The coronavirus pandemic has overturned normal ways of working. Many office workers are based at home for certain period of time and apply new methods and practices to accomplish their daily tasks. Staying connected to colleagues and partners seems so easy and functional, but remote working brings a lot of challenges when it comes to cybersecurity.
With the increase of the online activities, traditional IT environments and Identity and access management (IAM) systems are being pushed to their limits. All that leads to latency, frustration, friction, and increased risk, making organizations to search solutions of how to support business at scale without compromising security and user experience.
Identity as a tool for preventing cyber threats
We assume that your company has already started to work remotely – with policies to support the practice and an analysis of expected traffic and risks. So, in this article we will cover some of the most popular IAM capabilities on which medium and large enterprises trust in today’s complex business world. The primary cybersecurity tool they can use to prevent data breaches is Identity and access management. It is also considered as the true digital perimeter, ensuring that only trusted parties can enter the corporate network. It is also a fact that Identity and access management is able to make the transition to a remote workforce easier by securely connecting employees to their work, all while IT maintains complete control.
Identity, more specifically identity authentication, now forms the digital perimeter once composed of antivirus solutions. This digital perimeter serves as the main mechanism by which threat actors are kept out. Even if they do penetrate the perimeter, identity can constrain their permissions, limiting the damage they inflict on your network. Moreover, identity also provides critical information for other cybersecurity solutions, including SIEM and Endpoint Security. Identity informs and strengthens user and entity behaviour analysis and recognizes, stores, and monitors device identities. Both can help prevent external threat actors from penetrating your network or recognizing insider threats before they unfold.
Which key IAM Capabilities help to maintain complete visibility and control over employee access?
No matter where the team is working, IAM has several key capabilities that can make the transition to a remote workforce easier by securely connecting employees to their work, all while IT maintains complete control.
When your workforce is enabled to access corporate resources, the first step is to validate the user’s identity. Authentication has a number of risks related to the method of access, from simple passwords to a layered approach with two-factor, VPN and threat detection. Talking about remote workers, using remote devices and getting remote access, there are a few things to have in mind when enabling their authentication:
First – do you already have strong authentication in place today? Our advice here is to protect that investment and to expand its capability by getting more licenses, capacity and management. You should also identify critical applications and make sure passwords are secure. If you have apps that your business needs to function and will be accessed remotely, add layers of authentication to these first. In case the users use passwords to access applications, add Multi-Factor Authentication tools, as well.
Second – it is a good practice to force a password change more often, especially when users go remote. Update your company password policy to show users what they need to do, and increase the password requirements to make them stronger.
Third – do not forget to create network/location aware remote access policies that ensure stricter passwords or host information profiling to gain access.
And last – constantly monitor user access to critical systems and make sure you can make sure who is actually logging into the systems so that any threats could be prevented.
After authentication, the authorisation is the most critical layer to IAM. Each company has a different way to authorize users based on its industry, business model and culture. But there are some basics that should be considered to make sure remote workers are enabled and secure:
- Make sure you have an approved corporate policy in place that spells out what employees should have access to, including data classification and what data can and cannot be shared or stored on remote devices.
- If you have an identity governance tool in place, use those tools to enforce roles and what applications users should have access to.
- Centralize your identities into one directory infrastructure for better control and harden their operating systems of the critical applications.
- Creating a Zero Trust architecture and program is also a good idea, because in this way not only users must be authenticated and authorized, but also applications, systems, networks, IoT devices and data.
- Implement Privileged User Management (PAM) and Databases Access Management (DAM) to lock down those critical administrator accounts. Enable them with tools, but secure them with controls.
The daily administration of users is the first mismanaged area in IAM when a crisis comes. The best solution in such situation is to automate administration as much as possible, so that enforcement and security risks are not underestimated.
What needs to be done is to force users who need access to a critical system to formally request that access through a help desk ticket. Then it is recommended to update your firewall policies with the service ticket number and to review by date.
The next step is to audit what users have access to before you allow them to work from home. Let the users justify what access they have and remove anything they don’t need. This process is connected to least privilege in IAM. Based on that, we can make a conclusion that access to critical applications and data needs to be properly managed and to ensure that threats are discovered and successfully handled.
Identity and Governance enhanced by AI and ML
As mentioned above, in recent times a lot of organizations support their entire workforce remotely. Identity Governance and Administration helps you manage and provision user access, as well as reduce the risk that comes with employees having excessive or unnecessary access to applications, systems, and data. Machine learning (ML) and artificial intelligence (AI) take IGA to the next level by automating the most common activities. This process includes automatic approval of access requests, performing certifications, and predicting what access should be provisioned to users. The modern IAM platforms, which are enhanced by Artificial Intelligence and Machine Learning, increase efficiency and provide more time for IT staff and access approvers to focus on access rights that have been identified as risky or anomalous. The result is increased security and decreased administrative burden.
Thanks to the modern IAM capabilities, each organisation can easily address the demands for remote work, study, and play at scale. Now more than crucial for the business is to be well prepared and able to meet the challenges of the digital transformation and the global crisis, as well .