Vice president of product strategy, Omada.
getty
In 2021, it became clear that remote and hybrid work models are here to stay. It was easier for some than for others, but most organizations were able to find workarounds to enable remote work (at least, for many fields). As organizations rushed to keep their employees productive, they accelerated digital transformation efforts such as migration to the cloud. At this point, many of the temporary changes have now become permanent.
That means companies have had to evaluate how to make stopgap solutions more permanent as well — especially as many companies have now transitioned to a full remote or hybrid work strategy for the long haul. Whenever you have employees accessing company resources from different locations, it makes security and access management — and identity — of key importance. Companies can no longer afford to indulge the legacy mindset of “act now, secure it later” — security needs to be baked into everything the organization does from the beginning.
Identity And Security In The Spotlight
According to the results of a 2021 IBM study, the average total cost of a data breach increased by 10% to $4.24 million — the highest ever recorded. Costs were even higher when remote working was presumed to be a factor in the breach. With remote and hybrid work arrangements now common, employers must base their security approach on this reality.
Results of a survey conducted in September 2021 by Owl Labs found that about 50% of workers are going to the office in-person full time whereas 25% are hybrid and 10% are fully remote. This means the perimeter-based security models that organizations have had for a long time will no longer suffice. Perimeter security remains important, but you can’t put walls around everybody’s homes, cafes, shared workspaces, hotel rooms and so on. Determining which members of the hybrid workforce — employees, contractors, auditors and any other trusted insider — have access to certain tools or information and what level of access to give them becomes a lot harder when they’re working from different physical locations and from different networks.
Safeguarding access to applications and sensitive data by remote workers isn’t just about security devices and VPN solutions. It’s also about managing who has access to specific data and ensuring that they can only access data that they’re entitled to. Although it might not be possible to control the type of device or connection that remote workers use to gain access, it’s still possible to enforce rules as to the type of data or the applications that a specific identity or role can access in a specific situation.
Zero trust and least privilege access are the guiding principles here. With least privilege access, only the right people have the right level of access to the right resources. A common definition of zero trust is that it’s “a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter.”
Identity Is The New Security Perimeter
As mentioned, because there’s no longer a set perimeter, perimeter security will no longer suffice. It’s time to determine a long-term strategy in which identity is the new perimeter. You survived the initial phase of transitioning to remote work, but now there’s an opportunity to develop a thoughtful solution that can be implemented for the long term and can adapt to change.
But, beware: One of the biggest factors that restrains digital transformation and other changes is inertia caused by status quo syndrome — the idea that because you’ve always done something a certain way, things must continue that way. Organizations need a new approach to network and application access that’s more flexible, modern and agile but that doesn’t disrupt business productivity. Otherwise, you’re going to find that although your initial solution — your stopgap solution — solved the problem on a temporary basis, the solution’s restrictions will likely make themselves known.
As time goes on and people join, move and leave jobs, the access and identity landscape will change significantly. This is particularly pertinent in light of the fact that 25% of the U.S. population has changed jobs in the last year. Your company may be stuck in status quo syndrome, but the world’s workers are not.
Using Cloud-Based IGA As A Business Enabler
If you’ve already pushed many of your applications and much of your infrastructure to the cloud, now’s a good time to look at what else within your organization can benefit from the cloud. It also makes sense to use cloud-based solutions to manage/secure other cloud-based solutions, applications and infrastructure.
Identity access and governance (IGA) is a key area in which the cloud could help. With organizations moving most of their applications to the cloud, IGA is moving there, too.
Deploying IGA as a cloud-based solution can provide security and efficiency advantages that offer value. If you choose to use an IGA solution, make sure it meets the security, compliance and efficiency needs of the organization. A suitable solution could reduce costs and uncertainty from managing identities and access. Cloud-based IGA can often be rapidly implemented, as well, meaning there’s usually a short time to value.
Protecting The New Perimeter
The pandemic kicked many companies’ digital transformation efforts into high gear. The upside is that what may have happened over a two-to-four-year period was done in less than a year, enhancing productivity, efficiency and cost-savings.
Companies have now had time to look back and evaluate what has worked and what hasn’t — and what can be fixed from a longer-term perspective. This includes looking at how identity management is being done and what needs to be done better. Because identity is the new perimeter, organizations may want to consider cloud-based IGA as part of their security strategy.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Follow me on Twitter or LinkedIn. Check out my website.