As offices emptied and remote work became the norm, security teams struggled

One Identity released a global survey that reveals attitudes of IT and security teams regarding their responses to COVID-19-driven work environment changes. The results shed insight into IT best practices that have emerged in recent months, and how organizations rushed to adopt them to maintain a secure and efficient virtual workplace.

remote work security teams

Cloud computing has been a lifesaver

99% of IT security professionals said their organizations transitioned to remote work because of COVID-19, and only a third described that transition as “smooth.” 62% of respondents indicated that cloud infrastructure is more important now than 12 months ago.

Thirty-one percent attributed this shift directly to COVID-19. The cloud has become front and center to the new working reality, creating flexibility for employees.

These results demonstrate that the previous level of attention to cloud deployments, while notable, does not appear to have been nearly enough to accommodate the dramatic computing shift across organizations.

“This research makes it clearly evident that cloud computing has been a lifesaver for many enterprises as IT teams pivoted and supported the massive shift to working away from offices,” said Darrell Long, president and general manager at One Identity.

“While we knew the pandemic-driven changes were sudden, what was particularly notable was how strongly the results proved that organizations had to turn their focus on the immediate challenges presented by the aggressive move to cloud computing, chiefly finding solutions that streamlined administering and securing who has access to what and how.”

Higher priority on access request technologies

Shifts in priorities indicate organizations are turning their focus on tackling the security basics. When compared to 12 months ago, 50% of respondents are placing a higher priority on access request technologies, and 31% said this change in prioritization is because of COVID.

Identity/access lifecycle management, identity process and workflow, and role management all saw increased priority among at least half of those surveyed.

Perhaps shell shocked, only 45% of IT security professionals indicated they are prepared for the IT changes necessary when their employees move back to organizations’ offices, according to survey results. Yet, 66% expressed increased confidence in the effectiveness of their identity management programs post COVID-based changes.

“We now know the truth: the COVID pandemic did not change the need to be productive, nor did it change the regulatory compliance requirements companies face, but clearly IT and security teams scrambled to shift their systems to accommodate work from home in a secure and controlled way,” said Long.

“Companies and organizations were helped to an extent by cloud investments that prepared them pre-COVID. However, most of them are still dealing with new challenges as employees adapt, IT and security teams effectively respond to the challenge of providing effective processes for gaining access to the resources needed for the workforce to do their jobs and security challenges associated with this new working environment.”

Why you should be rushing to deploy multi-factor authentication to support remote work

With a third of the population currently working remotely and great uncertainty regarding when this situation is going to change, organizations must shift their business operations to support long-term remote working.

deploy multi-factor authentication

According to a recent Gartner survey, the biggest barrier to effective remote work is poor technology and/or infrastructure for remote work.

As organizations work to update their technology and infrastructure to support the ever-growing remote workforce, it’s imperative that security isn’t left on the backburner. With the separation between an individual’s work and private life being blurred between working from home and sheltering in place, it’s essential for organizations to implement its first line of security defense. To help mitigate potential risks, CISOs and IT managers should deploy multi-factor authentication (MFA) to ensure their remote workforce is secure.

Why deploy multi-factor authentication?

Today, 63% of data breaches are linked to weak or reused passwords, which are partly the result of an ineffective strategy used by many organizations: the requirement for employees to frequently change passwords and use special characters.

At the same time, organizations and employees expect less interruption than ever before and immediate access to assets that are needed to complete the job.

The reality is that security is a delicate balancing act. Organizations need to figure out how to establish strong checkpoints that mitigate potential threats while also enabling employee productivity. With most traditional security solutions fall short of this goal, multi-factor authentication provides a frictionless approach. All it requires is a second ID factor that will validate the user’s identity.

With privileged identity abuse being a common cause in most breaches, multi-factor authentication provides the extra layer of protection against potential exposure points. As hackers look to target less tech-savvy users that are new to working at home, multi-factor authentication stops hackers in their tracks. In order to gain access to individuals’ network, cybercriminals must produce the device a user uses to generate their MFA code, which is quite difficult (if not impossible) for most hackers.

In a time where most employees are working on unsecured home and public networks, having multi-factor authentication as an extra safeguard will not only take some burden off the IT team but will also help make employees that aren’t trained in security less susceptible to cybercriminals.

Four questions to consider before adopting a MFA solution

The reason why multi-factor authentication adoption has been slow is that it’s often costly and complex to integrate, so it’s imperative that organizations weigh all options to ensure they align with their employee and business needs. Prior to purchasing, organizations must consider the following factors:

1. How user-friendly is the solution?

With users being the biggest barrier to a solution’s success, it’s imperative that you consider how your employees work throughout the entire process. The key to employees’ openness to the solution is to consider how tokens – the channel in which users identify themselves – are requested and assigned.

By selecting a token that aligns with how employees log in to their email or other daily tasks organizations can ensure a quick and smooth deployment.

2. How will the solution impact administrators?

With administrators being essential to granting access and running daily operations, it’s important to consider how a solution will impact an administrator’s daily role. The two most important elements to consider are ease of use and the availability of the solution.

When looking for a solution many organizations should consider solutions that offer administration through Active Directory User and Computer (ADUC). With ADUC administrators aren’t required to learn a new console which means they won’t have to lead the deployment of new software. It’s also important that the solution offers simplified and quick support to help administrators troubleshoot and resolve any user-related authentication issue that may occur.

3. How does the solution scale and fit in with your current systems?

Once you determine how the solution will impact your employees, it’s time to look at how the solution will align with your current identity software. With an entirely remote workforce, organizations need to know if the solution will be integrated into an existing identity database or if it will be housed in a new database that users will need to be provisioned to.

Since cost and complexity of integration is often an element that holds organizations back from not only a successful integration but users actually using the solution, organizations must look at how it fits in with their other identity solutions. By working with a tool that’s flexible and integrates along with other tools IT teams can be reassured that users are implementing the new security measure into their daily tasks.

4. What is the best token option for your organization?

Not all tokens look or function the same, so you need to consider which types of tokens align best with your business operations. To ensure it’s the correct type of token it’s important to understand the token type and if it’s a hardware or software token. For a software token you should determine if it’s compatible with all operating systems and if it’s SMS, email or web-based.

If you prefer to have a hardware token you’ll want to determine if it’s OATH compliant. As an open standard for authentication OATH ensures interoperability between authentication vendors using standards. Selecting an OATH-compliant solution offers more choices of token devices as well as interoperability with different systems.

With so many employees working remotely, without basic security training organizations are even more vulnerable to cybercriminals. At the end of the day, with most of the workforce working remotely, to deploy multi-factor authentication is no longer a consideration but an essential security protocol.

Do third-party users follow security best practices and policies?

Many organizations across the globe fall short of effectively managing access for third-party users, exposing them to significant vulnerabilities, breaches and other security risks, One Identity reveals. Most organizations grant third-party users access to their network Based on a Dimensional Research-conducted survey of more than 1,000 IT security professionals, the research evaluates organizations’ approaches to identity and access management (IAM) and privileged access management (PAM), including how they apply to third-party users – from vendors … More

The post Do third-party users follow security best practices and policies? appeared first on Help Net Security.