Download the latest Identity Security Report
- ProductsSolutionsIndustriesResourcesSupportCompany
Schedule a Demo
With the Now Platform’s recent Quebec release, ServiceNow has introduced adaptive authentication. This framework allows enterprises to enforce more contextual authentication policies that better adapt to the types of environments where today’s employees get work done.
This is an important step forward for security within ServiceNow. Clear Skye is happy to see it being addressed at a platform level. We also see ServiceNow’s adaptive authentication framework as a key stepping stone for more robust and flexible policies.
Let’s take a closer look at what adaptive authentication can do today – and what it has the potential to do.
Adaptive authentication on the Now Platform
Quebec enables the use of contextual authentication controls, which will evaluate incoming authentication requests and approve or deny them based on specific policy conditions – IP address, user groups, roles, and so on. Enterprises can configure adaptive authentication properties according to their own security requirements and policies.
This has some clear security advantages. One is segregation of duties: A user who has the authority to cut checks can be easily denied access to the authority to approve checks. Another is preventing unauthorized access from untrusted IP addresses. If a user in New York logs off, and the same “user” then tries to log on from an IP address in London 15 minutes later, authorization can be immediately denied. Policies can also approve authorizations only from office-based IP addresses for certain critical tasks, such as releasing company funds.
Traditionally, individual identity and access management products have applied their own adaptive authentication policies. For enterprises that use different IAM products for different enterprise systems, this can lead to a hodgepodge of policies. That makes access difficult to manage, which can easily lead to confusion, frustration, and cutting corners.
That’s why applying adaptive authentication at the level of the Now Platform is an important step forward. This lets enterprises set an overarching policy instead of applying individual policies in a piecemeal fashion. That makes it harder for attackers to gain unauthorized access – but it also makes it easier for authorized users who have completed the necessary authentication steps.
Adaptive authentication as another step forward for digital transformation
At Clear Skye, we see potential for adaptive authentication to evolve to be even more flexible than simple approval or denial. The ability to coalesce software and hardware data across the entire Now Platform could further expand the capabilities of adaptive authentication, with some steps skipped and other steps required depending on the context.
Consider the following scenario.
Here, adaptive authentication is indeed adaptive. Using an up-to-date corporate device, Sam doesn’t have to use MFA a second time to log on from home and will only need to use MFA from the coffee shop to access sensitive information. On the other hand, Dana’s personal device will be watched closely, and Dana will be reminded that the device poses a security threat.
These potential future use cases for adaptive authentication are another example of how workflow automation can power digital transformation in the enterprise. When data is removed from its silos, workflows can become intelligent. Employees can dictate the business processes that give them the flexibility to get work done – while enterprises can leverage the ServiceNow data plane to identify risk indicators, such as outdated antivirus software or log-ins from personal devices, and stop risky behavior in its tracks. Adaptive authentication in the Now Platform’s Quebec release is the first step toward making this happen.
