In the post COVID-19 era, Identity and Access Management (IAM) will become more critical than ever. As businesses try to cope with the challenges of COVID-19 by adopting new cloud technologies, they now face a huge increase in users to manage as well. Meanwhile, according to a poll conducted by the HID Global, an average of 67 percent of respondents expect the future of work to be a hybrid arrangement that mixes office, onsite and remote working — meaning that employees, where possible, will want the flexibility to choose to work wherever they want. So, what will this mean for Identity and Access Management?
The importance of IAM will double every two years.
Hybrid working requires hybrid access provisioning
To facilitate working from anywhere, many businesses have already migrated to cloud technologies. During this migration, users were over-provisioned, little attention was paid to securing their Cloud environment and more access than necessary was granted in many cases. Organizations stepped away from their (privileged) access management policies to facilitate working from anywhere, which resulted in many (privileged) IAM roles becoming exposed. In order to ensure business continuity, some users may even have been granted extra permissions as well. Once we enter a post-COVID era, withdrawing or managing these unwanted privileges will be key to maintaining secure digital infrastructure. To overcome such exposures and security challenges, implementing a combination of identity governance and (privileged) access management is an important next step.
A side-effect of making such a quick transition to cloud technologies is an increased pressure on service desks and IT teams. Employees who worked from the office quickly needed remote access for their day-to-day tasks. This resulted in a sudden large amount of access requests for service desks and/or (de-)provisioning for IT Teams. After COVID-19, a similar increase in routine human tasks like provisioning, de-provisioning, or auditing may happen again. However, we are concerned that this critical process will not be prioritized. This can be addressed by putting in place a solid IAM platform with automated access (de-)provisioning and automated reporting, to ensure continuity in case of another disruption of business-as-usual.
Back to the future
Enforced remote working has impacted the IAM-strategy of all organizations and will continue to do so for the foreseeable future. Remote working - or a hybrid form of remote and other work arrangements - is here to stay. It will continue to have a major impact on organizations’ cyber security, emphasizing the criticality of a long-term IAM strategy and a Zero-Trust Strategy, which states “Never Trust, Always Verify”.
The Zero-Trust Strategy, which is larger than the IAM strategy, starts from visualizing your own strengths and opportunities, in order to reach and extend your company goals. Many employees are currently working outside of their regular working hours, from exotic locations, and/or need access to systems that they usually can only access when working from the office. This causes organizations to allow a bit more access than they may otherwise be comfortable with. However, if we come to the point where we can return to a pre-COVID working norm, organizations must ensure a robust IAM Strategy, which allows all users to be granted the correct access rights for a certain period.
This article is part of a larger story with regards to identities and their behaviors. Whereas the workforce IAM is spotlighted in this case, a brighter focus will be put on the customer as well as on OT. These articles can be found here in the coming weeks.
Authors: Karel Dekyvere, Laurens Verhoeven, Louis Dacquin