“Do you know who I am?”
Remember the early days of Identity and Access Management (IAM), when you knew who was accessing your network at all times? The pandemic has stressed this security model to a point that is damaging productivity. Due to remote work arrangements, Virtual Private Networks (VPNs) are becoming unexpectedly overloaded, forcing some companies to relax their security requirements in the interest of productivity.
With what certainty can we know that the people accessing our systems are who they say they are? Can you differentiate between user activity and device activity? Are role-based systems no longer valid? Not necessarily, however the role must also be combined with differentiating attributes of a particular user to offer a better context into whether that login is trustworthy.
Since remote working devices are often shared in a household, the device “posture” also becomes an important indicator of who is using the system. Newer technologies that use Artificial Intelligence (AI) can recognize differing usage patterns, and protect a system by using dynamic, risk-based, access controls. These technologies can also reduce an organization’s attack surface. For many years, we have discussed the challenges of the “expanding perimeter.” Does the cloud offer any advantages to overcome this new identity challenge?
Finally, the practice of zero trust is a strong factor in all of these scenarios, however, is zero trust the new future-proof way to guarantee security? The adaptability of a zero trust approach may certainly make this so.
Listen to this episode of the Thales Security Session podcast, Do You Know Who I Am, The Digital Identity Challenge, where our host Neira Jones and I are joined by distinguished guest Sundaram Lakshmanan, CTO of CipherCloud. Our shared perspectives on the shifting context of IAM will demystify the unique challenges that have emerged as a result of the new fully remote workforce.