Most organisations understand that it is no longer acceptable to assume that you can control how or where users access services from. The anywhere-anytime benefits of cloud solutions make it impossible to control the point of access, and policies such as BYOD, further complicate this traditional protection model. In fact, risk managers must now assume that all devices are compromised.
Industry has addressed this through trying to mandate 2-factor authentication solutions, Identity Provider software (IDP), or Cloud Access Security Brokers (CASB), but these are all inherently complicated, and often introduce new risks. For example, 2FA complexity can make a user avoid logging in – “its too hard” – while IDPs and CASBs do not address the centralisation problem but just move the risk to a vendor managed cloud service.
Cipherise addresses the problem of a variable perimeter through using externally validated trust. Through a simple action via the Cipherise App – aligned to the risk level of the service (SSO, Push, Biometric, or OneTiCK), the platform leverages industry standard PKI to uniquely digitally sign each authentication response and affirm the authenticating entity is true and correct. By virtue of the patented OneTiCK method, there is no way to electronically mimic or ‘spoof’ an eternally generated authentication response.