Across industries, IT teams have been working flat out throughout the Covid-19 crisis. From managing the rapid mass shift to remote working, to keeping virtual communications up and running, to fixing technical issues for disrupted supply chains, the role of the IT team has been fundamental to business continuity.
Cyber attacks in particular have been a major cause for concern. Malicious email traffic increased from 12% to 60% in the six week period from the beginning of lockdown back in March, with remote working giving hackers an opportunity to take advantage of multiple user access points.
Following an ease in lockdown restrictions, the challenges that IT teams face continue to evolve. Workers may be returning to the office, but this is far from a straightforward return to the traditional security perimeter. In a survey of EMEA IT experts, we found 86% believe that monitoring for cybersecurity threats will actually become more challenging. This is in part due to the fact that more cloud ‘SaaS’ tools are expected to be used over the next 18 months by an increasingly ‘location neutral’ workforce.
As significant changes continue to take place in the workforce, understanding who exactly has access to what, and when, is critical in order to protect the enterprise network against trespassers. But this has also been made more problematic for many companies, with security and compliance gaps surfacing in the rush to maintain business continuity during the lockdown period – issues that IT teams must take action to mitigate.
As offices begin to reopen and organisations prepare for the challenging economic times ahead, it’s crucial any security issues are identified and resolved to ensure business survival. A proper identity governance set up is one of the tools that can help navigate organisations towards long-term stability.
Problems with the break glass approach
The mass shift to remote working brought considerable challenges for IT teams. Time wasn’t a friend, with many organisations responding with ‘break glass’ approaches to getting employees up and running from home when lockdown was announced. The bar to reach was ‘functional’, not ‘optional’ and in the process of shortcuts being taken, access could be provisioned more freely than usual.
Many organisations with basic access management and provisioning prior to the pandemic are being caught out. Without the right tools in place, proper auditing of access and the ability for IT teams to know who has been doing what over the past few months is unlikely. Rather, what is likely is that security and compliance gaps will increase amongst businesses as a consequence of rushing to get the workforce functioning remotely. It’s crucial IT leaders recognise this and take action.
Keeping on top of a changing workforce
The problem intensifies when we consider the dynamic changes in the workforce that are taking place. Many organisations have been forced to restructure their workforce as a direct result of the Covid-19 crisis, from reduced hours, to furloughing, to redundancies.
As we begin returning to the office and more people come off furlough, even more change is on the horizon. Many are returning to their workplace as contract workers, or are seeing their job responsibilities shift to meet new business needs. It’s possible that we may also see a gravitational shift towards zero-hour contracts to help companies and the government prepare for a second wave of Coronavirus.
With an increased number of people moving in and out of the network, this further begs the question: who exactly has access to what right now?
Safeguarding the security perimeter
So, how effective are identity management systems in coping with such significant change in the workforce?
Whether employees return to the office, continue working from home, or undertake a role with different responsibilities, governance plays a crucial part in protecting the enterprise’s security perimeter. Through this, organisations are able to know who has access to what, whether their users should have that access, and how exactly that access is being used. This insight is critical to both compliance and security efforts.
This visibility in turn allows IT teams to speed up the process of enabling and securing their users’ access to key applications, data, and infrastructure. At the same time, it also enables them to pivot quickly as the business’ and users’ needs change.
Here are three key steps to take as workers begin moving back to the workplace, with an identity-based approach at the core:
- Ensure that your access polices are robust and open to scrutiny. Plot your access policies by continually updating and verifying all of your user identities so that they are in line with job roles and responsibilities. You can do this by using built-in compliance policies and mapping of user groups which ensure each employee has the correct amount of access as soon as they enter a new role or leave the business.
- Positive governance is essential, regardless of whether your employees are working from home or the office. Ensure appropriate in-app permissions, gate access based on real-time analytics, and monitor and control user actions. Using machine learning and the latest artificial intelligence tools can enable you to manage this across both your on-premise and cloud applications.
- Achieve complete protection of your data by moving from a perimeter-based data protection to an identity data-driven process. Using identity to identify the owners of the data and the platform enables you to intelligently classify and label data. This should be done for all structured and unstructured data.
Only organisations that have taken the time to follow these steps will be fully prepared to navigate successfully through the challenging times ahead and ensure the workplace of the future is secure – whether that’s from home, from the office, or a combination of both.
Contributed by Ben Bulpett, EMEA identity platform director, SailPoint