Working from home is now the new norm. What does this mean for identity and access management (IAM) pros?
Remote working during the pandemic has changed the workforce game. According to a Gartner survey of HR leaders from 130 companies in December 2020, 90% plan to let employees work remotely even after COVID-19 vaccine is available. In a poll conducted by Harris in May, 2021, forty percent of Americans prefer to work from home full-time, compared with 35% who seek a home-office hybrid and 25% who want to go back to the office full-time.
Having just attended the virtual 2021 Gartner IAM Conference in March, enabling a hybrid office/remote workforce means a lot of identity and access logistical work to ensure security and compliance – what we at NetIQ call Cyber Resilience.
This year, at the virtual Gartner Identity & Access Management Summit 2021, attendees got the latest advice on identity and access technologies and strategies, from multifactor authentication (MFA) and identity governance and administration (IGA) to privileged access management (PAM) and cloud IAM. The conference featured 50 sessions by Gartner and guest experts to equip attendees with the skills needed to drive their organization’s IAM strategy forward.
Here’s a breakdown of these three trends:
Identity Governance and Administration
Of note was NetIQ’s Patrick Gookin’s presentation about the road to autonomous IAM, which is a combination of artificial intelligence, machine learning, and automation capabilities used to transform how organizations approach IAM. A similar version of his presentation can be found in the Road to Autonomous IAM webinar.
According to Patrick, by eliminating the need for human involvement in processes and workflow, organizations can improve security, achieve better compliance results, and reduce the burden IAM imposes on business users and administrators. These time-saving technique can help organizations:
- Improve security and compliance with advanced analytics and automation
- Enable better decision making
- Dramatically reduce or eliminate onerous access certification and approval processes
- Detect anomalous behaviour and respond immediately
- Automate role and policy management and maintenance
- Proactively address identity lifecycle changes
- Automatically discover new access and entitlements in real-time
Patrick’s recommendation is to look for specific IAM capabilities which provide immediate meaningful impact to your organization, his parting words on your road to autonomous IAM, “Enjoy the scenery! It’s a journey not just a destination.”
Privileged Access Management
Another big trend covered at Gartner IAM was privileged access management. This is no surprise given the latest breaches we’ve experienced as an industry, including the latest Colonial Pipeline breach, and the Solar Winds breach.
According to Gartner analyst, Felix Gaehtgens, privileged account management is critical for organizations because it helps organizations
Comply with regulations
- Protect the business by reducing our attack surface
- Enable the business to run faster
His advice to achieve this is:
- Discover where privilege exists in our environments
- Secure privileged accounts
- Eliminate hard-coded/cleartext credentials
- Implement MFA
- Gain visibility into privileged usage
- Implement least-privileged model
- Enable automation
NetIQ privileged account management solutions leverage automation to enable data-driven analytics, continuous authentication and authorization, real-time response and remediation, and predictive modelling. These capabilities save our customers time while also helping customers protect the business. We have a great webinar, What’s new in Privileged Account Manager 4.0, that explains the latest NetIQ privileged account management features.
Increasingly, companies are looking for new ways to leverage their digital assets to expand their business into more efficient models of integration and collaboration. As this trend continues to accelerate, CIOs and IT staffs need to adopt new types of security models to protect their digital offerings. This is because each new microservice is rolled out with its own set of APIs, introducing new attack points into the organization. Attack points expose potential unauthorized access to resources that often contain the organization’s most valued or sensitive information.
- - Leverage your existing IAM infrastructure to control authentication to gain access to APIs
- - Protect against sophisticated attacks that hardened APIs are not designed to resist
- - Track API access at a broader level that provides analysis and insight not available through traditional tools
- - Prevent API level DDOS attacks
This new approach to API security is important because the broad adoption of microservices is exposing sensitive information in ways and on a scale not seen before. And as the adoption of microservices become pervasive, the volume of sensitive data placed as risk will reach unprecedented levels. These new configurations often make web application firewalls irrelevant, which is why multifactor authentication plays a huge role in helping your organization remain secure.
According to Gartner, authentication is everything when it comes to security, control and user experience. At NetIQ, we are working diligently to help our customers understand and ensure the API security of microservices so our customers can move faster with less risk.
The biggest take away from the conference was that remote working, along with different variations of a hybrid office, is here to stay for 2021 and beyond. Therefore, strong cyber-resilient Identity and Access Management is a must for enterprises large and small. If you attended the 2021 Gartner IAM Summit, what insight and knowledge did you get from your experience? Add a comment below.
NetIQ provides security solutions that help organizations with workforce and consumer identity and access management at enterprise-scale. By providing secure access, effective governance, scalable automation, and actionable insight, NetIQ customers can achieve greater confidence in their IT security posture across cloud, mobile, and data platforms.
NetIQ is part of CyberRes, a Micro Focus line of business.