Contextual Access Management: What Does It Actually Mean?
Today’s teams get the job done from wherever they need to and on whichever device they prefer. Their workplace may be within the traditional office environment, but it can also be at home, in a coffee shop, at a client site, or even a combination of these on any given day. The range of endpoints teams use—whether a laptop, a tablet, a mobile phone, or even someone else’s device—only adds further complexity to access management for IT teams.
When so much of the work we do is carried out beyond the corporate firewall, and often on devices beyond IT’s direct control, IT teams must rethink their approach to risk-reduction for unauthorized access to private and confidential information. The solution is contextual access management, which rates the risk of every access request based on its context.
What is contextual access management?
Contextual access management is not new technology—rather, it’s a new way of using an existing technology. Traditional access management, while not easy to set up and manage, is relatively linear and straightforward. Users are created and assigned roles and each role has a set level of predefined access.
Contextual access management adds multiple facets to this process by judging every request within its context. In other words, it's a system that makes decisions to grant or deny access based on a host of factors, not just the user’s role—factors like the location, the device, the type of request, and the timing of the request are weighted as well.
For example: If an employee tries to access sensitive data from a coffee shop with unfamiliar wifi at 6:00am, that request understandably carries a much higher risk rating than one made from an office desktop during business hours. Contextual access management looks at all of these factors before allowing access, evaluating requests based on an intelligent understanding of endpoint risk.
How does contextual access management actually work?
Contextual access management solutions assign a level of risk to each factor. The risk level of each is then consolidated, and an access decision is made based on the overall risk rating.
Due to the complexity and volume of the requests, a contextual access management solution must be capable of making dynamic access decisions automatically. In addition, the system should offer variable access depending on the risk factors, rather than unilaterally blocking or allowing access. It should also alert users to the reason they’ve been denied access, if that’s the case, and what factors they still require to get access. After all, technology is meant to help, not hinder productivity.
Many applications already feature some form of access management; however, they aren’t able to offer it at the granular level required by today’s flexible working environment — this is usually best handled by external tools services that specialize in the field.
Implementing contextual access management
Users have come to expect seamless and secure access to the tools and information they need anywhere, on any device and at any time. But applying context to access requests with these expectations in mind is difficult, particularly in modern organizations that utilize a variety of on-premise and cloud-based apps with a mix of access control systems.
A good contextual access management solution must therefore be integrated, user-focused, and vendor-neutral — one that’s seamless to implement, scalable, and available. Okta meets those demands, offering contextual access management in our products across Microsoft, Apple and Google operating systems, as well as APIs for teams looking to build their own custom web or mobile app experience.
The benefits of a contextual access management solution are clear. It lowers risk by ensuring every access request is judged in accordance with its security context — without compromising on system accessibility — leading to improved productivity and overall efficiency for IT teams.
Read more about Okta’s recent updates for best-of-breed device management.
