In this blog series we briefly cover seven trends that impact your Identity and Access management strategy. In this part we cover the Increase in the need to be able to connect from anywhere and why it’s so important that you facilitate this in a secure and user friendly way within your IAM strategy.
You just clicked on this link to read this article, and there’s a good chance you did this after you’ve put some clothes in the washing machine and grabbed a fresh cup of coffee from your own coffee machine, a proper coffee machine, not the one from the office. That’s right, you’re working from home!
For a lot of companies this was already business as usual, in most cases 1 day a week, which was great. You could catch up on E-mail, read some documentation that you didn’t have time for this week and you could throw in a wash or even open the door to receive a parcel, instead of picking it up from a drop-off point. All without being interrupted by a colleague with a question, some coffee machine chat or your daily commute. Efficiency all way around.
Now it has become the other way around. Since COVID-19 hit, you probably work from home all days of the week or maybe you have designated days that you’re allowed to work in the office as long as you can keep a proper distance from your co-workers. This has greatly impacted the way we work, normally we would catch up on work on the day we were working from home maybe have some calls but now we need to be able to do everything we normally do in the office. Hold meetings and brainstorm sessions using all kinds of video call tooling, have access to all your applications and last but not least, make your own lunch.
The companies that were already used to working remote once a week, had to massively increase the bandwidth to be able to facilitate everyone logging in from anywhere. Companies that had already moved to cloud solutions, could easily scale their capacity and within no time they were up and running. The only downside for them was the social aspect of working in the office, but the business could go on.
On the other hand you have/had companies that didn’t jump on the working from home band wagon a decade ago and were still reliant on legacy applications to do their work. The only way their employees could actually work was when they log in to their physical network at the office. They had to start a digital revolution straight away to be able to keep their heads above water. Some succeeded, some made some great sacrifices in terms of cyber security and unfortunately some didn’t make it at all.
That we all need to able to login from anywhere is a given, but how does this impact your IAM strategy? In order to be able to work from anywhere you need to be able to do a couple of key things besides the technical implications such as VPN connections etc. That is something for another time. In terms of IAM, you’ll need to be able to proof that you are who you are. Whether using your username and password or multifactor authentication with a hard or a soft token, you need to be able to identify yourself when logging in.
Next to identification, you need to have the right access to the right resources at the right time. Meaning that you need to know which access rights are assigned to the digital identities of your employees and why. Without this line of defence one might be able to log in from anywhere and access anything within your network without actually being allowed to. This forms a huge cyber security risk especially when this can be accessed from outside your safe office (fire)walls. When implementing remote working make sure to take care of the digital identities and corresponding access rights of your employees.
Therefore, it would be wise to start with IAM before you start implementing remote working because once the door is open and there is no proper IAM in place, the risk of damage to your organization is already over the doorstep instead of on it, as identity has become the new perimeter.