What is identity friction in your enterprise infrastructure? How can you reduce identity friction?
Enterprise identity management and access and cybersecurity face a truly challenging dilemma.
On the one hand, no enterprise can deny the importance of identity management and cybersecurity. Every day, new headlines arrive on enterprise data breaches, especially those concerning unauthorized access.
On the other hand, cybersecurity and identity management possesses a reputation for creating friction or unpleasant user experiences. In fact, identity friction can prove so overwhelming employees may create workarounds for your solutions, putting your enterprise at risk.
So how can you balance cybersecurity and the user experience? How can your enterprise reduce identity friction among employees and other users? And why do you want to do this?
We answer these questions and more below.
What is Identity Friction?
Imagine for a moment security checkpoints in the real world. Airports provide an excellent example.
Obviously, it doesn’t present a picture of convenience. Usually, you have to present your credentials (often multiple times to multiple officials). At airports, you also have to submit to body scans, bag checks, and conversations with customs. Additionally, while in the airport, you are most likely under continual surveillance by both guards and security cameras.
Now imagine how people typically feel going through the airport. Even if they understand why they have to go through these procedures, they don’t enjoy it. In other words, they experience friction.
Analog friction like that experienced at airports typically seems annoying but necessary. However digital friction, especially identity friction, don’t receive the same benefit of the doubt. Identity friction refers to an obstacle to logins or access requests—the explicit barriers to entry for users.
Also, identity friction can result from changes in the permissions users’ have on their accounts. Onboarding, offboarding, and permissions transitions can take time and resources to enact, which creates friction.
What complicates identity friction is that it is just as necessary as analog security…but it creates far more resistance. Often, employees respond to friction by embracing bad cybersecurity practices (reusing passwords or sharing passwords as two examples). Otherwise, they may create workarounds to bypass the identity management solution, which puts your enterprise in incredible risk.
What Are Some Examples of Identity Friction?
Identity friction can result from any number of native identity and access management processes. For example, any manual processes still in use in your identity management solution inevitably create friction. If you still manage permissions via a spreadsheet, your identity management won’t perform optimally—especially as it scales.
Additionally, your enterprise may experience friction due to legacy automation capabilities which require ongoing maintenance. In fact, any procedure requiring maintenance on a recurring basis creates impediments to logins and access requests.
As stated above, onboarding, offboarding, and transitions can all create friction. Onboarding involves bringing new employees and users into the infrastructure and offboarding involves removing said users.
However, much of identity friction stems from the regular capabilities of legacy identity and access management solutions. Processes such as legacy two-factor authentication, multiple login requirements, and decentralized policies all create impediments.
So what can your enterprise do?
What Can Reduce Identity Friction?
First, you need to deploy automated identity lifecycle management on all of the accounts in your network. This helps to ensure proper onboarding and offboarding with minimal interference and thus minimal impediment.
For offboarding, reducing friction proves especially important; the longer invalid credentials remain privileged on your network, the more likely it becomes that hackers exploit it. In fact, failure to offboard without friction can lead to orphaned accounts later on. So automation here counts as a friction reducer.
As part of the onboarding process, you can reduce friction by utilizing identity governance and administration. With a next-generation solution, you can carefully delegate what privileges and permissions belong to what roles within your organization. Therefore, you can bring in new employees with their needed permissions already in place for their specific job title. And thus, identity governance can reduce friction in the long-term.
Additionally, your enterprise needs to consider deploying single sign-on or identity federation. While both differ in precise execution, users often experience the same benefits; they can use a single login to access most of their work processes and databases while remaining within the identity management solution. Obviously, this reduces impediments created by continually asking for credentials for every application and databases.
Yet the most important way to reduce friction may surprise you…
How Multifactor Authentication Can Help
Yes, even in comparison to two-factor authentication or password-only authentication, multifactor authentication balances the user experience and security best.
What enterprises often forget about multifactor authentication is that users rarely see many of the factors when they log in. Examples of these quiet authentication factors include geofencing (checking that the user isn’t logging in from a different country unexpectedly) and the time of the login request.
In the end, the user logs in with a password and/or biometric factor and possibly a hard token, and never notices the extensive security running under the surface. Combined with single sign-on, the user enjoys both a smooth login and heightened identity security.
In fact, using step-up authentication can also help ensure a smooth experience while reducing identity friction. This only activates if the user requests access to more sensitive databases, thus only enacting more factors as the risk increases.
What are the Benefits of Limiting Friction?
Some identity experts dismiss the need for a smooth user experience concerning identity security. However, evidence suggestions the smoother the user experience increases the likelihood of user cybersecurity buy-in.
We can’t overstate how important buy-in can be in cybersecurity. Surprisingly, your users and employees often dictate much of your identity security success through their actions. If they work with the solutions, the latter becomes stronger. If they don’t, it becomes so much weaker.
Additionally, taking the steps to reduce identity friction often means fewer overall costs and a less burdened IT security team. That’s a strong argument all on its own.
To reduce identity friction in your enterprise, you need a next-generation identity management solution. To learn more about finding the right one for you, why not check out our Buyer’s Guide? We cover the top solutions in the market and their key capabilities!
Latest posts by Ben Canner (see all)
- What are The Key IDaaS Capabilities for Enterprises? - October 16, 2019
- What are “Pass the Hash” Attacks? How Can Your Enterprise Prevent Them? - October 16, 2019
- What’s Changed: 2019 Gartner Magic Quadrant for Identity Governance and Administration (IGA) - October 14, 2019