Going to the office, shopping at the mall, and travelling all seem like a distant memory. But while many look forward to getting back to the way things were, the recent rapid digital transformation has also had several positive impacts, like improved workforce productivity and greater convenience and flexibility for many employees. Long after the virus recedes, a digital-first world will be our new normal.
This transformation has made for a challenging year for IT security professionals charged with protecting and enabling workers and consumers while battling an intensified threat landscape. Home-grown manual identity and access management (IAM) approaches are simply not up to the task of improving security and user experience at the same time.
The digital-first world demands a modern approach to IAM. Key considerations include:
- Apply a Zero Trust approach – Every device, user, and network flow needs to be authenticated and authorized. Zero Trust principles include adopting a least privilege access strategy for users, applications, and data; providing secure access to resources irrespective of the location of the resource and purpose or person it is serving; enforcing access control at all levels including the user, network, and application; and auditing everything to quickly identify suspicious behavior.
- Adopt invisible security wherever possible – Look for opportunities to inject security behind the scenes. IAM systems can check device reputation before allowing access, flagging suspicious conductions like a device operating behind a TOR-based browser or proxy, having been used previously for fraud, or jailbroken or rooted. Another example is adaptive risk-based authentication, which provides step-up authentication challenges only when conditions warrant, like a login on a new device, at an unusual time of day, or from a new location.
- Make the most of mobile – A mobile-first approach lets you provision secure credentials once on a mobile device, and then unify user interactions across systems based on these secure credentials. Trust is established in the device and user first before enabling secure access. Continuous pattern and session monitoring combined with adaptive step-up authentication ensures that this trust is maintained over time.
- Address the hybrid-cloud, multi-cloud reality – Unless you’re a startup, you likely have multiple distributed directories (i.e. Active Directory, Azure AD, and LDAP) managing user access to a multitude of cloud and on-premises apps, which may also include legacy systems. Managing this complexity adds cost and risk. Look for an IAM solution that can provide unified identity management with workflow orchestration to help you securely and seamlessly navigate today’s hybrid reality.
- Go cloud first – This past year highlighted the need for security solutions that can be quickly scaled up and down, as business requirements dictate. Cloud-based solutions offer a reduced total cost of ownership relative to on-premises solutions with no incremental hardware costs, and they free up scarce IT resources from ongoing maintenance and support efforts. So, as you evaluate your IAM roadmap, look for a cloud-based solution that offers the simplicity to be deployed, scaled, and maintained on-demand.
To learn more about modern identities for our digital first world, join this webinar.