Because it works behind the scenes, “the technology is very invasive to the application,” Diodati says. Building applications that require constant evaluation of user actions is hard work for developers, much more complex than building front-door log-ins and password access. For that reason, it might be a while before a large number of offerings are available for purchase.
Then there is the issue of fine tuning the continuous authentication systems. There might be instances of false acceptance, when users who are not authorized to access a system are able to fool the biometric access tool to get in. On the other hand, there can also be false rejections, where legitimate users are denied access because of an incorrect reading.
“Those things need to be pushed down to very low percentages,” Diodati says. “A lot of maturity needs to occur to drive down those types of errors.”
Some of the earliest deployments of continuous authentication to date have been in the European banking industry, where regulations for user authentication are particularly stringent, Diodati says. Some of those implementations are in the pilot phase.
Continuous authentication will not likely become a mainstream security technology until some time in 2018, Diodati says. He expects to see initial adoption in industries requiring a high level of security and that frequently require user work sessions of long duration. These include financial services, aerospace, government, healthcare, high technology and manufacturing.
“We’ve been talking about this for a very long time but didn’t have the big data/analytics capabilities and the mobile platform architectures until recently,” Diodati says. “It has been just a concept until now, and we’re starting to see the technology that can make it work.”