Conditional access minimizes security risks while working remotely
For most organizations, the spread of the coronavirus has impacted the ways of working. Remote work becomes the new normal. While the digital tools are already in place, they are often not utilized to their full extent. With each e-meeting, working remotely becomes more natural, and queuing in the car or waiting at the airport gets less familiar. The employees are adapting quickly to their new working conditions.
Meanwhile, the virus outbreak is challenging the organization with regards to security. Many leaders are concerned about how to protect the organization's data and ensure that processes are followed even in ad-hoc situations like this one.
I often meet with customers who get support from my colleagues in their daily work to secure the right access to the right application and data at the right time based on the right decision. The management of digital identity and digital competences is challenging in itself. In an almost exclusively remote work context, it becomes even more complex.
A secure business in times of lockdowns
Does an employee make an equally wise decision at 22h45 after a day spent with the children and when the first opportunity to sign that contract is outside business hours? Is it secure to invite a group of external users to the management team's Teams interface? Should the order of SEK 10 million have been sent out now or was it a 3-year-old who touched the keyboard?
This is where conditional access comes into the picture as a relief for many worried leaders, security managers and corporate lawyers. Access control has granular permission levels, designed to ensure full control of who can do what based on roles and responsibilities. A digital review process has to be set up and you can adjust the access according to situation. With regards to an authorization assignment the order value might trigger the necessity of a second authentication factor – a one-time password, a fingerprint or an OK from the purchasing manager.
Should the order of SEK 10 million have been sent out now or was it a 3-year-old who touched the keyboard?
Are your business assets safe?
Most organizations are already equipped in terms of technology. No expensive investments in software or solutions are required. The solution is more process related. This implies that some relevant questions need to be asked. Have you identified the most likely risks or mistakes made in a remote work context for your company? Have you evaluated what is most important to protect right now? Especially during these uncertain times, a classification and an identification of your user cases minimizes the risks today and tomorrow, independently of working conditions.
At Enfo there are skilled security and Identity Access Management consultants who have 20 years of expertise in this field. With our experience and best practices, we do not only help in an ongoing crisis that is triggering new ways of working - we can also create value for the organization that is sustainable in the long perspective.
Please feel free to contact me or my colleagues for a free video meeting followed by a proposal tailored to your particular situation.
Thomas Andersson is heading Identity and access management (IAM) at Enfo.