Right now, the business world is witnessing probably the most substantial shift in work culture. Companies have requested most of the employee population to work from home for at least the next few weeks. This big shift in the mode of work enabled by digital tools ranging from web conferencing, e-mail to phone integration applications, virtual event platforms, etc., is putting to test everything we know about remote work and collaboration tools.
Saikat Chatterjee, Senior Director, Advisory at Gartner sums it quite well, “We’re being forced into the world’s largest work-from-home experiment, and so far, it hasn’t been easy for a lot of organizations to implement.” He also mentioned a staggering 91% of HR leaders recently polled said the most significant challenge they are facing is due to lack of technology infrastructure, which can support this new way of working.
Business leaders are facing a lot of uncertainty. It’s difficult to say how the COVID19 pandemic may force a business to evolve. Some may want to continue with the work-from-home policy, seeing productivity and growth. Others might choose to go back to traditional ways, where operations are confined within the physical workplace. We might also witness a permanent change in business environments due to the creation of new economic demands.
The world we know is going to change in more than one way. Old business rules and guidelines are bound to behave very differently in a post-COVID19 reality. Therefore, organizations must understand the need to embrace change and make cybersecurity a top priority.
When it comes to securing identities and managing access, we will see modern IAM solutions with enhanced capabilities playing a crucial role in shaping business conduct and consumer behavior. Legacy IAM solutions used by organizations until now may not be adequate to face the security questions put forth in the post-COVID19 world. Organizations need to adopt more intelligent, risk-aware, and automated solutions to take back control or reinforce security policies, which earlier they might have been forced to compromised with.
Identity And Access Management in a Post-COVID World
Taking back control of unwanted privileges
Organizations may have relaxed some of the privileged access management policies to facilitate work-from-home. Few users may have been granted extra permissions to maintain smooth workflows or to keep communications hassle-free.
While a few employees may benefit from the elevated permissions, However, when a majority of them are granted, such privileges can lead to severe vulnerabilities, which might lead to unwanted frauds. Too many privileges could also create an insider threat scenario, especially withlimited monitoring. Hackers are also aware of such scenarios, making employees an easy and valuable target. Also, newly privileged users now have the power to move sensitive data to new databases or locations outside of the organization, making them vulnerable to interception or theft.
Therefore, taking back control of extra privileges granted becomes one of the top priorities once the pandemic outbreak recedes. Enterprises need to consider a combination of identity governance and privileged access management to overcome these challenges.
Identity Governance and Administration (IGA) helps IT security teams monitor users’ permissions and enables them to revoke unnecessary permissions. Privileged Access Management (PAM) allows quick review of privileged access sessions and precisely traces back user’s actions. PAM can help prevent privileged users from moving data to unsecured cloud databases or other vulnerable devices or locations.
The principle of Zero-Trust states that one should never trust and always verify every activity that occurs in a network. Currently, businesses might wish to extend some benefit of the doubt since many employees are either working remotely from home or located at workplaces having less security. Several of them may require working outside of their regular work hours; some might need access to databases that usually fall outside of their preview. Unfortunately, organizations are forced to trust more than they may be comfortable with..
However, this must be a temporary situation. Once the pandemic ends, the identity management solution must embrace a robust Zero-Trust model, which states, “Never Trust, Always Verify” and encourages the use of advanced analytics, continuous authentication, artificial intelligence, and machine learning for better detection of threats and breaches.
Automation or Robotics-driven IAM solution is going to find broader acceptance and increased investments. After the COVID19 pandemic, there is bound to be a spike in routine human tasks like Provisioning, De-provisioning, Directories, Authentication, Authorization, and Auditing.
Robotics Process Automation (RPA) mimics human behavior and automates IAM processes that are repetitive, rule-based, and do not require human interventions. The adoption of Robotics IAM would ensure that in the event of another pandemic, organizations are fully prepared to meet the security challenges and there are no interruptions to “business-as-usual.”
More Secure Cloud Solutions
Work-from-home employees and other remote users need access to databases in order to conduct their jobs smoothly. Conversely, this may create serious vulnerabilities for IT infrastructure; and adding to this menace, transitioning to the cloud can make digital perimeter less secure and harder to monitor.
When the COVID19 pandemic gets over, though organizations may find the migration to cloud doesn’t quite fit with overall cybersecurity goals, they must consider how IAM solutions can be leveraged to secure cloud databases.
Single Sign-On (SSO) to cloud applications will be the norm for many organizations. However, convenience can come at the cost of cloud security. Therefore, a business needs an IAM solution with strong authentication policies to function on the cloud. Merely having an authentication portal between access requests and sensitive cloud data can immensely help businesses ease into a post-COVID19 world. They can also add extra layers of security to mission-critical apps using Multifactor Authentication. Risk-aware IAM solutions can also be used to increase the assurance by prompting users for step-up authentication through risk analysis.
Wider Adoption of Customer Identity and Access Management (CIAM) Solution
The world is witnessing a considerable increase in the use of online services, particularly in the BFSI sector, as there is a massive shift towards digital payments and transactions. Customer demands on digital marketplaces and virtual retail spaces will put significant pressure on business workflows and may lead to bad customer experiences
CIAM can help with scalability and assist in meeting the newfound demand for online operations. It can securely manage customer identities and profile data, thereby helping in much-needed personalization and fortification of the digital perimeter. The use of Multifactor authentication, eliminating the use of passwords using social sign-on, and leveraging Single Sign-On(SSO) can ensure secure and seamless customer experience, helping in regaining the brand trust and reputation.