Passwordless: The Next Evolution in Authentication

By | Managed Services News

Sep 13

Passwordless enhances security while simultaneously decreasing authentication friction for users–a win-win for IT infrastructure.

With the increasing threat landscape and recent workplace shifts to support remote users, many companies are deploying a zero trust security model to mitigate, detect and respond to cyber risks across their environment. Looking ahead, the next evolution in authentication is passwordless.

Zero trust principles help protect against identity and access-based security risks by requiring all users–whether inside or outside the organization’s network–to be authenticated, authorized and continuously validated for security configuration and posture checks before granted access to applications and data.

Zero trust relies on robust user authentication and device validation over network and endpoint security to protect applications and data against new and emergent threats. Instead of security enforcement at the network perimeter, zero trust focuses on protecting applications and surface areas. Users and devices are not automatically trusted because they happen to be behind the enterprise perimeter or on a trusted network.

While each organization may have a varying approach to deploying Zero Trust, the building blocks are generally the same, including establishing trust in every access request and securing access across their applications and network.

Passwordless cisco graphic

Deploying a zero trust architecture for the workforce provides a series of benefits, including improving the end user experience by allowing access to some applications or resources that traditionally require VPN access and streamlining authentication through multifactor authentication (MFA). Organizations can often leverage their existing security investments to deploy zero trust–including authentication, network access control, logging, device management, and endpoint detection and response–to improve their overall security posture.

The Move to Passwordless

The same zero trust architectural components can also be leveraged for the next evolution in authentication, which is passwordless access. The appeal of moving to passwordless authentication is that it unburdens IT departments that must continuously manage and reset passwords for users, which is time-consuming and expensive to maintain. For end users, managing multiple passwords across various applications and devices can be unwieldy, often resulting in reusing the same passwords that can be easily compromised and lead to data breaches.

When implemented correctly, passwordless authentication eliminates the password from the authentication flow while maintaining MFA security. In effect, passwordless enhances security while simultaneously decreasing authentication friction for users–a win-win for IT infrastructure.

While the promise of passwordless authentication is exciting, it’s important to think strategically about deploying new technology. By placing the foundational components of zero trust in place first–like SSO, MFA and device trust–the transition to passwordless will be smoother and more secure. As passwordless is a relatively nascent technology trend, organizations should consider a phased rollout, targeting users and authentication scenarios that make the most sense from a technical and business perspective.

Brad Arkin is Senior Vice President, Chief Security and Trust Officer, Cisco. Brad leads Cisco’s Security and Trust Organization, whose core mission is to ensure Cisco meets its security and privacy obligations to customers, regulators, employees and other stakeholders. Prior to joining Cisco, Arkin was Chief Security Officer at Adobe and has held management positions at @Stake and Cigital. Arkin holds a Bachelor of Science (BS) in Computer Science and Mathematics from the College of William and Mary, a Master of Science (MS) in Computer Science from George Washington University, and a Master of Business Administration (MBA) from Columbia University and London Business School.

 This guest blog is part of a Channel Futures sponsorship.

About the Author

>