User behavior analytics is something we know from online shopping. The users’ navigation in e-shops is tracked and the results are used for up-selling, cross-selling or personalized advertising. Today, new insights from user behavior also increase the security and usability of online applications.
It has become difficult to define the virtual external borders of a company: the Internet of Things, exchange with customers, partners and suppliers, and cloud services expand and blur the boundaries. Potential attackers lurk everywhere. However, for risk assessment the location of the attacker is no longer key. He may be inside the IT infrastructure or outside of firewalls and other protective devices.
Digital identity: Who am I and, if so, how many?
Who is the user and how does he behave? Is it a human being, a robot, a server or a smart device? The identity of a user and its verification – i.e. authentication – is more important than ever for IT security. While interaction used to take place at the bank counter, it now takes place electronically. This is why we need the digital identity (s. figure). As the backbone of digital life, it has a specific function – but also transfers valuable data and permissions to more or less trustworthy players. No wonder, digital identities – of which many of us have a high number – are often stolen and traded. Therefore, digital identities deserve attention within the larger IT security picture.
Usability versus security
As identity theft cannot be prevented, abuse must be limited. This is done with strong authentication: mTAN, one-time password tokens or new identity cards are useful. Adaptive security methods such as continuous authentication, misuse detection and alarming the legitimate identity owner are also working. These methods respond to changing environments, thus offering security benefits. At the same time, they reduce usability, which is why their acceptance is poor. The emerging biometric authentication is user-friendly and therefore seems to be the ideal solution. However, fingerprint sensors, iris scanners and face recognition software can also be cracked – and they make highly sensitive biometric data electronically accessible. As a result, the data can be copied, which is particularly unpleasant for users. Behavior analytics comes in as an alternative as, compared to biometric data, it captures more dynamic aspects of our identity.
Behavioral aspects as part of the digital identity