How Context Drives Full Access Decision-making

May 16, 2022

Access is an interesting topic. Fundamentally, it means “permission, liberty, or ability to enter, approach, or pass to and from a place or to approach or communicate with a person or thing." In the context of security, the layman might phrase access as: ”Who can do that?”

Each word there is a complex field unto itself in cybersecurity.

  • “Who” — confirm the entity is who they claim to be: authentication

  • “can” — confirm entity has the right or qualifications: authorization

  • “do that” — perform or execute: the action or request

Many security measures rely on authentication to make a binary access decision: the entity is authenticated, whitelisted, and allowed to proceed — or the entity is neither authenticated nor whitelisted and therefore rejected. This security model exposes a permanent gap in security for the organization: trusting an authenticated entity to not abuse their access.

Context-aware access enables organizations to mitigate their risk from entities abusing previously granted access, such as compromised or malicious insiders and more. Under this model, every single action is validated and access is continuously granted or denied based on context.

The good news is that context-aware access isn’t just a new security buzzword but a progressive update to the existing decision-making process for granting access. Even better, this security model empowers an organization’s users to be productive without compromising on the organization’s security posture.

This blog post will discuss the following:

  • Why does context matter in access decisions?

  • What are the forms of context?

  • What does a context-based security model solve?

Why Does Context Matter In Access Decisions?

Context means everything — particularly when the consequences of a decision matter.

You may recognize the phrase “identity-aware” for infrastructure or tools protecting sensitive assets and applications. This means that the security model authenticates the entity’s identity before granting them privileged access to proceed with the action or request. Taking this a step beyond identity involves incorporating contextual information into the decision-making model.

Context-based access is an adaptive decision-making security model enabling an organization to base privileged access decisions on multiple ongoing pieces of contextual data. This results in stronger insight into the circumstances around which access is being granted: who, what, when, where, and ideally even why a request should be allowed to proceed. Consequently, the organization can also make informed decisions for when previously granted access should be revoked and denied.

The importance of context has only increased in an era of digital remote work. Gone are the days when an organization can easily confirm an individual’s activities within their perimeter. The goal of context-based access is to shift away from a network and perimeter-based security model that no longer works.

Now, it’s clear that remote work is here to stay — and correlated, insider threat incidents have risen 44% over the past two years to $15.38 million in losses. Your organization’s security and bottom line will soon rely on being able to continuously validate the context of every single request so that the corresponding level of expiring access privileges can be granted.

By using context (such as device identity, state, and posture) to supplement decision-making criteria (such as user identity) when delegating access, organizations can begin migrating to a zero trust-based security model. Because the existing identity-aware access is just a subset of context, many systems that rely on identity-aware access can be easily shifted to incorporate contextual information into their access decision-making process and achieve context-aware access.

While the current generation of commercially available BeyondCorp-style access proxies support integrating user identity from identity providers (such as Okta), they do not support, leverage, or integrate with other contextual factors. This oversight is considerable considering the focus device-state is given as part of the original BeyondCorp white paper on the Access Proxy. However, the current generation of context-aware proxies lack the functionality and capabilities of the security model articulated in the white paper.

What Are the Forms of Context?

Cybersecurity access from context can be broken down into three categories:

User Context

This context deals with changing factors about a specific user in question. For example, if the system knows the user is on vacation overseas but gets a login request from the user’s normal location with the correct user credentials, something may be wrong.

Device Context

Device context checks the manner in which the upstream service or application is being accessed: device state, browser, network, version, etc. The system uses this context to decide if the device is compromised at any point and access should be denied, even if the user is validated.

Network Context

This refers to the network details of the request. What IP are you trying to reach? What IP did you come from? What is the standing of those IP addresses. These are many of the things that were in the old perimeter security model around network and locality, but also include things like “is the user trying to access” http://somesite.com/admin or http://somesite.com/wiki which might have very different security postures.

This contextual information can then be used to make dynamic access decisions beyond yes or no, such as allowing certain data or resources to be access while barring others. This results in less user frustration while minimizing the company’s risk exposure without compromising on security for frictionless workflow.

What Does A Context-Based Security Model Solve?

Context-aware access decisions will reduce the possibility of:

Earlier, we mentioned dynamic access policies granting limited degrees of access to users — this has far-reaching applications for productivity growth and accelerations in organizations embracing remote-work.

In our example below, we’ll compare identity-aware vs context-aware security models to illustrate the difference when encountering an employee’s credentials used for access from overseas:

Scenario

Identity-aware

Context-aware

Actual employee

The employee is able to log in to their account using their work credentials. Because they have been authorized and granted full access to their account, the system assumes “They can do that” for all actions the employee wants to take.

The employee is able to log in to their account using their work credentials. The context-aware gateway further recognizes that the account is accessing from a different region on an unrecognized network, using a different browser, and on an unregistered device. The system allows them partial access to check on their work calendar but does not allow for further access to sensitive systems such as accounting software or check-in any code to source control.

Compromised account

The malicious actor is able to use stolen credentials to log in to the employee’s account. Because the malicious actor has been authorized and granted full access to the compromised account, the system assumes “They can do that” for all actions the malicious wants to take.

The malicious actor is able to use stolen credentials to log in but only gains partial access.
The context-aware gateway recognizes that the account is accessing from a different region on an unrecognized network, using a different browser, and on an unregistered device.
The system limits the malicious actor’s access to seeing the work calendar without being able to make any changes or damaging the company’s internal systems.

This context-aware security model shifts privileged access away from the inherently dangerous model of “all-or-nothing” and long-lived for the entirety of a user’s session prevalent in systems today. Under the upgraded context-aware model, every single action is constantly validated for context and continued access can be revoked at any time. Doing so mitigates risks for the company from insider and outsider threats because no entity is implicitly trusted to not abuse or misuse their access.

Security Reimagined

The end result of having a context-aware gateway with dynamic access policies is operational agility while mitigating risk exposure. This shift in mindset for access decisions enables a company to benefit from frictionless workflow productivity and security at the same time.

“More than six out of seven organizations (85.3%) experienced a successful cyberattack within the last 12 months.” Because breaches impact the entire company, it’s never too late to reevaluate the organization’s security posture and integrate security with all of the organization’s activities.

When your organization’s security posture is inadvertently put to the test, do you have confidence in it?

Until the next breach! Hopefully, yours is relatively contained.

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
What is Zscaler and How Does it Work?
Blog
Reference Architecture: Using AWS EKS with Pomerium
Blog
Identity Aware Proxy (IAP): Meaning, Pricing, Solutions

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved