Don’t start planning to return to the office anytime soon. Work from home is here for the foreseeable future. Amazon, Google, and Twitter are among several companies that have already announced they will remain remote through 2021, due to pandemic concerns. Security professionals now face the prospect that Securing the Anywhere Workforce is a long-term, possibly permanent challenge.
It may seem that a return to the physical office is the easy answer to getting the organization back to an acceptable risk level. However, healthcare and government leaders are concerned over the pace of COVID-19 infections. Remote work is here to stay, but how do you run a workable security model when the traditional network perimeter no longer matters?
Jaime Lewis-Gross, Saviynt’s Director of Solution Strategy, discussed this exact topic in a webinar designed for security professionals and organizations. As a veteran Identity & Access Management consultant with 15+ years of IAM professional services and product experience Jaime has helped Fortune 1000 companies to architect identity governance and cloud security solutions.
From Jaime’s perspective, organizations struggling can overcome today’s security challenges in several ways. She shared key points about how security professionals and organizations enabling identity security in the dynamic cloud gain increased visibility and frictionless access which, in turn, increased business value. Securing critical data in the cloud, helps organizations provide continuous compliance while empowering employees’ collaboration and productivity.
Add Your Heading Text Here
When discussing privileged access, Jamie explained the risks of insider threats and compromised legitimate credentials. Many organizational breaches start with the misappropriation of privileged access or account theft. Mapping credential theft and account misuse back to some of the largest breaches in the last few years, she drew strong parallels between how organizations handle their privileged credentials and the very real cost of a breach. She offered a strong case for how organizations should move away from standing privileged access and instead consider Role or ID-based access that is time-bound and well monitored to gain control and visibility into how privileged access is utilized.
The term ‘non-employees’ is a broad category of users from third-party vendors to temporary contractors. These individuals may come and go within the organization, sometimes even providing services to different departments and groups. It is not uncommon for these individuals to terminate with their site business, and the termination information goes unreported. Managing access and rights for these individuals is quite challenging and commonly results in orphaned or abandoned accounts persisting that no longer require access. According to Jamie, these situations can be avoided. Leveraging time-limited permissions and periodic reviews can prevent these accounts from being a long term risk.
Application in the Cloud
Compliance in the cloud is a frequently overlooked topic. Just ask Jaime. Organizations are very familiar with monitoring and managing on-premise assets and have mechanisms to make sure that happens. Cloud and cloud-based SaaS applications use different rules and interfaces for monitoring and are often overlooked when organizations prepare for compliance frameworks. Jaime emphasized the importance of an appropriate interface that includes cloud applications and implements effective monitoring, and threat detection to achieve continuous compliance for all applications, regardless of platform or service provider.
Jamie addresses many business concerns crucial for surviving in an evolving world with a suddenly remote workforce. Key takeaways include answering many pressing questions for today’s organizations:
- Supporting frictionless access demands
- Enabling identity security throughout the dynamic cloud universe, your offerings, and your services
- Quickly gaining visibility into access being granted to critical data and your assets
- Driving and maintaining continuous compliance anywhere for anyone and anything
If you didn’t have the chance to attend, we invite you to view this on-demand session at your convenience. Because now more than ever, it’s vital to move at the speed of business.