What you need to know about ‘Identity-first Security’: vendor consolidation
by Eric Tocatlian
Today’s Axiad blog will continue our analysis of Gartner’s Smarter With Gartner, “Gartner Top Security and Risk Trends” April 2021, suggested several risks and trends of cybersecurity which are going to be crucial for an enterprise culture ‘turned inside out’ by the last year.
One aspect that resonated with us at Axiad is that enterprises must approach security from an ‘identity-first’ perspective. Gartner says:
“Identity-first security has been considered the gold standard for a while, but because many organizations remained in more traditional setups, it wasn’t a focus. Now that the pandemic has pushed organizations to be fully (or mostly) remote, this trend has become vital to address. The result of these technical and culture shifts is that ‘identity first security’ now represents the way all information workers will function, regardless of whether they are remote or office-bound.”
Gartner’s right on the money: The work from home and anywhere movement has made identity-first security an issue that the global business community needs to rally around. But how?
There are several complex and overlapping issues surrounding identity that need to be addressed, which is why we’re launching our “Identity-First Security Blog Series.” Our goal is to present the keys to understanding why identity-first security should be considered the ‘gold standard’ that paves the way for organizations to take on an identity-first security posture.
The first hurdle: multiple credential providers
In this first post let’s consider the complexity associated with the vendor stack which many organizations have built for themselves. To take an identity-first approach, large organizations need to engage with several authentication vendors in their product or digital security suite, to meet a variety of use cases: building access, on-prem and cloud applications, mobile devices, emails, VPNs, and workstations all require authentication. All of these machines, processes, or applications require various credentials issued, as no single method of authentication can meet every necessary use case.
These credentials are often managed in silos, with little to no integration between their solutions. They each have their own accounts, platforms, and management process that users and IT teams need to learn. When employees have multiple credentials to gain access to their various devices and applications, they often forget credentials, lose them, or struggle to manage their various life cycles. This is also a struggle for the IT team to keep track of, especially when it comes to onboarding and offboarding employees.
These credential issues lead to over 40% of users’ help desk calls. This is a problem not just for the helpdesk and IT teams, but for the whole organization: When the help desk is busy it leaves employees locked out of their systems and unable to get on with their tasks. It can be challenging to strike the right balance between security and usability – while multiple credentials are currently essential to protect the workforce – particularly in the distributed, hybrid environment most enterprises are currently operating in, users still need to be able to operate effectively.
What’s more, they need to be able to operate securely: A recent Axiad survey showed that access control policies which defined how users were able to engage with their credentials – password managers, MFA ,and mobile device management, to name but a few – were driving users to find workarounds in their security systems. This compromises their organization’s security policies and leaves them vulnerable to cyberattacks.
The solution: vendor consolidation
Gartner believes that in 2021 and beyond organizations must search for solutions that help their employees simplify their authentication experience. To maintain employee satisfaction and productivity, companies need to make this a priority. By implementing solutions that accelerate credential issuance and management across a dispersed workforce, businesses will be able to streamline their credential management. Consolidating multiple credentials into one management platform will reduce users’ time-consuming IT problems and is an important step in achieving a powerful employee experience by providing one experience for all their credentials.
This is not always easy, and Gartner themselves have highlighted that managing these credentials from a centralized platform comes with its own unique set of challenges. If the platform doesn’t support all the credentials a business requires then it won’t be a valuable investment, and IT leaders need to take into account that they may need to deploy additional credentials later on. If their platform doesn’t support these potential future credentials as well, it will not be effective.
Therefore, you need to choose credential management tools that are future-proof. Such solutions will be able to offer the technology to support the move towards vendor consolidation and a unified platform for credentials. Platforms like our SMARTidentity solution can also provide technical and professional guidance and support to help you to practically empower these technologies and shrink your vendor stack.
Keep an eye on the Axiad blog in the next few weeks for publication of the next in our ‘identity-first security series’, we’re looking forward to sharing our insights.
About the Author
Eric is the Chief Revenue Officer at Axiad.