This guest blog was contributed by Jackson Shaw, CSO, Clear Skye.
With an increasingly distributed workforce and cloud proliferation brought on by the pandemic, enterprises need to get serious about how they're managing remote and hybrid workers. While it may sound simple, keeping track of new hires, employee turnover, and ensuring everyone across an organization has access to what they need — and is restricted from what they don’t — is no easy undertaking. This isn't important just from a security standpoint, but also for employee productivity and efficiency.
Although not often looked at as the first line of defense, Identity and Access Management (IAM) is arguably one of the most important. And it’s crucial for keeping tabs on appropriate enterprise access and permissions. Consider this: compromised or weak/stolen credentials, phishing, and ransomware are some of the most common attack vectors for cyber criminals. What do they all have in common? An end-user on the other side.
Your company’s data is only as safe as the people you entrust with it. Whether misused unintentionally, or more rarely, intentionally, strong IAM practices have the power to thwart this. So, how will organizations use IAM to minimize their attack surface, all while streamlining business operations? There are three main areas that come to mind.
Machine learning (ML) is far superior to humans when it comes to pattern recognition and understanding normal and anomalous activity, thereby enabling better, lower-friction security. As such, ML can be used to auto-approve many administrative tasks given enough data. For example, ML can identify who, from what departments in an organization, have access to certain data. This ensures operations are consistent across the business, with little room for error.
When you consider outside factors, like COVID-19 and the job market, this becomes increasingly important. Enabling employees’ remote and hybrid functionality requires new systems and new security measures. Without IT over their shoulders, many employees will default to unsanctioned apps to get their job done or are working from a location without secure WiFi. With employee retention down, companies also need to worry about what data or permissions employees are taking with them when they go. That’s a lot of information to keep track of — and it would be impossible to do so successfully without a certain level of ML-powered automation.
The Consumerization of Enterprise Tools
User experience (UX) for partners, developers, administrators and, most importantly, end-users is crucial for a strong IAM strategy. Not only for usability, but to reduce “context switching” — a surefire way to kill productivity. Businesses are adding more and more software to their tech stacks in order to keep pace with industry, but in actuality, it’s doing the opposite. A streamlined user experience can achieve this by taking the guesswork out of different IT functions.
Think of Microsoft Office, but for a much broader group of capabilities with a common interface. Or better yet, a platform in which you can integrate applications into your existing system with minimal disruption to operations and virtually no learning curve. Next year, we’ll see a greater emphasis on IAM solutions that bridge the gap between disparate systems and enable people to work productively and securely. To do this, more and more businesses will start to look at employee UX as importantly as they do customer UX.
A Platform-Native Approach
Identity isn’t the center of security — but it does sit at the center of a company’s business platform or system of delivery. As such, enterprises are increasingly adopting workforce management platforms like ServiceNow, Atlassian, and Salesforce, where identity is already baked in. When identity is ingrained in a platform from the start, it becomes part of the company’s processes. This leads to accelerated automation, broad integration capabilities, a common business data plane, and more.
When organizations opt for a platform-native approach, identity doesn’t become an afterthought. It also doesn’t demand attention; when done right, it works quietly behind the scenes. While it’s important for employees to be versed in good security practices, the systems in place should still assume they aren’t, and be automatically configured as such. Let your IAM solution do the work, so employees can do theirs.
As mentioned, most data compromises come from within — often unintentionally, and often avoidable. The best way to get ahead of these mistakes and oversights is to make sure they never happen. And the best way to achieve this is through a strong IAM strategy. As a result, in 2022, organizations will start to adopt solutions that include machine learning capabilities, favorable UX, and if possible, a platform-native approach.