informa

Identity and Access Management: Looking Ahead to 2021

As the pandemic continues, having an IAM strategy in place will become paramount for organizations to thrive in the remote work world. Here's what is on the horizon for IAM in 2021.

As 2020 draws to a close and we look ahead to a new start in 2021, many people will be celebrating the end of an unprecedented year. From the sudden transition to remote work and on to the risks associated with an increased cybersecurity attack surface, the security industry has been faced with challenges and circumstances like never before.

After such an atypical year, what new challenges and developments will 2021 bring? Looking ahead, identity and access management (IAM) will continue to become an even more important part of the cybersecurity sphere. With the continuation of remote work, advances in biometrics, and a renewed focus on security as a priority, here's what is on the horizon for 2021.

Remote Work Is Here to Stay
One thing we know for sure: Remote work is here to stay through 2021. Companies have adjusted to working from home throughout 2020, and many have already indicated that their return to the office won't come until the latter half of 2021. At LogMeIn, we've moved to a permanent remote-centric model giving teams more flexibility in how and where they work.

But the transition to remote work wasn't, and still isn't, smooth sailing for all businesses across the globe. Companies that were relying on software-as-a-service solutions had fewer issues making the transition to remote work than companies that were still heavily reliant on VPN-based solutions. As many employees logged on from home for the first time, cybersecurity teams had to scramble to suddenly secure a fully remote workforce. And IT managers are still figuring out how to best protect corporate resources in an environment that is no longer surrounded by a traditional security perimeter.  

In the past, many IT teams relied on perimeter-based security models and leveraged firewalls to protect their company networks and employees from cyberthreats. However, as employees shifted to working remotely and are accessing applications through various devices in various locations, IT managers have instead focused on securing the identity of the user rather than the physical perimeter. In the remote and hybrid work world, identity is the new security perimeter for IT.

Looking ahead to 2021, prioritizing putting an IAM program in place will become even more paramount for companies and organizations that want to thrive in the remote-hybrid work world. The focus on identity is here to stay, and in 2021 companies will need to implement a more robust IAM strategy with solutions such as single sign-on (SSO), password management, and multifactor authentication (MFA) to keep remote employees and company networks secure.

Continued Rollout of Biometric, Passwordless Authentication
The use of biometric authentication for local devices, such as fingerprints and face IDs, is nothing new — almost everyone's mobile phone has these capabilities today. Recent research from LastPass shows that an overwhelming 92% of IT teams believe that further passwordless authentication is in their organization's future. While a passwordless approach isn't a replacement for passwords, it is a complement to them — and more importantly, a critical security improvement. The multitude of passwords needed to get work done these days can be frustrating for employees, and research from LastPass shows that 85% of IT managers agree their organization should reduce the number of passwords their employees use on a daily basis.

In 2021, organizations will need to continue the adoption of passwordless and biometric authentication technologies as they look to give employees a secure way to connect to devices, networks, and applications while also limiting the number of passwords employees must remember. This will also give IT teams peace of mind around securing employees' identity.

As more organizations invest in and adopt biometric authentication solutions, more discussions will need to take place around the privacy and collection of this extremely sensitive data. It is vital that everyone understand that biometric authenticators and markers can't be simply reset like a password. Organizations must take the proper steps to ensure biometric data is not stored in a centralized database, where it could be surveilled, and instead ensure the technology is built on a local-only encryption model.

Security: An Everyday Reality
With companies adjusting to a remote workforce and facing an ever-expanding cybersecurity attack surface, this year has seen the start of a renewed shift in attitude toward security and privacy. Cybersecurity has been brought to the forefront, becoming more important than ever, and has been increasingly integrated into everyday, critical business decisions.

In 2021, this focus on security will become even more prevalent as organizations look to establish a strong remote security culture. Whether through new products or training, IT leaders will be looking to bring a stronger security focus into their employees' everyday lives. If it hasn't already, cybersecurity will become part of employees' daily workflow.  

Looking Ahead to 2021
As the pandemic continues into the new year and businesses continue to operate remotely, the adoption of IAM solutions like SSO, MFA, and passwordless authentication will also continue, helping to ensure organizations survive and thrive in this new normal. Ultimately, these solutions that centralize IT oversight of access points and regulate additional layers of security will help protect organizations through 2021. 

Visit LastPass.com to learn more about how to get started putting an IAM strategy in place.

 

About the Author
Gerald Beuchelt is the Chief Information Security Officer at LogMeIn, makers of password and identity management solution LastPass. He is responsible for the company's overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.