What a difference a few weeks can make. We started 2020 with business as usual.
Fast-forward, the current global business disruption has consumed our daily lives and news feeds. Many non-essential workers in countries around the globe have been asked to stay home for the foreseeable future in an effort to mitigate exposure. Of course, that means organizations everywhere have scrambled to assemble work-from-home (WFH) arrangements for millions of employees. For IT and security teams, this demands an unprecedented level of pressure and problem solving on short-notice.
Those of us in security know that as the world hustles to make the best of a difficult situation and adapt to remote working, cyber criminals are taking note and introducing new scams to exploit the vulnerable. New connections, devices and applications have expanded the corporate attack surface to industrious bad actors looking for ways to pull off an attack or breach.
Simply put, in the effort to create large-scale WFH deployments, security – particularly identity assurance - must be at the top of the list of business risk considerations.
The workforce is now even more dynamic
The rapid shift to remote work is also an opportunity for security leaders to examine a challenge that has been evolving since long before the current disruption became a headline: managing the risk of a dynamic workforce.
Securing the 24/7 workforce and enabling employees to collaborate from anywhere and at anytime has been a challenge information security teams have been addressing for years. A growing base of users, applications, devices and data all over the world gives attackers more vulnerabilities to exploit.
Arnold predicts demands for remote access will continue to grow, and for organizations, the challenge will become, “to authenticate them wherever they are.”
Many teams will turn to cloud solutions to collaborate during this period of remote work. The demand is to ensure users have timely access to those cloud-based and on-premises applications they need to work from any device and location.
Organizations may try and apply legacy identity and access management (IAM) solutions designed for an on-site workforce to a now dynamic workforce. This is a recipe for disaster. As Arnold points out, IAM in the cloud is priority one. Organizations cannot rely on outdated IAM practices to secure modern cloud environments. “The cloud offers the opportunity to collaborate and communicate anywhere, anytime,” he said. “But Identity assurance must be the number one security control. If you don't get that right, what you're ending up with is your [information is] compromised and it's no longer sitting within your data centers or protected by a perimeter.”
Stepping up to the new identity challenge today
Now is not the time to relax security protocols in the name of productivity. Instead, it is essential for organizations to revisit their identity and access management strategy. Criminals are hoping to take advantage of the new chaos around remote deployments and will find ways to take over identities and accounts. Managing this growing dynamic workforce risk begins with knowing, with certainty, that the users and entities accessing your critical systems are who they claim to be.
If you haven’t already, it might be time to invest in modern authentication methods to include options that can be deployed as a service in the cloud and distributed digitally. Doing so can help empower employees, partners and contractors to do more without compromising security or convenience. It’ll ensure your workforce has timely access to the cloud-based and on-premises applications they need.
This is just the beginning
The lessons we are learning amid this business disruption will surely be put to the test again in the future. Many analysts note that what we are dealing with now may someday be considered a “new normal.”
Security managers who make the needed changes to their IAM layer today will be the ones best equipped if (or when) this happens again. If you have not learned already, shoring up defenses for IAM should be your number one lesson in order to enable a seamless and secure dynamic workforce.
However, it should be done with care and consideration. In the rush to stand up a remote workforce under pressure, security leaders may overlook key steps that could put the organization at risk down the road, which is why working with a trusted partner is essential for security now – and in the future.
This post was sponsored by RSA, but the opinions do not necessarily represent RSA's positions or strategies.
* The opinions expressed by Tony Arnold are his and do not necessarily reflect that of his organization.
# # #
Joan Goodchild is an award-winning, veteran writer, editor, content strategist and speaker with an expertise in security, risk and enterprise technology. Follow her on Twitter at @joangoodchild.