29 November 2021
When Covid-19 started to rapidly spread around the world and governments began to introduce lockdowns, working from home was suddenly thrust upon many. Not only did these employees have to adjust their working styles and environments, but IT teams had to scramble to very quickly stand up new platforms and systems to enable this suddenly highly distributed remote workforce. Similarly, as consumers, we had to find new ways to shop, socialise and entertain ourselves, increasingly through online services and applications.
Securing systems with bubble gum and duct tape
As the workplace suddenly went remote at the outset of lockdowns, bubble gum and duct tape became the “go to” toolkit for many IT organisations struggling to enable secure worker access. Twenty months on, many IT teams are left having to manually manage parallel work streams and user access processes, adding cost, complexity and risk.
This is not a temporary problem. In our recent Securing the New Hybrid Workplace survey, 97% of employees expressed that they want a hybrid workplace, with 80% of company leaders stating they either have or are considering a hybrid model. As we find ways to navigate the now permanent hybrid workplace, Identity and Access Management (IAM) is critical to enable secure seamless worker access. In fact, recent research by Omdia for Entrust found that the majority of respondents (56%) reported that their budget for IAM had increased.
Multi-factor authentication (MFA) is a core component of IAM. At present, Omdia’s research reveals that 57% of responding organisations use between two and five MFA workforce solutions and 14% use more than five, highlighting that most organisations use a range of cloud and on-premise platforms and applications each requiring their own set of user credentials. This creates an extremely poor user experience which unfortunately then promotes poor user security hygiene like password reuse and recycling.
To build a more secure and productive workforce in this hybrid environment, IT organisations must ensure temporary measures don’t become permanent fixtures in the new working framework. The good news is that organisations are considering a more permanent approach to their hybrid/distributed workforce including implementing identity orchestration as part of their IAM solution to help unify disparate identities and work streams especially in hybrid/multi-cloud environments. Nearly half (47%) of those interviewed by Omdia said they were looking to augment existing IAM implementations, and 42% also said they would focus on migrating to the cloud. IT departments will need to analyse and take stock of how to create this environment for their organisation to ensure that users and their devices are verified securely and seamlessly, whether they are within or beyond the organisation’s perimeter.
The future: a permanent approach to hybrid working
This year, we have witnessed significant cyber attacks such as the Colonial Pipeline breach where hackers took down the largest fuel pipeline in the US through a compromised password. As we look towards 2022, we expect to see more companies embrace a Zero Trust approach. The basic premises of Zero Trust are trust nothing, verify everything related to users and devices, assume the network is hostile and only give entities least privilege access - the minimum permissions they need to fulfill their function. With a least privilege access strategy, every device, user and network flow require authentication and authorisation, allowing organisations to quickly identify suspicious behaviour. Entrust’s 2021 Hybrid Workplace report has already revealed increased use of MFA technology that verifies someone’s credentials before granting access, with 51% rolling out one-time password technology and 40% using biometric authentication. The report also revealed that 36% use mobile identity verification that provides users with a credential on their mobile phone that grants access. The adoption of Zero Trust is certainly increasing in this hybrid landscape and is expected to grow as we approach 2022.
We also expect to see organisations generally streamlining solutions with centralised identity management, enhancing the use of self-service tools for better customer experiences and less friction. The use of digital identity proofing is likely to increase as more organisations adopt a hybrid workplace and consumers need to verify themselves. For example, banks and credit unions will rapidly adopt mobile account sign-up and onboarding experiences.
In summary, the bubble gum and duct tape that has held many organisations together over the past 20 months is losing its sticking power and won’t last forever. Providing a better user experience for employees will mean a future of doing business with less friction and more trust. As 2022 approaches, we hope to see a better balance in the eternal IT struggle between security and convenience.
By Jenn Markey, VP product marketing, payments & identity, Entrust