The business landscape is transforming, along with a workforce that is increasingly modernizing where and how they want to work. Employees expect access to the tools they need anytime, from any device. As a result, IT teams are increasingly challenged to manage remote employees, give out user access, and secure company data. The hardest part is balancing multiple, often competing, priorities of reducing cost, user experience, efficiency, and effectiveness, as well as security.
To take control over the security of your organization, it's important to identify and understand the biggest identity and access management challenges facing IT teams today and how to start addressing them.
1. Managing a Digital Workforce
Now that millennials make up a larger portion of the workforce, the turnover rate has increased. That brings challenges for IT, including more time spent setting up new employees with computers and access to work-essential applications, increased pressure to complete this setup quickly so the employee can focus on valuable work, and the need to securely manage and control access from the start.
This modern workforce is mobile and remote, so employees expect access to their apps and devices from anywhere. IT must find a way to determine who is accessing what data, on which device, on which network. Each new touchpoint opens the door to increased risk, especially those third-party apps not approved or set up by IT, so it's vital that access is securely managed.
2. Balancing Ease of Use and Security
When it comes to managing identity, two elements are at play. IT teams are focused on securing data and protecting the company from a data breach. On the other side, employees want to get their work done quickly and easily. Identity technology must manage each user identity in a way that meets these requirements of both ease of use and security. Any added tools and processes just add complexity to employees' workday, which affects productivity, while reduced security opens the business up to risk of breaches and insider threats.
Ease of use is particularly important and is even driving key business decisions — if a product doesn't meet an end user's standards, it won’t be used.
3. Prioritizing Passwords
Account lockouts, forced password resets, and regular password rotation can only lead to frustration. They're also expensive and pull IT and employee resources away from day-to-day responsibilities. Recent research we sponsored found that, on average, IT teams spend four hours per week on password management-related issues alone and receive 96 password-related requests per month. In addition to the resource drain, this often results in employees resorting to poor practices such as password reuse, documenting passwords in a spreadsheet or note on a phone, and emailing or sharing passwords. Each weak or shared password presents a risk to the company; it can result in a data breach and loss of company data.
4. Addressing Gaps in Technology
As more employees bring new tools into the workplace, IT can get left out of the loop on critical applications that entire teams may use to manage company data. This on top of juggling numerous approved tools and apps — including legacy, on-premises, cloud and mobile apps — makes it difficult for IT to know which are in use within the business, leaving them unable to protect the company data within.
Having the right tools in place enables IT to set up a more holistic security system and maintain that system going forward. Recent research shows that rather than investing in piecemeal solutions, 93% of IT professionals agree that bringing the various aspects of identity and access management under one solution would greatly benefit the overall security of the organization.
5. Determining the Costs of Applications and Services
When budgets and employee resources are tight, justifying the investment for additional security tools isn't always easy. IT teams feel pressure to find the most cost-effective solution that optimizes both user experience and security, without utilizing too many resources.
Not investing in security really isn’t an option, given that costs to a business could be even greater. The average total cost of a data breach in the United States last year was nearly $8 million, and 82% of IT professionals in our recent survey said their business was exposed to a risk as a result of poor identity and access management practices, including loss of employee data (36%), loss of customer data (33%), and financial losses (26%), to name a few.
Take Control of Your Organization's Security
To manage identity in your organization, first identify what success looks like and set goals. Having goals means you can present them to stakeholders to ensure you're all on the same page. Next, look at the systems in use at your company; are they cloud, homegrown, on-premises? Determine which ones you're committed to keeping versus those you want to replace. Once your goals and parameters are set, you need a team with a stake in success — this includes both leadership buy-in and employees from across departments who can test the solution for ease of use. While these five challenges exist, with the right solution in place, managing access and increasing security is simple.
- The State of IT Operations and Cybersecurity Operations
- 9 Things That Don't Worry You Today (But Should)
- Better Behavior, Better Biometrics?
- Ignore the Insider Threat at Your Peril
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "You Gotta Reach 'Em to Teach 'Em.