Continuous Verification

Continuous verification refers to an ongoing process of verifying and validating the identity of individuals or entities over time, rather than just during initial access or authentication. It involves regularly assessing and confirming the identity of users, systems, or devices to ensure that they remain authorized and legitimate throughout their interaction with a system or network.

Continuous verification is often used in security and access control systems to enhance overall security and reduce the risk of unauthorized access or data breaches. It can involve various techniques and factors, such as:

1. Multi-Factor Authentication (MFA): Requiring users to provide multiple forms of verification (e.g., password, fingerprint, facial recognition) during each interaction to strengthen identity confirmation.
2. Behavioral Analytics: Monitoring user behavior and interactions to detect any deviations from typical patterns, which could indicate unauthorized access.
3. Device and Location Tracking: Monitoring the devices and locations from which users access a system to ensure consistency and detect anomalies.
4. Periodic Reauthentication: Prompting users to reverify their identity after a certain period of inactivity or at predefined intervals.
5. Real-time Monitoring: Continuously monitoring ongoing user sessions for suspicious activities or signs of account compromise.
6. Risk Assessment: Evaluating the potential risk associated with each interaction and adjusting verification requirements accordingly.

Continuous verification is particularly important in environments where security risks are high or where data protection regulations require regular authentication and access monitoring. It helps organizations maintain a higher level of security by minimizing the window of opportunity for unauthorized access or fraudulent activities.

Pomerium applies continuous verification on a per-request basis. Policy applied to any route or namespace will enforce authorization checks throughout a session, ensuring that only the intended user with the right context can access a protected resource.