With the ongoing COVID-19 pandemic and employees continuing to work from home, the focus of enterprise security is now on remote workers. While Infosec and IT managers continue to reinforce firewalls and monitor for suspicious network activity, the bigger threat has been from hacked credentials of homebound employees. That is why you can expect to see more attention being paid to identity access management (IAM) and identity governance and administration (IGA) in 2021.
Remote workers have become a weak point in enterprise security that cybercriminals have been quick to exploit. According to the Identity Defined Security Alliance, 94% of organizations have suffered an identity-related breach, with 79% occuring in the last two years. The most common form of attack is phishing according to 66% of those surveyed, and there was a 667% increase in phishing attacks in March 2020, the first month of the pandemic, and most of those attacks targeted remote workers. It’s no wonder that improving IAM and IGA has become a priority.
Based on what we have seen from our customers in recent months, we anticipate you will see the following trends in enterprise security in the year ahead.
More Focus on Securing Identity outside the Enterprise
When supporting remote workers, IT managers lose control of computing assets. You can’t monitor internet access or control who has access to remote laptops and mobile devices.
Since IT managers have less control over remote workers and their computing tools, IAM is more important than ever. A LastPass survey shows that 98% of organizations rely on IAM for security and 96% say the increase in the number of remote workers has had an impact on their IAM strategy.
As part of that renewed focus on identity security, you can expect to see managing identity becoming a larger security concern across all access platforms. In addition to securing remote computers and laptops, you also can expect to see IAM extend to mobile devices and web browsers, so security follows users no matter how they work remotely.
To simplify governance and compliance, you also can expect to see IAM integrated into remote enterprise access platforms such as Microsoft Teams, Google Chrome, and ServiceNow.
More Adoption of SSO Tools
Single sign-on (SSO) provides a proven way to secure user credentials and more Infosec managers will replace multiple login credentials with SSO. What makes SSO inherently more secure is the use of measures such as multi factor authentication (MFA), security and encryption technology such as Kerberos, and Security Access Markup Language (SAML).
SSO also is easier to manage when it is synchronized with active directories. That way accounts, groups, and passwords can be kept current and secure using a central data repository.
More Adoption of Governance Tools
Of course, authenticating access is not enough. You also need to keep track of what is being accessed, whether users have the proper authority for access, and more. As enterprises scale and more cloud and on-premise resources are added, governance and administration become more complex and identity authentication more important.
You can expect to see more sophisticated IGA solutions that include automated workflows, real-time compliance monitoring and certifications, and smart compliance management to protect assets from digital attacks. You also can expect to see push notifications and real-time authentication requests to promote worker productivity and give users faster access to the applications they need to do their jobs.
More Self-Management of Asset Access
As part of IAM and IGA, users will take on more responsibility for managing their enterprise credentials without assistance from IT. In addition to making real-time requests for access, users will be able to reset their passwords and handle routine identity management. This will help make them more productive since they won’t have to wait for a response from IT or the help desk to access what they need.
Of course, identity self-management doesn’t mean less security. Infosec and IT managers will still have the tools needed to monitor and audit user credentials, ensuring that expired credentials are updated, and users deprovisioned as needed.
AI and ML Will Improve IAM
You can expect to see more automated authentication processes as well. As employees’ roles change and new personnel are added and removed, analytics powered by artificial intelligence and machine learning will help simplify application access.
For example, low-risk requests can be handled automatically, and credential anomalies can be flagged and assessed as potential threats using contextual, analytics. Contextual machine learning also will help detect and prevent data breaches.
Supporting remote workers has increased the threat level for enterprise networks. Shifting the focus of security to protect work-from-home employees will reinforce network security. You can expect to see more organizations reinforce enterprise security by moving away from the principle of least privilege and strengthening identity security with SSO, MFA, and more AI-powered detection to keep remote worker access secure.