How COVID-19 Has Emphasized Immediate Need for Change in IAM
Globally, COVID-19’s impact has been seen throughout all aspects of life. One such clear way is through remote work. In order to control the spread of the virus and to keep employees safe, many companies are restricting travel and requiring people to work from home.
This rapid shift has illuminated shortcomings in corporate digital identity infrastructures that need to be fixed for effective economic recovery, in an increasingly digital environment. Likely, these changes have affected you and those around you. Read on to see some specific examples of problems with identity management that have surfaced throughout the last few months.
Problems With the Status Quo
Mobile device monitoring and authentication: establishing secure connections with mobile phones, tablets, laptops within a flexible workplace environment poses unique vulnerabilities while outside of a secure work location.
Bring Your Own Device (BYOD): this refers to the idea that employees can integrate their personal devices into a corporate network. This introduces variability around device type and operating system that all need to have different permissions in a network. The current lack of consistency prevents a unified approach to network security.
Endpoint security: with each new device added to corporate networks, a new potential entry point is created for hackers. It has also become clear that it is inconvenient and costly for both employees and companies to verify on every device, every time they want to log in.
Maintaining data security: maintaining data security and privacy is challenging due to an increase in targets and human error. Users are using personal devices that increase entry points and that are not to the same security standard as corporate devices.
Public WiFi: as businesses open back up, employees may begin to use public WiFi, which presents additional vulnerabilities.
Nobody can predict how long these challenges will persist, but it is clear that this new reality will last for the foreseeable future. However, there are some easy paths forward that will help increase your company’s data security while maintaining business functionality.
Secure authentication should be a base standard. Multi-factor authentication should be a priority and can be implemented remotely.
Many identity management providers provide strong authentication that is fast, cheap, and more convenient for users. Some store user data on personal devices and require biometrics to access that data, ensuring that not only the device is the same as before, but also the person is.
This effectively eliminates social engineering frauds because both the device and person need to be authenticated. This approach is faster, as users only need to scan their biometrics each time they log in, instead of continually manually doing MFA (e.g. tying in a secret code that they receive by SMS) that is vulnerable to attacks like SIM swapping.
Lastly, shared-KYC technology is cheaper because companies do not re-authenticate each time a user logs in, saving costs with per-transaction verification providers. Companies may even generate revenue by selling these secure verification credentials to other businesses, benefiting both consumers and companies.
The globalization of the economy, compounded by vulnerabilities exposed by the growing pandemic, illustrates the importance of creating and implementing more robust digital identity access structures.