Cybersecurity is focused in the wrong place

Data protection is important but protecting the data is not enough. Cybersecurity must also focus on protecting the use of data. In a data rich environment, data alone cannot be trusted to approve a transaction.

A state-of existence (existence) is created by a body in the physical world. Authentication is all about identifying the body creating existence. Once identified secure activity can be performed until the body leaves, ending the existence at the secure environment.

Existence-based access provides a serialized private portal as a non-data factor, a state-of-existence, for authentication. The question is, what can current environments do with existence for authentication? Verify presence before executing secure transactions. “If I’m not present, do not take action.”

The goal of authentication guidance since it was first published: a non-data second factor. The goal was aspirational until a decade ago, but indirect assertion was the standard then…and now.  It caused an average of $1.6B daily in damage in 2017. Indirect assertion is one factor authentication, it does not meet guidance.

Existence-based access, Not slick marketing, it’s valid science.