COVID-19 has dramatically changed our relationship with remote work. Some of this shift was in place before the global pandemic, but coronavirus is a pivot point, particularly when it comes to managing remote employees and cybersecurity.
COVID-19 also revealed and created significant security gaps around Identity and Access Management (IAM).
That is why SecureWorld recently convened a panel of cybersecurity experts to talk through this challenge.
The question of the hour: How has IAM changed alongside the shift to remote work?
Three SecureWorld panel speakers for "Identity, Authentication, and the Remote Workforce" have answers.
Ben Goodman is Senior Vice President of Global Business Development at ForgeRock, a digital identity and access management company. He said:
"We power a lot of the authentication and authorization under some of the biggest brands in the world. As a matter of fact, if you access something online today through a website or an app, you probably authenticated against ForgeRock without knowing it. At ForgeRock, I run our technology ecosystem for all of our partners and really try to understand what's going on in identity as a result."
Next up is Lena Licata, who's involved with cybersecurity at Blackstone:
"I was a consultant at Blackstone for over five years. Previously, I was the director in charge of all cybersecurity for a midsize accounting firm, helping clients with identity access management and a host of other cyber concerns. I have spent a good majority of my career in accounting firms helping clients.
I love this space because it's always changing and there's always something new to learn."
Last is Bill Bowman, Chief Information Security Officer (CISO) for Emburse:
"During this pandemic, [Emburse has] been seeing a pretty fantastic use of virtual cards as companies have been working with their remote workforce to say, 'Hey, here's a stipend of money to help build out your home office or to help use some type of technology that maybe you're lacking in your home office.'
We've seen a tremendous increase in folks who will take those stipends and invest it back into food kitchens, or some other type of way to help their communities. So we feel like we're able to help the folks who are both remote and those who have been suffering during this pandemic time."
When asked how COVID-19 is changing identity and authentication, a few things came to each panelist's mind:
[Bowman] "One of the main areas that we always think about is, how do we gain access to our systems? One of the areas that we've been very focused on is trying to figure out what is going to be that impact in the future for trying to figure out how we're able to get people back into this working world. We want to make sure that we have this connection between digital authentication and physical authentication."
[Licata] "I always go back to process. We're shifting processes and coming up with new processes to make sure that people can access what they need to in order to get their job done. But we can't throw all of the controls that we've built into our process out the window. So very concerned with the regulatory impacts of the decisions that we're making."
[Goodman] "We're seeing two years worth of digitization occur in a matter of weeks. And the human instinct in situations like this is to short circuit some of the controls, regulations, and rules have that been put in place to protect us. Having to make those changes really quickly is putting a tremendous amount of stress on IT organizations and cybersecurity organizations. But over time, we have to come back and make sure we are upgrading that infrastructure, and we have to make sure that we're doing things securely."
Interested in the rest of this discussion? The web conference is available to watch on-demand.