7 minute read
THE CRUCIAL IMPORTANCE OF IAM IN A HYBRID
WRITTEN BY: MARCUS LAW
n today’s digital landscape, where data breaches and cyber threats have become commonplace, safeguarding sensitive information has, in turn, become paramount. As the pace of technology adoption continues to move at breakneck speed, the importance of robust cybersecurity measures has never been more critical. Among the various security challenges, managing and protecting user identities has emerged as a top priority. Consequently, the demand for effective Identity Access Management (IAM) solutions is rapidly escalating.
Advertisement
A crucial aspect of modern-day digital security that involves the management of user identities and their associated access privileges to digital systems, applications, and resources, the IAM market is projected to be worth US$39.26 billion by 2030 as the digital landscape continues to evolve.
Enabling
educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience.
MARC ROGERS SENIOR DIRECTOR OF CYBERSECURITY STRATEGY, OKTA
“Hybrid work is more common than ever and employees need secure access to company resources, whether they’re working on-site or remotely,” says Microsoft. “This is where IAM comes in. The organisation’s IT department needs a way to control what users can and can’t access so that sensitive data and functions are restricted to only the people and things that need to work with them.”
IAM encompasses the processes, policies, and technologies that enable organisations to control and secure access to their critical systems, applications, and data. It provides a framework to manage user identities, authenticate their access, enforce security policies, and monitor user activities across various platforms. With the proliferation of cloud services, mobile devices, and remote work arrangements, traditional perimeter-based security measures are no longer sufficient. IAM solutions provide a centralised approach to identity management, ensuring that only authorised individuals can access valuable resources, while minimising the risk of unauthorised access and data breaches.
Zero Trust, cyber hygiene, and the rise of identity-first security
A security concept that has gained significant prominence in recent years and plays a crucial role in IAM, Zero Trust shifts the traditional perimeter-based security model – which assumes trust within the network
– to an approach that enforces strict access controls and verification for every user and device, regardless of their location.
In the context of IAM, Zero Trust extends the principle of “never trust, always verify” to user identities and their access privileges. It emphasises continuous authentication, authorisation, and validation of users throughout their entire session, rather than relying solely on initial login credentials. By adopting a Zero Trust approach to IAM, organisations can achieve greater granularity and control over access, reducing the risk of unauthorised access or lateral movement within the network.
As explained in a whitepaper by Okta, Zero Trust is not a novel concept or idea.
“The industry has been discussing the reality of the shifting perimeter for nearly two decades, with origins back to the Jericho forum. It has really only been within the last 5-10 years that we have finally reached a point where organisations are prioritising security strategy and technology has seen enough innovation to support the implementation of these new strategies,” it says.
“This was brought into sharp focus in 2020. The worldwide pandemic forced many organisations to shift operations to support remote work overnight, effectively dismantling traditional security models, accelerating the adoption of cloud technologies, and forcing the shift
Denis Dorval
TITLE: VP SALES INTERNATIONAL
COMPANY: JUMPCLOUD
LOCATION: LONDON to support remote work outside the safety of a corporate network. As the world emerged from the pandemic, many organisations made the decision to continue to support a dynamic work model, meaning they must maintain flexibility while securing fully distributed workforces and hybrid working models.”
JumpCloud VP of International Sales Denis Dorval has decades of experience as a proven senior executive in providing software for start-ups and high-growth organisations. He is passionate about leading through innovation with disruptive software and business models, and is an expert in delivering sustained customer success, consistency, and predictability to help businesses to meet their long-term goals.
Marc Rogers, Okta’s Senior Director of Cybersecurity Strategy, explains that an ‘identity-first’ strategy is crucial: “Our security strategy is identity-first – on top of impeccable, basic security hygiene. Gartner has described identity-first security as reaching critical mass’ in the past year, and this is mirrored in what we see in demand from our customers. The trend is not going away.”
“Our Identity-First research has shown that in the wake of the pandemic, identity and access management tools are increasingly important, whatever industry you work in,” adds Rogers. “The pandemic saw network perimeters become increasingly elastic for many companies – and, in many cases, these boundaries broke down altogether.”
In Rogers’ view, the traditional ways of thinking about security are no longer enough: “More than half of companies already adopt a model where a strategic approach to identity is at the centre of security architecture. This can ease the pressure on overworked support teams and, at the same time, limit the impact on productivity. Single Sign On and Multi-Factor Authentication solutions can help to ensure that security is not a time drain for workers.”
“Cybercrime is continually evolving, but cybercriminals are also fundamentally cheap by nature – if a method works, they will keep using it until it stops working. Large changes are expensive for criminal organisations, just as they are for legitimate ones. It is up to businesses to stay ahead of the game by investing in relevant technologies, stopping threats like ransomware before they can gather pace. However, it is also up to all of us to collaborate in creating an ecosystem that is designed to reduce the profitability of criminals and protect those victims less able to protect themselves, such as organisations that exist below the cybersecurity poverty line.”
A robust approach to identity management
Denis Dorval, Vice President, International Sales (EMEA & APAC) at JumpCloud, comments that, despite large-scale cyberattacks filling the headlines and the growing emphasis on security in the boardroom, instilling good cyber hygiene into an organisation’s culture remains challenging.
“As organisations increasingly rely on digital technology to manage day-to-day operations and take advantage of working on cloud and hybrid environments, IT admins handle a number of users, devices, and applications,” he says. “The doors for data and systems to exist anywhere and allow organisations to adopt work-from-anywhere practices also leads to cracks appearing, creating security risks for businesses.”
“Employees demand flexibility, operational efficiency from their IT stack, and robust security. Despite being widely accepted among CISOs and IT admins as the best threat mitigation strategy, the zero-trust framework is rarely implemented with this in mind. The patchwork of point solutions and MFA applications used in many modern businesses creates a headache of fragmented identities that IT admins struggle to manage centrally. The core ethos of “never trust, always verify” only adds friction to a user’s day-to-day workload.”
Looking to the future, organisations should put identities at the heart of their IT security strategies, leading to IT departments moving from patchwork solutions and on-premises Active Directory environments, Dorval concludes. “A robust identity and access management strategy is the most effective way to protect organisations’ wider attack surfaces.”
WRITTEN BY: MARCUS LAW
he pandemic might be behind us, but hybrid working is here to stay – with a recent report by Littler Mendelson PC finding over 70% of US employers are embracing hybrid work models.
But, though hybrid working offers many benefits, such as increased flexibility and reduced overhead costs, it also presents unique cybersecurity challenges that companies must address. With employees accessing sensitive data from multiple locations and devices, the risk of cyberattacks and data breaches is higher than ever before.
According to a report by EY, remote working can increase an organisation’s vulnerability to security threats, such as cyberattacks, data breaches, fraud, bribery or corruption. Ransomware attacks and social engineering risks increased by 53%, the report said, while 40% of organisations reported a cyber intrusion directed at their remote work environments.
As remote and hybrid working continues to become the norm for many organisations globally, IT teams face the challenges of ensuring the new corporate network and infrastructure are fully equipped to be able to securely facilitate this new flexible work environment.
As Etay Maor, Senior Director of Security Strategy at Cato Networks, explains, traditionally, the corporate workforce has been tethered to office configurations that made it easier to provide secure access to company applications.
Etay Maor
TITLE: SENIOR DIRECTOR OF SECURITY STRATEGY
COMPANY: CATO NETWORKS
LOCATION: GREATER BOSTON
Etay Maor is an industryrecognised cybersecurity researcher. Previously, Etay was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Etay has also held senior security positions at IBM – where he created and led breach response training and security research – and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams.
Etay is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and an MA in Counter-Terrorism and Cyber-Terrorism.
“This,” he says, “has made the need for strong security measures even more complex as traditional perimeter-based network security solutions are no longer sufficient to protect remote and office workers from cyber threats.
“The rise of remote work and cloud technology has rendered traditional, perimeter-focused security solutions obsolete. If a significant percentage of an organisation’s users and IT assets sit outside of the protected network, then defending that perimeter provides the organisation with limited protection against cyber threats.”
As hybrid work has become the de facto standard for many companies, postpandemic, organisations must also become more flexible with their workplace policies.
“Therefore,” Maor adds, “organisations looking to support hybrid work will require a long-term strategy that ensures their infrastructure is equipped to securely facilitate this new flexible work environment.”
Disparate workforce creates new security challenges
The current threat landscape continues to present the modern enterprise with numerous challenges with remote and hybrid working only compounding those issues further for the IT team. A dispersed workforce creates more specific challenges associated with remote and hybrid working.
