In the wake of the COVID-19 crisis, organisations and their employees have had to pivot to a whole new way of working. Remote working or ‘working from home’ has become the new normal, uptake in communication technologies has surged, and supply chains have had to adapt to unprecedented disruption.
Throughout the pandemic, IT teams have been working hard behind the scenes to keep the lights on for enterprise. During this time however, a rise in cyber attacks has been a major concern, with those targeting home workers increasing from 12% of malicious email traffic before the UK’s lockdown in March, to over 60% just six weeks later.
This has been no coincidence. The shift to remote working has made it more difficult for IT teams to monitor the enterprise security perimeter, with hackers looking to take advantage of multiple user access points. And with significant changes taking place in the workforce, this begs the question – who even has access to what right now?
For many companies, security and compliance gaps have surfaced in the rush to maintain business continuity, and it’s crucial these issues are resolved to ensure business survival. As organisations brace themselves for a new economical storm, identity governance is one of the tools that can help them navigate through the challenging times ahead.
Gaps in security and compliance
Storm clouds have been brewing while we’ve been in lockdown, and it’s imperative IT leaders recognise these and take action. When lockdown was imposed, IT security teams responded with ‘break glass’ approaches to get employees up and running from home. Time was not a friend, and the bar to cross was ‘functional’ and not ‘optional’. One of the risks of this approach is the shortcuts being taken and access being provisioned freely. Have we really been able to audit access and who has been doing what over the past few months?
Prior to the pandemic, organisations may have got away with basic access management and provisioning. But after the rush of getting the workforce functioning remotely, security and compliance gaps are now likely to surface.
Managing dynamic change in the workforce
When we consider the dynamic changes in the workforce that have also occurred as a result of the pandemic, an even bigger problem emerges.
From reduced hours, to furloughing, to redundancies, the COVID-19 crisis has forced many organisations to restructure their workforce. As the economy slowly reopens, many are returning as contract workers, and those coming off furlough might see their job responsibilities change in order to help meet shifting business needs. In the near future, we may see a gravitational shift toward zero-hour contracts, so that companies and governments can prepare in the event of a second wave of the pandemic.
So, how effective are the identity management systems to cope with this change in the workforce?
Protecting the security perimeter
Whether employees continue working from home, return to the office with different responsibilities, or enter into a contract-based role, identity governance plays a crucial part in protecting the enterprise’s security perimeter. Through this, IT teams can speed up the process of enabling and securing their users’ access to key applications, data, and infrastructure, pivoting quickly as the business’ and users’ needs change.
And importantly, with these processes in place, businesses can readily prove that they not only know who has access to what, but whether their users should have that access and how that access is being used. This insight is critical to both compliance and security efforts today.
Here are some key steps when it comes to navigating the storms ahead, with an identity-based approach at the core:
- Verify your identities and ensure that your access polices are robust and open to scrutiny. No one will forgive a breach because you ‘broke the glass’ to accommodate remote working – positive governance is essential.
- Ensure appropriate in-app permissions, gate access based on real-time analytics, and monitor and control user actions. Use machine learning and the latest artificial intelligence tools to manage this across both your on-premise and cloud applications.
- Move from a perimeter-based data protection to an identity data-driven process. Use identity to identify the owners of the data and the platform to intelligently classify and label data. This should be for all structured and unstructured data.
Only when you have plotted your access policies, addressed application permissions and achieved complete protection of your data can you navigate successfully through the current storm.
Author: Ben Bulpett, EMEA Director, SailPoint