itb-au logo
Story image

Has the crisis killed the perimeter?

17 Aug 2020

Article by LogMeIn A/NZ vice president Lindsay Brown.

For a while now, the cybersecurity industry has been transitioning away from security approaches centred around hardening perimeter defences. The recent pandemic and the shift en masse to remote work has highlighted many of the shortcomings of perimeter-centred security, further cementing that it is no longer a valid option for the future of work. 

Remote work has introduced several obstacles for security leaders that challenge the notion that there is a security perimeter that they can protect and defend. For one, it has led to a surge in BYOD, BYOA (Bring Your Own App) and shadow IT.

Employees are accessing the network via a number of devices (many of which have not been vetted by IT teams) and, without IT looking over their shoulder, many are downloading apps they have discovered themselves to help do their job.

Even with a VPN in place, employees working remotely still sit outside the traditional security perimeter, exposing the business to greater risk through data breaches launched via phishing or credential abuse.

The pandemic has also hastened many organisations’ moves to the cloud and adoption of Software-as-a-Service products for business continuity, cost efficiencies and digital transformation initiatives.

According to research from the Boston Consulting Group, 80% of senior executives around the world report digital transformation is more urgent, 61% want to take control of these programs and 57% anticipate increased investment. While digital transformation is undoubtedly required for success in today’s business landscape, it unquestioningly complicates cybersecurity, for example, by making it extremely difficult to manage security at the edge and achieve visibility.

The answer? A focus on identity and access management

For these reasons, IT teams are increasingly realising that to protect users of modern technology, the focus needs to be risk mitigation by managing identity. A modern IAM strategy can make the transition to a remote workforce easier by securely connecting employees to their work, all the while IT maintains complete control.

Here are seven ways a modern (remote) IAM strategy can address security risks in the work-from-anywhere era:  

  1. Manage access: Single sign-on (SSO) is an integral component of a remote IAM strategy and gives IT teams the control they need to manage which employees have access to which applications. IT can provision access to a corporate application, an individual or group of users, all with the insight into which users are logging in and the flexibility to revoke access as needed. Employees can improve productivity by securely navigating between assigned applications without needing to type a password each time. 
     
  2. Enforce authentication: When employees are not physically in the office, how can IT be sure the user logging in is legitimate? Whereas access enables employees to log into an application, authentication ensures the employee is who they say they are. Multi-factor authentication (MFA) adds an additional layer of security to every login attempt and is an integral part of any IAM strategy
     
  3. Be contextually aware: Another consideration for remote work is to understand the context of the login by analysing factors such as time, device or location. Contextual authentication policies can help IT teams restrict access based on these specifications and ultimately gain tighter control.
     
  4. Lock down VPNs: A virtual private network (VPN) enables employees to connect to the corporate network even if they are not in the office, which is particularly important if employees are using a public WiFi network. Every business should leverage a VPN, ideally with an added MFA security layer on top.
     
  5. Securely share: On average, a business uses 185 shared folders. Without visibility into and oversight of those shared credentials, businesses face increased security risks. This is particularly important when teams are remote and need a secure way to communicate and share credentials with their teammates. Credentials should always be shared through a password manager, so that every password is encrypted and no one who shouldn’t have access to the password gains access. Password sharing also helps teams securely collaborate and ensures every team member has access to shared accounts during remote work while IT can get insights into potentially risky behaviours.
     
  6. Go passwordless: Passwords continue to cause significant frustration and risk—to the degree where 80% of data breaches are caused by weak or stolen passwords. During times of remote work passwords are even more at risk, especially if teams aren’t securely sharing. Every password is an entry point to the business and if IT doesn’t have oversight into where employees are storing those passwords or logging in from, those business entry points are exposed. Passwordless authentication technologies, such as SSO, integrations and biometric authentication, removes the password from the employee login experience so password risks and frustrations are eliminated. 
     
  7. Maintain complete insight: Even though employees aren’t physically in the office, IT and security teams need to know who is accessing what application, from what device and from what location. Modern IAM strategies take into account how this visibility can be achieved for IT and security teams to ensure they can monitor activity with the insights to make access and authentication adjustments as needed.

The pandemic is redefining the business and cybersecurity landscape at enormous speed. It has highlighted the need for IT teams to abandon the concept of the security perimeter and instead elevate the role of identity in cybersecurity.

Having a modern IAM strategy that encompasses the above fundamentals is imperative to ensure employees can seamlessly access information and apps to remain productive without compromising the organisations’ security as we enter the new normal of working

Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More
Story image
Webinar: The future of data centres in the face of climate change
Digital Realty has today announced a webinar based on its recent report exploring the role of data centres within the climate change debate, and will explore the viable solutions available to help data centre operators fight the rising tide of environmental challenges.More
Story image
D-Link launches new router and cloud IoT management solution
The DWM-315 is a 4G LTE Cat 6 Dual SIM M2M VPN Router with EWAN and GPS and the D-ECS edge cloud management solution expands the D-Link IoT range.More
Link image
How to supercharge digital transformation with Azure training
Cloud computing is proliferating fast in New Zealand, but many organisations are being held back by limited knowledge. Power up your transformation with Auldhouse's Azure training classes.More
Story image
In the sprint towards digital transformation, don’t neglect your data
Three tips to locate, secure, and understand dispersed corporate data.More