The business landscape is transforming, and the remote work trend is becoming a norm. The employees are accessing corporate resources from mobile devices, hosted in cloud. This means securing your network with firewalls is not enough and risks of user’s identity being compromised are increasing each day.
Another challenge is too many passwords and often users have same password to access multiple applications. The weak user credentials are biggest threat to identity, and it is the major cause of identity infringements. The organizations are normally lacking a comprehensive digital identity strategy for their remote workforce.
Many organizations are hiring resources per project basis rather than full time employees and this brings challenges of establishing new identities for new staff and ensure that access is revoked for departing employees. IT is under immense pressure from business leaders to determine who is accessing what data, on which device, on which network. Each new touchpoint opens the door to increased risk, especially those third-party apps not approved or set up by IT, so it's vital that access is securely managed. It has never been more so important to implement end to end identity strategy for digital workspace.
To access hosted applications from the cloud in digital workspace, the organizations need to implement a robust identity strategy that can span across multiple platforms. BMZ security team has deep expertise in identity solutions. We recommend starting with basic steps such as implementing MFA (multi factor authentication) for users and enabling SSO (Single Sign-On) to get rid of passwords. We propose to build a Zero Trust strategy as it assumes breach in every scenario considering they were from an open network – even in the case of typically trusted devices. This model ensures that all user access is thoroughly assessed and authenticated providing business with a secure perimeter than a traditional firewall. Zero Trust model examines not only the identity of the user, but also the type and health of their device, the properties and reputation of the network they’re connecting from, the app they’re using, and the sensitivity of the data they’re trying to access.
We recommend implement strong governance strategy from the beginning to make it easier to assign automatically the right access to the right people for a specified period of time and revoking once role, and location is changed.