Weathering the storm
The need to transform often accompanies any time of great change, but in the shadows of transformation comes growing identity risk
The business world is in the midst of a time of great disruption. With the majority of companies now working remotely, early tech adopters that embraced digital transformation as a vehicle for differentiating themselves are realising the exponential benefits and competitive advantage of having secure and efficient systems in place to support home workers.
Meanwhile, organisations that previously resisted transformation, due to the costs, disruption or simply fear of change, are scrambling to authenticate multiple remote endpoints on the network, leaving them more exposed to identity risks.
From wax seals and stamps to biometrics and behavioural analysis, humans have always looked for ways to validate that people are who they claim to be and can be trusted. Identity management has migrated from the mainframe and is now deeply embedded into the handheld devices of consumers.
As demand has spiked for better remote access and also online shopping and streaming services, organisations are scrambling to accommodate
Identity and access management is an enabler of digital transformation as it forms the intrinsic connection between people, services and data. A workforce underpinned by technology can operate increasingly independent of location or time zone, making digital identity practices more important to business success than ever. This importance is further emphasised by the fact that many business models are underpinned by technology that allows customers to engage and interact with them online.
“They are vital for presenting a compelling first contact point to customers, protecting sensitive data, enabling secure transactions and transforming business processes,” says Adam McElroy, cyber risk director at Deloitte.
“They allow new ways to engage with consumers via social media, improve collaboration within the business, and automate and simplify cybersecurity. Consumer-focussed organisations may also consider a ‘bring your own identity’ policy and a user managed access protocol as part of a resilient strategy.”
Yet as demand has spiked for better remote access and also online shopping and streaming services, organisations are scrambling to accommodate. The sudden shift to a large remote workforce has posed significant identity risks and challenges as companies seek to maintain security and ensure business continuity.
Identity and access management is crucial to ensuring resilience during times of change. While the communications infrastructure is there to enable this unprecedented shift from office to remote work, for a lot of companies it is a big challenge to do this quickly while also maintaining productivity.
In the rush to enable remote working, it can be easy to overlook formal security training and guidelines. Such resilience policies should govern the management of remote access, the use of personal devices, password and authentication guidelines, and privileged access control.
It is also good practice to establish IT support mechanisms for remote workers, such as a virtual helpdesk. IT teams require visibility across the remote workforce devices connecting to the corporate network, with a clear view over security and authentication.
Personal and company wellbeing
“Businesses holding off on adopting more secure and efficient authentication methods will have to update their practices eventually, in response to regulatory changes and consumer demand. As technologies evolve – from the internet of things to blockchain – trustworthy authentication will be the key to widespread adoption.”
Digital transformation changes how employees access data, and this can mean the user access and security controls that companies traditionally rely on are exposed to new vulnerabilities. For example, employees using their own devices while working at home could give hackers easier access to sensitive information.
GDPR, the EU’s data regulation, expects companies to consider a data protection impact assessment before making changes that will affect the processing of personal information, and that includes remote working. A resilient agile working policy should also clearly define processes and responsibilities for identity-based access control, dual factor authentication and encrypted data transfers.
Organisations must consider the wider context of changing landscapes and user behaviours, and how they could lead to more identity risks when their employees are working from home. People will often use the same password for their personal logins and subscriptions as they do at work. Cybercriminals will frequently obtain users’ access details for one site and then test them on multiple other sites as well as corporate accounts, knowing there’s a strong chance that they will be able to gain unauthorised access.
“This issue can be addressed by continually reviewing password policies to ensure strong and unique passwords are used by employees,” says Daniel Milnes, a governance and information lawyer at Forbes Solicitors. “They should also make allowances for staff to inform them if their security has been compromised at home, so they can engage their data breach response process and mitigate the consequences of a breach on the organisation.”
Many companies were unprepared for how quickly and dramatically a pandemic would impact their business. They’ve learned the hard way the crucial importance of resilience, but there is no magic bullet and clearly organisations are still having to make risky decisions at a rapid pace. Where this is the case, they need to access their security systems as fast as possible and move to remediate any risks. Identity governance should be a core focus. In the longer term they can see this as a process that will enhance their resilience.
If there are any positives to draw from the turbulence businesses have been going through, it is likely to be the acceleration of digital transformation and the heightened focus on robust resilience strategies with agility at the heart, which for many organisations have been necessary to their survival.
The broad realisation that a remote workforce can be just as productive as one based in a single office will reshape the business landscape, and identity and access management will be central to ensuring resilience in this new world.