When it comes to the workplace, who would have thought that your identity would be so important? Yet, for IT security professionals, identity and access management is an ongoing thorn in their side, particularly when organisations lack the necessary tools to keep data secure, writes Barry McMahon, Senior International Marketing Manager at authentication product company LastPass.
In the office, your identity ensures that you have access to the right resources and that you can work securely and uninterrupted. However, identity management is a complex issue, made even more so with the seemingly never-ending technologies being implemented. That being said, you’d struggle to argue against the idea that technology is key to managing identity. Indeed, recent research has revealed that some 65pc of IT and security professionals’ top objectives was to upgrade their organisation’s IAM capabilities.
In the digital workplace of today, employee data is a lucrative target. Threats from cybercriminals are ever-present and their techniques are growing increasingly sophisticated. With this in mind, how can organisations manage workplace identities more effectively and gain greater visibility over access controls?
Frustrations with identity
To answer this question, it makes sense to think about the kinds of issues that organisations are facing when it comes to managing identity. No business can be perfect – 92pc of organisations are facing at least one challenge with workplace identity. However, it may come as a surprise that most organisations actually face quite a few identity-related challenges, including:
•49pc struggling to balance ease-of-use with increased security
•40pc citing security concerns with identity solutions
•37pc facing employee demands for easy-to-use solutions
While there is widespread consensus among IT teams that technology will significantly increase security, finding the right solutions can prove more difficult. After all, employees will be slow to adopt anything which slows down workflows, so it’s vital that any new additions are both easy to use and secure.
But does this panacea of identity exist?
The short answer is no, every organisation is unique and has its own regulations in place when it comes to identity access management. However, there is no shortage of steps that organisations can take to keep their data more secure.
For a start, 93pc of UK IT professionals agree that managing user access is critically important to the overall security of an organisation. It is no secret that the majority of data breaches take place as a result of weak or stolen credentials. Given the risks, single-sign-on (SSO) solutions offer the benefit of eliminating passwords for IT-supported apps and simplify the login process for employees.
Thankfully, some 74pc of organisations have invested in SSO solutions and so the benefits that they bring are generally recognised. That being said, they by no means offer comprehensive insight into user access across the business in its entirety.
Businesses across the UK are using thousands of platforms and apps in their everyday workings, many of which aren’t supported by SSO or are considered not a priority for SSO integration. As a result, 80pc of IT professionals agreed that relying on SSO alone will leave a variety of cloud apps and privileged accounts unsecure. Instead, businesses should look towards pairing their SSO solution with an enterprise password management (EPM) solution, so that they can properly secure and manage credentials to all the apps being used in the workplace.
Recognising that passwords alone cannot protect their data, implementing multi-factor authentication (MFA) on top of SSO and EPM will provide that comprehensive security solution. By requiring additional factors to prove a user’s identity before access is granted, MFA protects companies from the risk of weak and compromised passwords. Organisations are significantly more secure, while IT teams have much greater flexibility. The additional layer of security that multi-factor authentication provides is invaluable.
Those organisations which have invested in or plan to invest in MFA will see numerous benefits. Most importantly, companies will gain greater organisational security, fewer instances of incorrect access to confidential information as well as lower risk of password theft.
Managing identity is a continuous process and each organisation will be on a different part of this journey. Moving forwards, IT teams need to clarify their current identity position and research the different identity technologies with focus and intent. Careful planning and decision-making ensure that investment in identity and access management solutions bring the maximum productivity and security benefits.
As new technologies continue to develop, organisations may well find themselves investing in or upgrading existing solutions. For example, biometric technology like fingerprint, voice or facial recognition is readily available and employees are increasingly comfortable with its use.
Elsewhere, security teams may wish to overcome the ongoing resource drain that passwords bring before investing in any new solutions. With IT security teams spending four hours per week on password related issues alone, companies should instead emphasise the importance of improving password hygiene.
