The future of work
The rapid and profound evolution of the traditional workplace continues, and it seems clear that the future of work will be defined by a hybrid model that combines remote working and traditional workplace approaches. As KPMG's 2021 CEO Outlook reveals, global CEOs are listening to their people and creating a more flexible work environment that offers the convenience of working from home along with the ability to collaborate and work alongside colleagues in office or workplace settings.
More than half (51 percent) of CEOs are recognizing the demands created by the rapidly evolving environment and will be looking to invest in shared office spaces for increased flexibility. In addition, 42 percent say that they will look to hire talent that works predominantly remotely, seizing the opportunity to expand their reach into a wider pool of talent.
So, there is little doubt that today’s forward-looking CEOs, having addressed the pandemic’s profound disruption and the role employees will play in the future of their businesses, have figured out how to adapt their operations for growth: hybrid working. But this isn’t an entirely new trend, despite its remarkably rapid acceleration and impact.
We’ve actually been moving toward this new way of working for some time — enabled by ever-evolving technology, mobile devices and internet hyperconnectivity. And amid our increased flexibility, it’s also important to note that while the risks associated with hybrid working, cloud adoption and online collaboration platforms are also not new, they are indeed far more prevalent. Today, practically every organization and individual are asking the question: How do we keep our information safe?
Adding to this challenge is the reality that more organizations are outsourcing business support functions to optimize costs and focus on core strengths and objectives. In return, suppliers need remote access to systems and infrastructure to keep everything running. At the same time, beyond supply chains, more companies, institutions and governments are working collaboratively to develop new solutions to common problems and innovation needs. To support this trend, organizations are giving wider access to cross-organizational data, infrastructure and assets.
Meanwhile, embracing the cloud amid the rapid and ongoing evolution of business models has led to the relocation of applications and services from on-premise data centers to virtual cloud environments. At the click of a button, organizations are now able to provide services anywhere and anytime via cloud services.
All things considered, businesses are wisely placing a sharper lens on the need for enhanced capabilities for secure data protection and access controls amid today’s remarkably fast-changing ecosystems and needs.
Enabling today’s hybrid workforce with identity and access management
As many organizations are discovering, their remote workforces, while productive and efficient, can present more challenges than employees working from the security of an office when it comes to the use of technology and its associated risks.
Business leaders are asking themselves — is it necessary to apply additional controls when working remotely more often, or can we rely on the technology that we already use? Looking at current technologies such as virtual private networks (VPNs), virtual desktops and mobile devices, are they fit for purpose now and into the future? These technologies are mostly based on the concept of making information inside the organization easily available outside the organization.
Working remotely thus means that anyone with an internet connection can attempt to access your organization’s network and information. In this scenario, it’s absolutely desirable, if not imperative, to have a higher level of assurance for identity verification and data-centric security, especially in verifying the identity of those attempting to access privileged spaces, business-critical systems or a company’s confidential data.
Identity and access management (IAM) can serve as the critical gatekeeper of valuable information and resources within today’s evolving organizations. When designed and implemented effectively, it can be the answer to mitigating remote working security risks while simultaneously helping to improve efficiency. Consider the following areas when enabling your hybrid workforce with IAM:
- Becoming context aware
Context awareness is now added as a feature to IAM products to evaluate, based on specific variables, the identities of those trying to access data. Variables such as employee location, time of day and device used to login are evaluated to provide a risk level. The risk level drives controls that deliver additional assurance of the user’s identity. For instance, an organization could require an extra authentication factor when someone is accessing a business-critical application. The challenge we face in today’s new reality is that business hours aren’t as black and white as they were when on-premise working was the norm, and the boundaries between work and home life have blurred, causing people to work in different ways and posing diverse new challenges that demand solutions. IAM can be the answer.
- Ensuring identity and access governance is up to par
In addition to verifying identities, it’s crucial to make sure access rights are granted appropriately, whether working remotely or locally. The quality of the overall governance (processes, procedures, approvals and monitoring) of IAM can have a big impact on visibility and control over authentication and authorization. The more an organization gets it right, the more likely that threats will be identified before impacting the business. Assigning responsibilities and performing reviews seem like such simple tasks, but a lack of these basic elements across many organizations is one of the biggest reasons why IAM-related incidents are completely missed or identified too late.
- Integrating IAM with security operations
While hybrid working can increase the time needed to identify a security breach, IAM can aid in timely detection. Security incident and event management (SIEM) solutions have excellent capabilities when it comes to monitoring user activity across an organization, but it’s missing the context to determine whether user activity is authorized or not. The missing context can be found in IAM. Integrating SIEM and IAM enables a SIEM solution to better identify exceptions, and IAM can be used to deactivate access in response to a threat.
Hybrid working may be here to stay — and make no mistake, so are the associated risks. There’s a clear need to stay on top of these risks and IAM is a core element of the solution. It can help you gain control over identity and access rights and ensure you and your information stay safe during the modern era of hybrid working.
Explore the future of IAM article series
Get in touch
The email address you've entered is already tied to an existing account. Please enter your password to log in.
KPMG thought leadership is always available to our registered users
You’ve successfully logged in.
Please close this pop-up to return to the page.
Please provide the following information to register.