With businesses embracing remote work as the new norm, a long-term IAM (identity and access management) strategy to support a remote workforce is now a top priority. Even for businesses that offered work-from-anywhere options, this year's sudden shift to a 100% remote workforce across most sectors has presented new and unique challenges for many. How can businesses ensure remote workers are productive, while protecting sensitive data and minimizing cyber threats? How can IT ensure employees have access privileges that are appropriate and well-managed, without slowing down day-to-day tasks?.
In a recent LastPass study, IT decision makers shared the impact of remote work on their IAM strategy. We found that while IAM is critical to securing a remote workforce, the rapid changes in work culture have required many businesses to adjust their IAM strategy to support employees working from anywhere.
Remote work is shaping IAM
Identity and access management (IAM) is essential to facilitating a secure, effective remote workforce. IAM technologies securely connect the right employees to the right business resources at the right time.
IT decision makers almost universally agree that IAM is essential in the new age of remote work, with 98% agreeing that IAM is critical to the security of their remote workforce. Of the organizations surveyed, 98% depend on IAM technologies to keep their business secure while employees work from anywhere.
Of the organizations surveyed, 98% depend on IAM technologies to keep their business secure while employees work from anywhere.
The response highlights the foundational role of IAM solutions in facilitating day-to-day work, no matter where that work is being done. Employees need quick, secure access to data, applications, password-protected accounts and a myriad of other resources every day. IT needs to ensure that the right employees – and only those employees – are accessing those resources while following appropriate cybersecurity protocols to reduce the risk of data breach and cyberattacks.
Given that IAM provides a structure for how employees connect to work – and what they connect to – along with enforceable policies for safeguarding that access, any business wanting to adapt to a remote workforce needs to adapt their IAM strategy accordingly. Our study found that 96% of IT decision makers acknowledged that remote work has impacted their IAM strategy. Even as IAM is seen as a top priority, the unique demands of supporting an entirely remote workforce requires looking at IAM from new angles. Flexibility and adaptability are necessary to an IAM strategy that keeps employees securely connected.
MFA is must-have security for remote work
When it comes to securing a remote workforce against cyber threats, 62% of IT decision makers believe multi-factor authentication (MFA) is the most effective option.
MFA combines two or more authentication factors – something you know, something you have and something you are. By requiring multiple factors before granting access, MFA offers layered security that reduces unauthorized access and ensures that the user is who they claim to be.
Of course, the use of MFA should take the employee experience into consideration. Too much friction in the login experience slows employees down and increases frustration. In the age of remote work, employees should be able to leverage what they already have – their smartphones, their fingerprints – to prove their identity and login effortlessly.
Over half of respondents cite secure access as top IAM priority
For businesses implementing IAM strategies to secure their remote workforce, facilitating secure access for employees is the top priority. Over half of respondents identified secure access as a top IAM priority. 35% of respondents ranked secure access as their most critical objective and 27% ranked as their second most critical objective. Secure access is closely followed by adding MFA across employee logins, where 23% of respondents ranked as their most critical and 23% ranked as their second most critical objective.
Together, secure access and authentication facilitate productive, secure remote work.
Together, secure access and authentication facilitate productive, secure remote work. Access solutions like single sign-on connect employees to the right resources with access permissions to applications that are managed by IT.
With a secure place to store and share credentials, employees can easily log in to any resource needed to do their job, no matter where they happen to be working. With MFA, additional proof points provide more layers of security to ensure employees are who they say they are and are accessing the right data at the right time.
Preparing for the work-from-anywhere era
As we enter the work-from-anywhere era, businesses will need to reevaluate their IAM strategy. Looking at the next 12 months, 59% of IT decision makers strongly agree that increasing security for their remote workforce through IAM is a critical priority. Even though almost all (96%) of respondents have already had to adjust their IAM strategy to support the current remote work environment, many businesses will need to continue to optimize their strategy while others invest in IAM for the first time to support a remote workforce.
Building an IAM strategy for remote work
The IDG study shows how critical IAM is, especially as remote work becomes the new normal. Businesses need to prioritize their IAM strategy and ensure they are crafting one that supports the new normal of work-from-anywhere.
Instrumental to building an IAM strategy for remote work is:
- Managing every access point. If secure access is a top priority, your IAM solution needs to combine SSO and password management. SSO simplifies login to many apps, and password management ensures any password-protected accounts are properly stored.
- Sharing the secure way. For remote teams, virtual collaboration is inescapable. Any credentials or sensitive information like credit card numbers that need to be shared among team members should be done in a way that is encrypted and private, while making it easy for team members to get the information when they need it.
- Enabling MFA for additional protection. Choose a solution that is simple for employees to use, and then turn on MFA everywhere you can (apps, workstations, VPNs and more) for an additional layer of security across every employee login.
As employees work remotely, organizations will need to craft an IAM strategy that makes it easy for employees to connect to work resources, while maintaining a high standard of security. A holistic identity solution that combines access and authentication gives IT a complete view of every access point and user action, regardless of where users are working.
With an integrated solution, IT can maintain oversight and control to reduce the threat of a data breach and cyberattacks, even as employees work outside the four walls of an office. A new or ongoing investment in IAM is essential to helping your organization adapt to the new normal of remote work.
The post "The role of identity and access management in remote work" was first published by Rachael Stockton, The Security Ledger