The role of Identity Access Management during the COVID-19 pandemic

The role of Identity Access Management during the COVID-19 pandemic

Identity and access management (IAM) systems work to securely manage digital identities and their access to various applications and systems. As technology evolves, so does the identity management landscape to manage new software like apps, or new hardware such as IoT devices. IAM’s role is to authenticate users and authorise entry where appropriate. As threat actors continue to develop new ways to compromise systems and the threat landscape expands, IAM systems evolve to enhance protection

Although digital transformation continues to empower businesses by enhancing efficiency and business agility, there are still considerable challenges that transforming businesses must recognise. These challenges include increasing security risks, continuing proliferation of Software-as-a-Service (SaaS) applications and the inherent intricacies involved in running and maintaining hybrid infrastructures and stricter industry regulations.

Companies may naturally feel overwhelmed by rapid technological advancements, but this technology can often improve business practices and help future-proof enterprises, for example cloud migration would have been beneficial during the COVID-19 pandemic to aid business continuity for remote employees accessing company documents at home.

Challenges presented by the Coronavirus

As millions of us adjust to the new normal of working from our living rooms in order to prevent the spread of the virus, and employees login from remote locations and unsecured connections, companies risk losing control over corporate data, because most methods of remote access are vulnerable to security threats.  A remote workforce can be highly vulnerable and many Covid-19 cyber-attackers are trying to take advantage of both a weak security posture and people’s anxieties and fears around the pandemic. Employees need to access both cloud and on-premise applications, but onboarding and offboarding remotely is time-consuming and labour Intensive.

Nobody knows when the workforce will return to normal after Covid-19. Indeed, questions are being asked as to whether workforces will ever return to normal; perhaps remote working is here to stay, and organisations will need to ensure the security of their data and accessibility of their systems. Without the proper measures in place, remote working opens organisations up to a myriad of productivity and security challenges. The longer it takes to implement an IAM solution that can help enable your remote workforce, the more risks an organisation will take on.

How to maintain security whilst working remotely

There are increased privacy risks now as employees are working from home, especially for organisations which have not considered privacy in their business continuity plans. PII (personally identifiable information) is being extracted/exported from systems and applications and shared via collaboration tooling to allow employees access the data to work from home. Often collaboration tooling does not have the same access control measures in place as the systems or applications that the data was taken from which therefore increases vulnerabilities to exploit, both from an accidental disclosure and unlawful malicious attack perspective. To support business leaders and to reduce this risk to an acceptable business level it is advisable that all information classified as PII should have access control in place. Two-factor authentication is industry best practice for the authentication component of Access Control.

Benefits of strong IAM

Alongside the growing number of compliance needs, strong identity and access management (IAM) gives an organisation control over the security of the company’s data while increasing productivity, lowering costs and making systems more efficient. Identity management should be an integral part of an organisation’s value proposition, not only to achieve compliance but to aid adoption of new tools and ways of working.

In the current working climate, companies need to move faster and more seamlessly than ever before. That means providing partners, employers, and clients with immediate, secure access to what they need, when they need it, wherever they need it. Identity and Access Management (IAM) enables them to do just that, offering total control, security, and compliance without friction. Having an identity management process in place will enable a brand to look more agile, efficient, transparent and overall secure. Also, companies that properly manage identities have greater control over user access, reducing the risk of a data breach that could quite easily ruin the reputation of any good business.

A cyberattack can have a detrimental impact on customer trust in an organisation that’s why it is so important to instil a security first mindset within organisations, prioritising cybersecurity training and ensuring all employees take necessary steps and utilise modern technology to protect customer data. Steps such as multi-factor authentication and biometric authentication can be useful.

My top three pieces of security advice for working remotely are:

  • Take the time out of your working day now to find out who in your organisation is responsible for security and privacy
  • Familiarise yourself with your organisations’ privacy policies and practices and seek support from privacy and security experts if you identify any concerns with how you are accessing and/or sharing information that contains PII data fields
  • Apply access control measures to all data/information files that contain PII. For the authentication component of this access control make it two-factor authentication where possible.

Author: Niamh Muldoon, Senior Director of Trust and Security at OneLogin

Copyright Lyonsdown Limited 2021

Top Articles

Clubhouse data leak: Data of 1.3m users dumped on a hacker forum

An SQL database containing records of 1.3 million Clubhouse users has been leaked for free on a popular hacker forum.

Iran terms Israeli cyber attack on nuke facility as "nuclear terrorism"

A rumoured cyber attack carried out by Mossad, Israel's official spy agency, destroyed legacy IR-1 centrifuges at Iran's underground nuclear facility located in Natanz.

The Hunt for Red Insider

The analogy to The Hunt For Red October is not far removed from the common reality of cybersecurity.

Related Articles