Today’s computing environments are more complex than ever. In the past, organisations could control access to their digital systems using on-premise restrictions. Nowadays, though, enterprises use both on-premise and cloud-based systems and applications. Employees, partners, and clients access these programs through various devices, including personal gadgets like mobile phones and laptops.
With such a variety of users, devices, and computing environments, it is now crucial for organisations to effectively manage digital identities and access. The practice of identity and access management (IAM) involves ensuring that the right people can access the right assets in the right context. It allows an organisation to have peace of mind even when granting a partner halfway around the world access to their online database, or when allowing employees to use company software with their personal mobile phones.
The COVID-19 pandemic has made the need for a flexible, robust IAM solution even more urgent. As organisations implement work-from-home policies, they are forced to adopt more digital processes and change the way IAM should be done under the New Normal.
This means enterprises must re-assess their IAM strategy and understand how a robust IAM platform can address the new requirements for working from home and conducting business remotely over the wire.
Here are some key considerations when re-assessing an IAM strategy and choosing an IAM platform.
1. Cloud architecture & mobile access
The majority of enterprise employees are now working remotely due to COVID-19—and it looks like the trend is here to stay. In a June 2020 survey by research firm Gartner, 82% of company leaders said that even post-pandemic, they will be allowing employees to work from home, at least part of the time.
However, these employees still need to access enterprise apps. This causes a massive strain on VPNs when many employees need to access applications that have not yet been “cloudified”.
It’s increasingly important for enterprises to adopt secure Software-as-a-Service (SaaS). They also need to ensure that they and their remote employees have secure cloud access. To accelerate the cloudification of existing enterprise apps, enterprises can use IAM solutions that assist in migrating the applications to the cloud.
Thus, it is important to have the right IAM solution that can not only support the legacy applications but also support the IAM functionality on cloud platforms with minimal or no changes, making it easier to cloudify the legacy applications.
2. Application access rights
The traditional model of access protection uses a firewall; it’s based on the idea that the bad guys are outside the corporate network. But this kind of setup no longer works in an environment dominated by cloud computing and mobile computing, along with the prevalence of phishing scams and malicious apps that spy on device owners. Nowadays, the security perimeter is focused on the end-user. Security systems must then focus on controlling and securing end-users’ access.
Therefore, the, along with Software-Defined Parameter (SDP) network security protection, has been introduced to tackle this security requirement under the new computing infrastructure.
The concept of Zero Trust proposes that organisations shouldn’t automatically trust anything that’s trying to connect to their systems and network, whether it comes from inside or outside the organisation. Instead, they must verify the identity of these users first. Meanwhile, the SDP approach to cybersecurity restricts access to company resources based on the user’s identity.
The ideal IAM solution brings together the Zero Trust and SDP approaches to provide end-to-end protection for enterprises. For example, it should provide fine-grained control over user rights, as opposed to having to grant all the rights associated with a specific user role. This prevents abuses of access and privilege.
3. Home security architecture
These days, more employees are using personal devices. As enterprises adopt remote work in response to the Covid-19 pandemic, their employees are relying on home networks that often do not have advanced security protection.
To help mitigate the security risks arising from these scenarios, enterprises must introduce tighter controls for user authentication with contextual information from the home network.
An ideal IAM solution would provide MFA authentication, contextual authentication, and a Zero-Trust computing model to address the needs of existing customers and potential customers to strengthen their access control measures.
4. App security for endpoint devices
Today’s daily enterprise operations are characterised by mobile device utilisation and a massive shift towards remote work. An estimated 69% of organisations allow employees to use their own devices to access work apps and databases, while 20% allow contractors and partners to do so. As such, there is an increased need to access enterprise applications on mobile devices and personal computers.
Each additional device used to access corporate systems is another endpoint that needs to be secured. However, it’s difficult for IT teams to adequately secure these personal devices without obtaining physical access to them and getting the owner’s password.
To reduce risks, organisations can focus on app security instead. They must adopt an IAM platform that provides user protection and app protection on unsafe and untrusted endpoint devices. The IAM solution must also provide end-to-end encryption to ensure data is transmitted in a secure environment, all the way to the app server.
5. Identity assurance and authentication of users
Increased remote access means users are logging in from atypical locations and devices, often at irregular times. This makes it hard to identify anomalous behaviour. In fact, a spike in false positives in this period of the New Normal has been observed, as vendors scramble to re-train algorithms and re-draw baselines to improve identity verification.
It’s important to adopt a modernised identity platform for consumers and employees wherever they are located to ensure seamless, connected digital experiences. An IAM platform must have comprehensive features to meet the latest IAM requirements and provide a seamless digital experience. These include support for contextual authentication to incorporate features to detect more abnormal behaviours. For example, the IAM module would analyse various user attributes—such as log-in location, device used, and historical data—when authenticating a user’s identity.
An IAM platform should also incorporate the use of dynamic identity verification to strengthen the verification of user identity. It would ideally support pluggable authentication to allow the addition of new authentication methods on top of existing ones. This not only enhances security but also promotes a frictionless user experience.
IT security in the New Normal
Under the new normal, organisations will adopt more digital processes to support the new working models, which will entail creating more digital identities, managing more users, and allowing access via plenty of personal devices—all without compromising on IT security. Organisations must assess their current IAM strategy and tools, and eliminate the burden of manual verification and identity management.
In the next article, we will take you through the process of assessing an IAM solution to meet the new business operating environments and tackle the key issues in supporting an omni-channel access strategy under the New Normal.
Meanwhile, you can learn more about i-Sprint’s robust and comprehensive IAM platform here.