With the coronavirus continuing to wreak havoc to business plans and processes, businesses have no choice but to adjust. At time of writing thousands if not millions of workers work-from-home to avoid contamination. However, this leaves enterprises vulnerable to new challenges and identity security threats specifically coming from remote workforces.
To get more information about the challenges of identity management for the remote workforce, we spoke with Arun Kothanath. Kothanath works as Chief Security Strategist at Clango, an identity and access management advisory firm emphasizing enterprise asset management, software application development, and cybersecurity.
Here’s our conversation:
Identity Management for the Remote Workforce with Arun Kothanath of Clango
Solutions Review: How does identity management on-premises differ from identity management for the remote workforce?
Arun Kothanath: In theory, it shouldn’t be any different. Identity management is essentially managing the lifecycle of an identity, from its creation to its deletion. That said, identity management for remote workforces may place a higher emphasis on integrations with access control technologies such as Authentication, MFA and/or mobility platforms. Each access control technology is closely tied to an identity management system since it will be using the user’s identity and attributes to ensure that the IAM program can grant “the right access to the right person to the right resources” based on the organization’s policies.
SR: How will companies need to adjust their IAM policies and tools to handle the mass work-from-home demand in the wake of the coronavirus? What are the most important tools and capabilities businesses can rely on in this context?
AK: The most critical adjustment that companies will need to make is to ensure their remote access technologies have enough capacity to accommodate the increased volume. They must also ensure that they have adequate failovers and capacity planning activities.
Organizations could also enable self-service features to ensure their employees’ productivity is not impacted by simple tasks such as access or password reset requests. Most IAM systems allow users to request (and managers to approve) access to mission-critical resources. These self-service capabilities typically include automated fulfillment of approved access requests, speeding up the access request process. Without self-service enablement, help desks could be most overwhelmed with the increase in support and access requests.
With the increase in remote work requests, it is easy for identities to accumulate excess privileges. Organizations that work with sensitive data should make provisions to enforce least privilege policies and increase the frequency of internal audits to ensure accounts don’t acquire excess privilege or a toxic combination of privileges. Implementing an on-demand privilege request and approval process will reduce the risk of unnecessary privileges being available to users provided that the organization has roles and policies driven by industry-standard best practices. Don’t underestimate the opportunistic intruder!
SR: What are the biggest risks involved with identity and work from home workforces? What are the most common or perhaps the most dangerous cyberattacks a (temporarily) work from home business can face?
AK: Unnecessary access, intentional or unintentional, can be the biggest risk an enterprise faces when its workforce moves to a remote location. Having a comprehensive IAM program in place to prevent, monitor for and revoke excess privileges from identities will help in reducing organizational risk. It is more difficult to recognize and remediate a malicious insider with excessive access privileges than it is a hacker trying to break in.
SR: How can and should incident response change to accommodate the new business structure?
AK: Incident response teams and systems should be aware of the increased access mechanisms in place to allow remote workers to access corporate assets. Sensitive assets, and accounts that have access rights to them, should be closely monitored to ensure security. Incident response teams should be familiar with the business use of each sensitive asset and should understand how/where bad actors are most likely to try and exploit the asset. Periodic assessments of access patterns and identity behavior should take place, along with automated monitoring, to ensure that no malicious actor can gain access to the business-critical assets.
Thanks to Arun Kothanath of Clango for his time and expertise on this pressing issue. With the coronavirus continuing to hamper business processes, cybersecurity has never been so important. Be sure to check out our Identity Management Buyer’s Guide for more information on solutions and key capabilities.
- Best Identity Management Advice from the First Half of 2021 - August 2, 2021
- Identity Management Lessons from the UC San Diego Health Attack - July 28, 2021
- The Biggest IAM News Items During the First Half of 2021 - July 27, 2021