What you need to know about ‘Identity-first Security’: The rise of remote

by Eric Tocatlian

Today’s Axiad blog will continue our analysis of Gartner’s Smarter With Gartner, “Gartner Top Security and Risk Trends” April 2021,[1] which suggested several risks and trends of cybersecurity which are going to be crucial for an enterprise culture ‘turned inside out’ by the last year.

We’re taking a look at the ‘identity-first’ concept, about which Gartner says:

“Identity-first security has been considered the gold standard for a while, but because many organizations remained in more traditional setups, it wasn’t a focus. Now that the pandemic has pushed organizations to be fully (or mostly) remote, this trend has become vital to address. The result of these technical and culture shifts is that ‘identity first security’ now represents the way all information workers will function, regardless of whether they are remote or office-bound.”

The changes in our working culture have placed identity at the center of business function, and this needs to be recognized globally. So, how can we help to support the ‘identity-first’ mindset?

How ‘remote work’ became ‘work’

It will come as no surprise to anyone that remote work skyrocketed during the pandemic, with national lockdowns requiring many office-based individuals to transition to working from home: according to The Economist, before the pandemic this figure was around 5% - rising to 60% by spring 2020.

While this started out as a necessity when the pandemic first began, remote work has now become an expectation for many employees. Employees expect a degree of flexibility, and our identity credential management needs to catch up to the new working reality. In the ‘new normal’ it is likely 20-30% of individuals will work remotely on a permanent basis, up from 5%. This is a significant chunk of the workforce and presents its own unique security risks.

The associated security concerns

One of the biggest concerns is that hackers and cybersecurity do not exist in a vacuum. Hackers know that organizations were scrambling to transfer their employees to remote locations, and threats rose accordingly. A Remote Work Survey conducted by Axiad found that phishing threats (71%) and malware (61%) have emerged as the most significant new threat vectors concerning remote work environments. Without the protection of a centralized, office-based environment, these treat vectors could have a significant impact on an organization’s security posture.

Furthermore, the move to remote means an increase in the number of machine identities and applications necessary for an organization to effectively communicate and continue operations. Whether this is a whole host of corporate accounts such as Slack or Zoom, or new devices added due to remote working (such as personal laptops brought into the corporate network), all of these devices and applications increase the enterprise’s vulnerability to hackers and will need authentication. This has caused many businesses to increase the number of credentials their employees must use. According to a recent Axiad and Dark Reading report, two-thirds of businesses said the sudden shift spurred an increase in the adoption of new types of credentials. An increase in credentials means an increase in time and resources spent on credential management.

These credentials need to be deployed and tracked by the IT department. Ensuring that every credential is correctly issued and used by employees is time-consuming, not to mention the day-to-day and tracking of credentials as employees onboard and offboard. This means that IT teams focus attention on credential management as opposed to more business-focused undertakings, which could provide increased value for everyone involved.

Beyond the challenges for IT to manage these new tools, the confusion of managing various identity credentials may also discourage remote employees from following security policies. The Axiad Remote Work Survey found that more than half (52%) of tech leaders said their remote employees had found workarounds to their company’s security policies.

This is the core of the problem: If new credentials are not user-friendly, then remote employees will not use them and will leave their business exposed to risk. If these authentication methods are causing the employees too much friction, they will prevent them from doing their jobs.

The Solution: An identity-first strategy

The obvious solution is for organizations to adopt to deploy a system that makes deploying and managing multiple authentication methods simple for both IT and remote employees. Platforms like Axiad Cloud can help to simplify this process by offering a single pane of glass for any credential employees require, whether it’s Windows Hello for Business, Yubikeys, smart cards, mobile authenticators, etc. This offers streamlined support for IT teams and means employees can work from anywhere, safely, and effectively without the need to develop workarounds just to do their jobs.

Keep an eye on the Axiad blog for our third and final blog in the ‘Identity First’ series.

[1] https://www.gartner.com/smarterwithgartner/gartner-top-security-and-risk-trends-for-2021

About the Author

Eric is the Chief Revenue Officer at Axiad.