There are nearly two billion usernames and passwords available for sale in the black market, according to a recent joint study carried out by Google Inc. and the University of California. A significant percentage of those login credentials can be used to directly access Google accounts, driving security researchers’ new focus on machine learning methods to keep password authentication processes from slowing down progress within cloud environments.
“As you start adopting cloud services, as we’ve adopted mobile devices, there’s no perimeter anymore for the company,” said David McNeely (pictured), vice president of product strategy at cybersecurity firm Centrify Corp. “Identity makes up the definition and the boundary for the organization.”
McNeely stopped by the set of theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with co-hosts John Furrier (@furrier) and Dave Vellante (@dvellante) at CyberConnect 2017 in New York City. They discussed the weaknesses of current password models, a growing interest in just-in-time permission and the future role of machine learning for enterprise cloud security. (* Disclosure below.)
Password vaults create weaknesses
Flaws in password-protected computer security models have been well-documented. Centrify works with a number of customers who use password vaults or managers, repositories for access credentials that can be “checked out” for a day and used by system administrators to grant them control over every computer in an organization. Often, the passwords are placed in a clipboard file which can be easily accessed by a hacker.
“We been spending a lot more time trying to help customers eliminate the use of passwords, trying to move to stronger authentication,” McNeely said.
Security problems have been exacerbated by models where system administrators are automatically granted persistent access across network. Hack one, hack them all. To address this weakness, Centrify has been developing a just-in-time workflow access request model, where no administrator can enter systems databases until a set of approval protocols have been followed.
“That’s the one that’s a little bit newer that fewer of my customers are using, but most everybody wants to adopt,” McNeely said. “The malware can’t make the request and get the approval of the manager.”
The concern about this approach is that it can slow down enterprise workloads. This is where machine learning could have a major impact by analyzing system entry requests based on patterns of historical access. Behavior-based systems can evaluate more than 60 different factors, such as where the device owned by the requestor is physically located and if that matches an administrator’s profile.
“The whole idea is to try to get computers to make a decision based on behavior,” McNeely said. “It’s going to help us enormously in making more intelligent decisions.”