IBM widens availability of its IDaaS solution

IBM says its extending its Artificial Intelligence (AI) technology to what it calls “clients in all industries” via the company’s Identity-as-a-Service (IDaaS) offering.

The tech – originally developed to protect users in the financial services industry – is called IBM Cloud Identity now features AI-based adaptive access capabilities that, Big Blue says, will “help continually assess employee or consumer user risk levels when accessing applications and services”.

IBM Cloud Identity is an Identity-as-a-Service solution that helps organisations connect every user to every application using adaptive access.

The solution escalates suspicious user interactions for further authentication, while those identified as lower risk are “fast tracked” so they can access applications and services they need, it adds.

Through the use of AI, the service helps simplify access management and security for users by assigning user risk levels based on a defined set of factors. With these risk levels, administrators can create rules that level up or level down authentication – implementing strong authentication but only when needed.

The context, IBM thinks, is that with data breaches on the rise, traditional means of securing access, like passwords, are often not enough to prevent unauthorised access.

The rise of credential-stuffing attacks, where a malicious actor obtains a list of credentials and tests them at various other sites using a bot, demonstrates that many password combinations have been leaked.

Considering the amount of programs and passwords that employees are managing between their professional and personal lives, it is increasingly important that new security measures do not hinder user experience, it adds. 

“Companies are constantly trying to optimise both security and user experience, but the trick is ensuring security is not disrupting the everyday user journey” said Jason Keenaghan, Director, IBM Security.

“IBM Cloud Identity with adaptive access is using AI to give organisations a holistic view of context for user access, based on indicators like malware and risk indicators, device insights, and user behaviour to help them focus security on high risk logins and give the majority of users seamless access to their accounts and applications,” he added.

Many organisations continue to rely on older username and password methods to provide employee and consumer users access to services. Due to the patchwork of applications and solutions organisations are working with, they may not be able to deploy more modern security layers.

This can create a blind spot that prevents security teams from easily implementing rules that flag suspicious indicators like malicious logins, unknown locations, unrecognised devices, and whether a user is on a company’s network VPN, IBM is saying. 

“According to our primary research results, the establishment of low-friction end user experiences has the potential to help boost security effectiveness while reducing management efforts and related costs,” added Steve Brasen, Research Director, Enterprise Management Associates.

“By injecting intelligence into access processes, IBM is helping its customers implement the appropriate level of authentication enforcement for users while minimizing impacts to their productivity.”