IAM solutions make it harder for bad actors to impersonate legitimate employees, and for employees to gain access to off-limits information. The solutions often include features such as multifactor authentication, which requires users to prove they are legitimate by mandating another form of ID, such as a texted code, and single sign-on, which authenticates users for multiple applications through one complex password.
The solutions themselves are becoming easier to integrate into an organization’s infrastructure, whether based on a physical network, the cloud or a combination of both, Ryan says.
To authenticate employees all over the world, the fast-growing FinancialForce uses Cisco’s Duo Security layered atop the Google G Suite directory service. When users log on, their identities are authenticated immediately, and they are provided with access to as many as 40 applications.
Duo also makes it easy for the IT staff to modify access on the fly.
“Duo works well in the cloud,” says Hall. “If someone loses a laptop, we can very quickly protect ourselves because we can shut down access from that laptop. I can even access the Duo portal from my phone on the weekend if someone needs help.”
Find the Balance Between Simplicity and Security
“It causes a lot of frustration for users to have to remember many passwords, especially if they are complex, so most people will overcome this frustration by coming up with a simple password they can use across all of their applications,” explains Vasu Avadhanula, vice president of business intelligence, platform and engineering for Susan G. Komen.
At the same time, says Avadhanula, “some applications, especially some of our legacy apps, don’t natively support strong passwords. The use of simple passwords combined with a lack of a robust password rotation policy by a few applications makes it easy for hackers to breach the system.”
Single sign-on helps administrators solve that problem: “With SSO, we can enforce strong passwords and deploy strict rotation policies on all the connected apps. Users have the benefit of remembering a single password to access most of our applications,” he says.
As the director of IT infrastructure at American Public Media, which operates 49 radio stations and produces programs that reach 19 million listeners every week, Brad Rosenberger must ensure that about 800 employees have access to the applications they need, whether they’re logging in from a Mac, Windows or a mobile device.
The company uses Azure Active Directory for MFA and SSO, both of which are offered through Microsoft’s cloud services. Rosenberger knows that identity and access management is a critical component of his security solution, especially for a radio network that needs 100 percent uptime.
“Staff are more intimately involved in security than they often realize. They are the last line of defense,” he says. MFA makes individual attacks such as phishing very difficult to accomplish. “It has drastically reduced the number of phishing attacks that are successful.”
Forrester’s Ryan estimates that about 60 percent of businesses still use a password-centric approach to network access, supported with only basic, SMS-based two-factor authentication. But that’s down from 70 percent before the pandemic.
Companies that have adopted layered authentication solutions now have more options than ever.