When you can’t predict what the workforce will look like even in a few months, identity governance helps manage the risk
Remember when everyone went back to the office and resumed business as usual in September? Yeah, we don’t either. But a lot of companies expected to – and why wouldn’t they? In the spring and early summer, as coronavirus cases declined and immunisations became widely available, September seemed a reasonable target for a return to the workplace. But the Delta variant had other plans, and by August, companies were pushing back their return dates, some even to 2022. In addition, organisations have been rethinking what ‘return’ even means, with many adopting a hybrid model where some people go back to the workplace while others remain remote. No one can know exactly what’s next for the workforce and workplace – and that uncertainty makes good identity governance essential to secure access.
Who has access to what?
The rapid and widespread shift to remote work in early 2021 – from 15 per cent working remotely pre-Covid to 70 per cent in March 2021 – created tremendous security concerns. Suddenly, it seemed like just about everyone who could work remotely was doing so, increasing the challenge of securing access beyond the corporate perimeter. At the same time, the nature of the workforce itself was changing, with more contract and gig workers creating a growing population of joiners, movers and leavers (JML).
Effective identity and access management are essential to securing access for this diverse, dynamic and distributed workforce. Specifically, authentication plays a critical role in managing access privileges, by making it possible to know with a high degree of certainty that people who want access to resources really are who they say they are. But authorisation – granting people the right to access certain resources – is also critical. And that’s why governance has become so important: because it enables the business to know at any given time who has been given access to what and to ascertain that the access is appropriate.
Let’s get specific: examples of JML issues that governance can address
Here are some specific examples of the JML issues that are to be expected when the workforce population and its location are both in a state of flux – along with a look at the role of identity governance in addressing the issues, especially when it comes to movers and leavers.
- Joiners: When someone joins a company, they may be on-site or remote, or even both (working part of the time on-site and part of the time remotely). The organisation, therefore, has to be able to quickly determine what resources they need access to, as well as how that access will be secured (with more than just a password and username) and administered.
- Movers: When someone changes roles within an organisation, their privileges must immediately change to ensure they have access to what they need in their new role and that they don’t have access to anything that is no longer appropriate. It’s difficult, if not impossible, to do this reliably without governance-enabled visibility into who has access to what. (This applies to anyone in the workforce – full-time or contracted, on-site or off-site – so keep in mind that role and location can increase or decrease the level of risk that’s posed. An on-site, full-time employee moving within a department with no change in access poses a very different risk than, say, a contractor who has a change in status that dictates different access than they had before.)
- Leavers: When someone leaves the workforce, the organisation’s continued security depends on a timely end to their access. The business needs to know right away what they had access to and how they were using it so that their access can be ended without the risk of dangerous lag time when they leave the organisation. Again, the importance of being able to instantly see access privileges cannot be overstated.
Keeping your organisation secure
First and foremost, businesses must recognise the need in today’s constantly changing work environments for a robust programme of identity and access management that is built on strong governance. Don’t be paralysed by the size or extent of the challenges you see for your organisation; remember, when it comes to managing identity risk – whether you’re talking about authentication, governance, or both – you have to start somewhere. Any visibility into access is better than none, just as strong authentication of any kind is better than no strong authentication at all.
There will never be a better time than now to act. The new normal is that we will be contending with workforce change and complexity for some time to come – exactly how much time, no one knows – and the longer you wait, the more difficult it’s going to be. Find an identity and access management solution that offers the capabilities to address the authentication and governance challenges posed by today’s workforce – and one that also empowers you to change course easily, as needed, no matter what may come.
To learn more about how to securely enable your hybrid workforce, visit securid.com.