Context Aware Access: Who, What, Where?

Updated on
Context Aware Access: wie, wat, waar?

What is it?

Context-Aware Access (CAA) is an advanced form of access control that considers the context in which a user attempts to access a system, application, or data. Traditional access control systems, such as those based on a username and password, are static. They only verify who you are. CAA goes further by also considering how and where you attempt to gain access.

This context includes a range of factors that are analyzed in real time to determine whether an access request is legitimate:

  • Location and Network : Is the user attempting to access from an unusual location, such as another country? Is the user connected to a secure corporate network or an unsecured public Wi-Fi network?

  • Device : Is a trusted and secured device being used or an unknown smartphone?

  • Time : Will access take place outside normal working hours, for example in the middle of the night?

  • Behavior : Does the user's behavior deviate from their normal pattern? For example, does a financial employee suddenly try to access the HR database?

A context-aware system can then grant or deny access, or require additional security measures such as multi-factor authentication, based on the settings.


What does it do for you?

CAA's capabilities offer significant benefits in security and ease of use.

  • Enhanced security : It reduces the risk of account compromise. Even if a password is stolen, the attacker can be denied access based on context.

  • Flexibility : You naturally want users to work from different locations and devices, without compromising security. This makes working from home and mobile more secure.

  • Differentiated access : An employee can have full access to their office computer, but only read rights on a public WiFi network.

Add this to your Google Workspace now!

Google Workspace has been integrating this concept into its own services for customers with Google Workspace Enterprise Standard and Enterprise Plus. Google's implementation allows administrators to create very granular policies that go beyond traditional security protocols.

This allows you to block access to apps from unmanaged devices or require a device to meet specific requirements, such as enabled encryption, an up-to-date operating system, or antivirus software. Naturally, you can also restrict access to your GWS based on the device's serial number, specific IP addresses, etc.

As an administrator, you can apply different policies to specific organizational units (OUs) or user groups, so that, for example, the finance department has stricter rules than the marketing department.

Finally, Google offers an Insights feature that analyzes and recommends which policies can be implemented to close potential security risks, such as which devices become outdated. This makes the whole thing proactive and easier to manage.

The icing on the cake

 Google recently introduced "Alert Mode", which notifies users if they don't comply with access policies, but doesn't immediately block access. This helps raise awareness among users about unsafe situations. Traditional security measures, however, can sometimes hinder productivity, for example, by requiring a VPN.

In short, context-aware access transforms access management from a static "yes or no" decision to a dynamic, risk-based evaluation that improves security.

Discover more