Covid and Identity Management

Covid and Identity Management

COVID-19 changed the business world forever. Back in March 2020, few of us imagined that the crisis would last more than six months. At this point, it is time to apply agile thinking to adjust identity and access management practices to respond to the current situation.

Ways COVID-19 Has Changed The Identity and Access Management Context

At first glance, a pandemic does not directly impact technology. However, there are a variety of indirect effects that are valuable to understand.

First, COVID-19 has increased remote work arrangements at many companies. As a result, companies have invested in VPN security to a far greater degree than ever before. Remote work also puts more pressure on identity and access management. Why? In a traditional office environment, you have physical security safeguards like locked doors, key cards and security guards. In remote work, such protections are less meaningful. That means you need to invest further effort in these protections.

Second, COVID-19 has increased economic disruption. Unemployment rates have increased in the United States and other countries. Higher levels of unemployment may encourage higher levels of criminally motivated hacking activity. Therefore, organizations need to invest more resources to keep up with these changes.

Third, COVID-19 has accelerated the transition to the digital economy. Think of the hiring spree Amazon has embraced in 2020 to keep up with record levels of demand. Consider the millions of new subscribers Netflix has added this year. Smaller companies, especially retailers, have emphasized online sales and delivery systems to a greater degree. This shift in consumer behavior means that digital fulfillment systems, including sensitive payment data, now represent a tempting target to threat actors. One way to keep those assets safe from attack lies in boosting your identity and access management protections.

Choose Your Identity Adventure: Thriving In The COVID-19 Age And Beyond

The increasing emphasis on digital business is excellent for convenience. Yet these digital ways of working increase your security burden. Use this process and self-assessment process to find opportunities to tighten your IT security.

1. Assess your company’s identity management situation and environment

Use these questions to locate the most critical threats to your identity and access management program.

●    How common is remote work in your company? What security protections have been provided to them?

●    How has COVID-19 directly and indirectly impacted the organization? Consider both direct impacts like infections and indirect impacts such as the requirement to spend more on cleaning and crowd control.

●    What percentage of your business depends on e-commerce and online orders?

●    Have you updated your IT security objectives since March 2020? If not, your goals probably need to be updated to reflect current conditions.

●    How many employee and contractor changes have you seen this year? When people join and depart the organization, critical identity management processes need to be completed.

●    How reliant is your company on manual identity management processes? A high degree of reliance on manual procedures (e.g., tracking changes in a spreadsheet) increases disruption risk.

●    Has the organization suffered any audit or government investigations or penalties associated with privacy or security? If so, find out if better identity management could contribute to improvement.

After answering these questions yourself, seek out views from other people in the organization. Based on the information you gather, you will be better placed to respond to the COVID-19 environment.

2. Rank Order Your High-Risk Identity and Access Concerns And Possible Solutions

Now that you have gathered data about how COVID-19 has impacted the organization let’s develop your action plan. For purposes of illustration, consider the following three examples along with potential solutions.

Examples of High-Risk Concerns and Solutions

●    VPN Security protection coverage is inconsistent. This security protection occasionally impacts your identity and access. Possible solutions include upgrading your VPN and using multi-factor authentication. In this way, multi-factor authentication makes it more difficult for hackers to access your systems.

●    Increased employee turnover. Earlier in the year, your company closed three locations and had to eliminate one hundred positions. The closure was rushed, and managers did not have time to take care of the usual offboarding activities. A solution here could be a one time IT security project to clean up inactive user accounts.

●    Increased use of cloud software. As remote work increased, your company may have bought and installed multiple cloud software tools. They are helping with productivity. Yet, the IT security assessment has not been completed. The possible solutions to this problem include installing a single sign-on software solution and improving employee cloud security training.

Not that you have some ideas about possible solutions, let’s find out about software possibilities. It is essential to emphasize software solutions because they are more consistent and able to scale up across multiple departments.

3. Find Opportunities For Identity and Access Software and Automation

Building a sustainable program for identity management, in the long run, means taking more software. Without software in place, it is tough to achieve identity management consistency. For example, using Group Requestor means you can create user accounts quickly based on job roles rather than setting up each one individually. With this approach, your IT security operations team will have more capacity for other tasks, like assessing emerging security risks.

Software also helps your front-line employees manage more of their identity and access needs. For example, your remote working staff may be using a more flexible working schedule, like occasionally working in the evening. By using Apollo, your staff can request their password resets whenever they need them.

By emphasizing software automation and self-serve capabilities, your identity program will become more sustainable.

4. Commit To Continuous Improvement On A Regular Schedule

The ongoing impact of COVID-19 on identity management is still unfolding. Unfortunately, it is not possible to solve every problem in advance. That’s why we recommend establishing a continuous improvement habit to assess COVID-19 impacts and improve your security.

Each month, set aside 30 minutes to consider the following topics. What is the direct and indirect impact of COVID-19 on your company, employees and customers? What security options do we have to mitigate those threats? Once you have the answers, prioritize one or two changes to protect your organization in the coming months.

Written by Nelson Cicchitto