This article first appeared in News in the Channel magazine issue #36.
Fredrik Gessler, head of product management at Vonage, explains how silent authentication keeps organisations’ data secure in the age of BYOD. No password? No problem.
UC platforms have long been organisations’ main driver of staff cohesion, keeping teams connected across locations, time zones and devices. Slowly but surely, these tools have crept from work devices into employees’ personal devices.Â
The normalisation of hybrid and remote work following the pandemic has scattered workforces across the globe, with 7% of the UK workforce indicating they are ‘very likely’ to become digital nomads in the next three years. But even when employees are still in the office five days a week, today’s ‘always-on’ workforce still wants the option to catch up on emails on their way into the office or on their lunch break: 70% of office workers use their smartphone for work purposes.Â
As employees embrace a more flexible working style that combines work with personal lives, it’s inevitable that they’ll adopt bring your own device (BYOD) – whether permitted by their organisations or not. As many as 70% of BYOD devices used in the workplace aren’t managed, meaning they fall outside the control of IT teams and likely lack standard protections like endpoint detection or encryption. In a UC context, this can quickly lead to unauthorised access to sensitive calls and messages.Â
When employee experience becomes a security risk
In response to concerns around BYOD, many organisations have upped security measures for internal tools, forcing users to repeatedly enter their password or approve multi-factor authentication requests.Â
This can be counterproductive. Beyond frustrating employees and hampering productivity, excessive manual authentication steps can lead to users abandoning security systems altogether and creating risky workarounds. For instance, employees might opt to reuse the same password again and again or create an overly simplistic password that’s easy for hackers to guess. It’s telling that individuals with high levels of password fatigue are more than twice as likely to experience a data breach compared to those with low fatigue levels (62% vs. 29%).Â
Frustrated users might also choose personal email or messaging apps instead of a secure corporate communication platform, or store work documents on their personal cloud drive instead of the company’s file-sharing system.Â
It seems organisations are stuck between a rock and a hard place: leave employees to their own devices (literally) or introduce stringent new systems to enforce security and risk users flouting them. How can organisations reap the benefits of BYOD without opening themselves up to a huge new threat vector?
No password? No problem
Silent authentication is a new way of looking at identity verification. Instead of interrupting users with password prompts or confirmation codes, this approach verifies users in the background using ‘invisible’, real-time signals between the user’s device and the mobile network.
The silent authentication mechanism can be further augmented with other trust signals from the network. Provided the employee’s behaviour appears normal, they can move seamlessly from one application to another. If anomalies are detected in the trust signals, like a SIM swap or an unexpected location change, actions can be taken such as automatically pausing the user’s access or triggering additional verification.
This approach doesn’t rely on easily compromised user credentials, instead using passive, environmental signals that are difficult to fake and are unobtrusive to the user. IT teams can draw on a wealth of real-time data sources, such as carrier network data, device consistency checks and even velocity checks.Â
In an age of staff and budget constraints, silent authentication is a scalable solution that doesn’t require additional resources. It’s particularly useful for promoting speedy and efficient communication between teams, as employees expect to move quickly between voice, video and messaging without interruption or access barriers.
Finally, with growing regulatory pressure from legislation like GDPR, ISO and SOC 2, organisations need to be able to authenticate employees without over-collecting user data. Traditional authentication methods – especially those that rely on passwords, biometrics and personally identifiable information – often require organisations to store sensitive user data in centralised systems. This expands the organisation’s attack surface in the event of a breach and creates compliance risk if the data is mishandled or kept longer than it needs to be. Silent authentication eliminates this risk.
The future of authentication is invisibleÂ
Security shouldn’t come at the cost of productivity. As identity becomes the new security perimeter, the most effective strategies will be the least visible ones that don’t get in the way of employee workloads or create frustration.
By embracing silent authentication, organisations can reap the cost benefits of BYOD, increase employee productivity, and free up IT teams to focus their efforts elsewhere. Meanwhile, employees gain the ability to work from anywhere – on the go or in the office – on the devices they know and are familiar with, giving them the flexibility to switch between their personal and work lives.
