The mass shift to remote work environments driven by the on-going health crisis seems to have happened almost overnight. As disruption spread globally, remote work became a critical enabler of business continuity and resiliency. Organizations are now rethinking how the workforce will operate in the future. In fact, Gartner reports more than 70 percent of CFOs plan to shift to permanently remote positions, and we’ve already seen companies like Twitter permanently transition working arrangements, announcing employees can continue working from home indefinitely.
The new reality of remote work comes with the challenge of identity assurance and delivering secure, convenient access to dynamic user populations. Outside of the office walls, how can organizations confidently ensure employees are who they say they are, and avoid compromising security for user convenience? Passwords are often the weakest link in a business security chain. In fact, weak or stolen credentials are the most frequent entry point for data breaches. This identity risk is amplified by the crisis as employees adjust to remote work and cybercriminals look to seize on the moment, exploiting new vulnerabilities.
Passwordless Authentication at VMware
With this in mind, we’ve reached an inflection point – will the on-going health crisis prove to be a catalyst for accelerating the journey to passwordless authentication? During a RSA webinar, Brad Doctor, Senior Director of Security Architecture and Engineering at VMware, discussed a future without passwords and supporting the diverse identity and access management requirements of a global, dynamic workforce. “VMware went from many of our employees working in a traditional office setting to about 97 percent of the workforce being remote inside of a week,” he said as the company rapidly shifted to business resilience mode amid the disruption. Prior to this, VMware was on the path to a “passwordless existence” with two goals in mind: user satisfaction and improved security.
Better User Experience = Higher Productivity
For its more than 30,000 employees across the globe, VMware recognized that an ideal user experience eliminated the burden of remembering complex passwords and the required cadence of changing passwords.
Psst … What’s the Password?
On the security front, with the growing number of threats and the increasing sophistication of attacks, VMware has no assets available to employees that use a password as a single factor of authentication. “Keeping anything secure that uses passwords is almost impossible,” Doctor noted pointing to the direct connection between data breaches and credential abuse.
Authentication Choice is Critical
As the VMware workforce continues to work remotely, the acceleration of passwordless authentication is more important than ever. To quickly scale less password use, VMware is taking a two-pronged approach to secure endpoints: the fully managed experience and the unmanaged experience.
The fully managed experience is a full security stack with managed, pre-configured apps, certificates and push authentication that has created an intuitive and easy-to-use authentication environment that helps boost productivity. “We don’t want users working around what we built, we want them being advocates for what we’ve built,” Doctor said. Employees are able to open Microsoft Word, Excel or any corporate managed application and start being productive without worrying about the friction of entering a username and password.
In the unmanaged experience, tokens and additional authentications steps come into play. VMware uses RSA SecurID Access for push authentication to add an additional layer of security. Across endpoints, VMware employs push authentication, FIDO tokens and certificates, as appropriate, in different scenarios. Eliminating the need for passwords from any location, device and cloud application has empowered a productive and secure workforce amid the massive shift to remote work.
Preparing for What’s Next
Today’s disruption has highlighted the need for businesses to act promptly and prepare for the long haul. As remote work becomes the new normal, new identity risks are introduced as the “office walls” lose physical boundaries. Secure and convenient authentication must go hand-in-hand. To address the new dynamics, organizations should tap a solution that can help mitigate identity risk and maintain compliance without impeding user productivity. In a distributed workforce, the ability to ensure users are who they say they are and have appropriate access is critical.
The journey to passwordless authentication will dramatically accelerate as organizations look to provide simple and secure access to resources for remote employees. There’s no doubt we are witnessing a workforce revolution and organizations must pivot to quickly respond and support distributed workforces capable of working securing from anywhere.
If your organization is looking to address the identity and access management risk of a dynamic workforce and take the journey to password authentication, check out the RSA SecurID Suite for more information.
Author: Jacqui Berg
Category: RSA Point of View, Passwordless, IAM, RSA SecurID Access, Identity Assurance, MFA, Business Resiliency, Business Continuity