Nov 20 2020

Identity and Access Management Puts Companies in Control of Their Networks

Advanced solutions allow businesses to know who’s seeking access to the network — and control what they do there.

When the COVID-19 pandemic sent workforces home in the spring, many businesses struggled to adapt. At FinancialForce, however, the experience was “completely seamless,” says Richard Hall, senior director of IT.

“We literally made no changes,” says Hall. “Everyone took their laptops, went home and carried on working globally. The only thing we’ve had to deal with is more people knocking coffee onto their computers. Nothing to do with IT infrastructure.”

One vital key to this simplicity: ­identity and access management (IAM) technology, which the company, a provider of business finance solutions with headquarters in San Francisco and offices across Europe, uses to ensure that those seeking network access are who they say they are.

Chief security officers and other corporate IT leaders need to know exactly who is on their networks and what applications they’re accessing. In this era of remote work, that awareness has never been more critical, experts say, because virtually no one is using the supposedly trusted office Wi-Fi.

For that reason, “the adoption of identity and access management tools has accelerated,” says Sean Ryan, a senior analyst at Forrester serving security and risk professionals.

IAM solutions make it harder for bad actors to impersonate legitimate employees, and for employees to gain access to off-limits information. The solutions often include features such as multifactor authentication, which requires users to prove they are legitimate by mandating another form of ID, such as a texted code, and single sign-on, which authenticates users for multiple applications through one complex password.

The solutions themselves are becoming easier to integrate into an organization’s infrastructure, whether based on a physical network, the cloud or a combination of both, Ryan says.

To authenticate employees all over the world, the fast-growing FinancialForce uses Cisco’s Duo Security layered atop the Google G Suite directory service. When users log on, their identities are authenticated immediately, and they are provided with access to as many as 40 applications.

Duo also makes it easy for the IT staff to modify access on the fly.

“Duo works well in the cloud,” says Hall. “If someone loses a laptop, we can very quickly protect ourselves because we can shut down access from that laptop. I can even access the Duo portal from my phone on the weekend if someone needs help.”

Find the Balance Between Simplicity and Security

At the Susan G. Komen organization, employees use only one complex password to access most of their applications via a OneLogin portal.

“It causes a lot of frustration for users to have to remember many passwords, especially if they are complex, so most people will overcome this frustration by coming up with a simple password they can use across all of their applications,” explains Vasu Avadhanula, vice president of business intelligence, platform and engineering for Susan G. Komen.

MORE FROM BIZTECH: How collaboration solutions have excelled during unprecedented times.

At the same time, says Avadhanula, “some applications, especially some of our legacy apps, don’t natively support strong passwords. The use of simple passwords combined with a lack of a robust password rotation policy by a few applications makes it easy for hackers to breach the system.”

Single sign-on helps administrators solve that problem: “With SSO, we can enforce strong passwords and deploy strict rotation policies on all the connected apps. Users have the benefit of remembering a single password to access most of our applications,” he says.

As the director of IT infrastructure at American Public Media, which operates 49 radio stations and produces programs that reach 19 million listeners every week, Brad Rosenberger must ensure that about 800 employees have access to the applications they need, whether they’re logging in from a Mac, Windows or a mobile device.

The company uses Azure Active Directory for MFA and SSO, both of which are offered through Microsoft’s cloud services. Rosenberger knows that identity and access management is a critical component of his security solution, especially for a radio network that needs 100 percent uptime.

“Staff are more intimately involved in security than they often realize. They are the last line of defense,” he says. MFA makes individual attacks such as phishing very difficult to accomplish. “It has drastically reduced the number of phishing attacks that are successful.”

Forrester’s Ryan estimates that about 60 percent of businesses still use a password-centric approach to network access, supported with only basic, SMS-based two-factor authentication. But that’s down from 70 percent before the pandemic.

Companies that have adopted layered authentication solutions now have more options than ever.

58%

The percentage of IT leaders who prefer to deploy identity access management solutions on-premises.

Source: Deloitte, The Future of Cyber Survey 2019, March 2019

Advanced IAM tools available right now involve application-based MFA or biometrics, such as Microsoft Windows Hello. Others provide a means for users to receive a QR code or an image to authenticate using their smartphones in combination with their computers.

Still other tools monitor behavior — looking for bad IP addresses, off-hours access or strange locations — to block high-risk access or alert IT teams.

“The ideal state is to get companies into passwordless authentication, moving passwords to a backup position and replacing them altogether where possible,” Ryan says. “It’s a multiyear journey for large organizations, but I have spoken with a few that have already achieved this state.”

Make the Right Connections Secure

IAM also helps companies manage the finer points of authentication and access. Ally Financial, an online-only bank, adopted Okta in 2018, introducing it to auto dealerships, with whom it does much of its business, and its own employees, contractors and suppliers. The system ensures that anyone logging on to its network gains access only to specific, role-based applications and data for which that user is authorized.

When the pandemic struck the United States in March, forcing businesses to close and office workers ­nationwide to work from home, Ally was glad that it had rolled out Okta to internal staff.

Tim Watson, Ally’s ­director of i­nfrastructure architecture, says the bank’s workforce IAM solutions “were absolutely key in facilitating a secure and seamless transition to ­working from home.” 

Illustration by LJ Davids