gosphotodesign - Fotolia

CISOs more confident in identity practice after pandemic shock

Identity practice and management has become a critical element of cyber security strategies to support remote workers

CISOs and other cyber security professionals say they are increasingly confident in their identity policies and practices as a result of the changes made to support cloud-enabled remote working during the Covid-19 pandemic, according to a report.

The study, Identity governance and administration for the new computing normal, conducted by Dimensional Research on behalf of One Identity, found that security teams have put increased priority on access request, identity and access lifecycle management, identity process and workflow, and role management technologies in the past seven months. Just under a third of 1,216 respondents said that Covid-19 was directly behind this.

“This research makes it evident that cloud computing has been a lifesaver for many enterprises as IT teams pivoted and supported the massive shift to working away from offices,” said Darrell Long, president and general manager at One Identity.

“While we knew the pandemic-driven changes were sudden, what was particularly notable was how strongly the results proved that organisations had to turn their focus on the immediate challenges presented by the aggressive move to cloud computing, chiefly finding solutions that streamlined administering and securing who has access to what and how.”

The process of transitioning to Covid-safe working was not, however, without its challenges. At the onset of the pandemic, the most significant impact on identity management practitioners was reported to be rapid changes causing challenges in Active Directory and Azure Active Directory environments, cited by 37%. Other issues included budget constraints due to the sudden downturn, cited by 34%, and not being equipped to deal with the volume and scope of changes to user profiles, cited by 30%.

Others reported that their cloud strategy was unable to support the rapid change, and there were also problems arising from failure to equip a remote access programme for administrators as well as failure to implement multi-factor authentication.

The work put in since has led to a general feeling of confidence among those surveyed. Asked how confidence in the effectiveness of the organisation’s identity management programme has changed after Covid-19, 49% said they were a little more confident and 17% much more confident. Asked how confidence in the security and management of privileged accounts in the organisation has changed, 42% said they were a little more confident and 18% much more confident. Confidence tended to be higher among those who had increased the priority of identity and access management (IAM) tasks.

Read more about IAM

  • The rapidly changing business, regulatory and IT environment makes IAM a tough nut to crack for large multinationals.
  • IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise.
  • Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organisation.

However, despite this, there may still be roadblocks ahead, reported One Identity. Asked how prepared the organisation was to roll back account changes when users return to an office environment, only 45% said they were fully prepared, while 9% said they would find out when they actually do it.

“We now know the truth: the Covid-19 pandemic did not change the need to be productive, nor did it change the regulatory compliance requirements companies face, but clearly IT and security teams scrambled to shift their systems to accommodate work from home in a secure and controlled way,” said Long.

“Companies and organisations were helped to an extent by cloud investments that prepared them pre-Covid. However, most of them are still dealing with new challenges as employees adapt, IT and security teams effectively respond to the challenge of providing effective processes for gaining access to the resources needed for the workforce to do their jobs, and security challenges associated with this new working environment.”

Read more on Identity and access management products

Data Center
Data Management