Ask anyone how they are, and you will probably get the default response: “Fine.” Ask again and you will get a more truthful response. This could be anything from how things are going well, through grumbling around sports results, or more serious statements about pressure and mental health. Getting that real response is essential if you are going to make a difference in the future.
For those of us involved in security and access management, pressure is almost a default state. Managing risk and preventing theft or data loss involves being right all the time, minimising the windows of opportunity for attackers, and keeping users productive. The last year has involved supporting remote work, managing access and identities, and keeping things working when faced with restrictions and problems on a daily basis.
According to research, managing remote workers has been the biggest challenge to IT teams since the start of the pandemic. The impact of this is high, too - nearly two-thirds (66.3 percent) of IT professionals agree that they feel overwhelmed by trying to manage remote work. Of those surveyed, 55.9 percent plan to spend more on security during the next twelve months. At the same time, more than half (55.7 percent) of IT professionals feel like they are spending too much to secure and enable remote work, and (61.6 percent) believe that their company pays far more for tooling to manage users’ identities and devices than they need (or use). Looking ahead, fingerprint readers could be used as part of user authentication to grant logical and physical access
So what can we learn from these findings? The first thing is that the hybrid workspace is here to stay, and these trends aren’t going away as we emerge from the pandemic. Managing access - whether it is to cloud assets, on-premise, or to accounts on remote devices - will therefore be important in the future.
The second is that improving the impact of any spend around identity should be on the roadmap for any business, but particularly at smaller companies. Implementing multi-factor authentication (MFA) is one step that everyone should take as it prevents unauthorised access to devices, applications and data. Alongside this, companies can look at how to integrate authentication into their wider working processes through risk-based conditional access and expanding mobile authentication factors. For example, many smartphones today have fingerprint readers included, and these readers can unlock devices and authorise purchases. Looking ahead, those fingerprint readers could be used as part of user authentication to grant logical and physical access, based on integrating those devices into the wider authentication and access control strategy.
For many SMBs, the cost to manage access can be high when it involves implementing a traditional directory to control who has access to what. These directories involve hardware and software assets that are costly to run, so cloud-based services can offer a better approach. By removing the hardware side, and by cutting the software cost, more small businesses can improve their approach to identity and access management. Supporting a hybrid world of a physical office and remote access will put more emphasis on identity management
Alongside the cost, getting people with the right skills is essential. For example, the ISC2 has estimated that there are around 3.12 million open roles for IT security professionals worldwide. Similarly, according to research by the London School of Economics, the amount of training available is reducing with expenditure per trainee falling by 17 percent. With so many open roles unfilled - and with lower budgets to train them - simplifying the overall process around access control and security is a must. This makes life easier for IT admins that are in place, and helps to free up time.
The good news is that budgets have gone up for many IT admins - nearly three-quarters (74.8 percent) of small companies’ IT budgets increased during 2020, and nearly half (49.6 percent) increased by at least 10 percent. While this increase in spending was not matched by higher wages, it seems as though the majority of IT admins have actually seen their satisfaction levels increase.
What can we take away from all this? Firstly, the importance of feeling like you are making a difference to your organisation is critical. As companies moved everything online and had to support remote working, the IT admin had to step up. Secondly, supporting a hybrid world of physical office and remote access will put more emphasis on identity management. This environment is one that all companies will have to embrace, even as the world looks to get back to normal. And it will be one that we can all make more than just “fine.” Instead, we can make this hybrid environment more secure and more productive for everyone.