitoring of access policies –
providing a hassle free and secure user experience.

Passwords: a hacker’s dream
From Single Sign On
(SSO) and biometrics
to artificial intelligence
and tokenisation, the
security industry is
continuing to pursue new
ways to improve access
management – but one
thing that remains at the
heart of most security practices implemented within organisations are
usernames and passwords. In fact, consumers today have on average 90
online accounts, and to make their digital lives simpler, almost all (89%) are
using the same one or two passwords for everything.
This becomes a major concern when considering that well over 3.3bn
data records were compromised in the first half of 2018. Those credentials,
many of which include email addresses and individuals’ passwords, provide
hackers with a wealth of material from which to attack businesses. Once
hackers have a known email and password combination, they’re able to
programme bots which attempt to force their way into potentially tens of
thousands of online and business accounts.
However, while access technologies such as SSO and two-factor
authentication are reducing the success of these attacks, new technologies
are posing a risk. Soon hackers will be able to create machine learning bots
which can mimic user behaviours, making it harder than ever for security
professionals to understand whether enterprise log-in attempts are genuine
or those of malicious bots. Worse, as quantum technology approaches,
traditional encryption will no longer be fit for purpose, meaning that access
management needs to be at the forefront of every organisation’s security
strategy in order to protect the data within.
Is machine learning the answer?
Thankfully, the security industry is using this same machine learning
technology to keep up with these emerging threats. As bots become

SHARE

Other Magazines