JumpCloud - Experts & Thought Leaders

JumpCloud Inc. released the results of its Q3 2024 SME IT Trends Report, “Detours Ahead: How IT Navigates an Evolving World.” The seventh edition of the report provides new insights around the challenges and opportunities facing IT teams at small and medium-sized enterprises (SMEs). It covers topics such as: The growing threat of shadow IT and AI How teams manage complicated device and IT environments The relationship between IT and managed service providers (MSPs) IT professionals' biggest fears and wants  Top of the latest challenges JumpCloud commissions this survey twice a year to stay on top of the latest challenges, trends, and experiences of IT professionals. This edition surveyed IT teams from the U.S. and the U.K. JumpCloud tasks this survey twice a year to stay on top of the latest challenges, trends “IT teams are dealing with many obstacles. They face uncertainty about economic conditions and elections. There are growing security threats, complex tech stacks, and device varieties. Despite this and more, IT admins are resilient and resourceful,” said Greg Keller, co-founder and chief technology officer. “What’s keeping them up at night is what they can’t see — 84% of IT admins worry about shadow IT. To help combat the security holes shadow IT creates, IT needs to deploy tools to help spot rogue apps. This will give IT teams the control and visibility they need to keep organisations safe.” Below are select findings from the report. For the full report, download “Detours Ahead: How IT Navigates an Evolving World.”  The rise of shadow IT and the need for admin control Shadow IT creates security holes. It also creates compliance violations, data loss risk, and fragmented, inefficient IT. As cloud applications increase and AI use grows, IT teams want to mitigate risks by identifying and managing unauthorised apps and resources. Centralising IT empowers admins to enforce security policies. They could also enforce access controls and data governance across their whole IT system. Lack of visibility and control are creating substantial concerns. Eighty-four percent of SMEs are concerned about applications managed outside of IT (i.e., shadow IT), with 35% reporting they're very concerned. When asked what has prevented them from addressing shadow IT, 36% say they have more important priorities. Thirty-one percent say their business users move too fast to keep up with their needs. Thirty-two percent say they don't have the ability to discover all the applications used by employees. Twenty-nine percent say they lack partnership and communication with business partners, and 24% say they don't have a SaaS management or asset management solution to manage shadow IT.  SMEs experiencing a steady stream of cyberattacks. Nearly half (45%) of SMEs have been the victim of a cybersecurity attack in the first half of 2024. Of those, 28% experienced two attacks, 17% experienced three, and 5% suffered three or more. The most common source for cyberattacks was phishing (43%), followed by shadow IT (37%), stolen or lost credentials (33%), and a breach in a partner's organisation (30%). IT admins are struggling to keep organisations safe. Forty-nine percent of IT teams say that despite their best efforts, their organisation lacks the resources and staffing to secure the organisation against cybersecurity threats.  Managing a mixed environment in uncertain times Flexibility and support are key for organisations with global employees using a variety of different devices. Admins expect to continue supporting such variety. But, without the ability to centrally manage devices, organisations face security risks. These come from workers’ abysmal security practices or unauthorised devices accessing company resources.  SMEs continue to support a diverse device environment. The average SME allows their employees to use a variety of devices. The average device landscape is made up of 24% macOS devices (up from 22% in Q1 2024), 18% Linux devices (down from 22%), and 63% Windows devices (up from 60%).  Such a variety of devices and a growing number of digital identities has admins continuing their plea for a centralised IT. Eighty-four percent of IT teams prefer a single platform to manage user identity, access, and security over many best-in-class point solutions. Too many credentials are causing chaos. Nearly half of IT admins (45%) require five to 10 tools to manage the worker lifecycle, and over a quarter (28%) need 11 applications or more. This is because of dilemmas like legacy systems and complicated integrations. Only 26% of employees can access all their IT resources with just one to two passwords. Nearly 17% have to manage 10 or more. Keeping up with security Security continues to be the number one challenge facing IT teams as cyberattacks increase in both frequency and sophistication. IT teams have worked hard to prepare their organisations to withstand the threats by staying on top of best practices and tools. But it's a lack of visibility, control, and easy management of employees and their devices that continues to vex them. Security fears dominate. Sixty percent of SMEs consider security the biggest IT challenge, followed distantly by new service and application rollouts (42%), the cost of solutions necessary to enable remote work (40.8%), and device management (39%). The four biggest security concerns are network attacks (40%), followed by software vulnerability exploits (31%), ransomware (31%), and shadow IT (29%).  The threat is rising, as are worries about security budget cuts. Half (50%) of IT teams report being more concerned about their organisation's security posture than they were six months ago, down slightly from the 56% who said the same in Q1 2024. Seventy-one percent say any cuts to their security budget would increase organisational risk.  SMEs still need to securely manage passwords. While the industry pushes for passwordless authentication, 95% of respondents use passwords to secure at least some IT resources. Making more out of the MSP relationship The steadfast relationship between managed service providers (MSPs) and SMEs continues. While MSPs are seen as delivering better security, productivity, and cost savings, there are also signs that SMEs are starting to expect more from their MSP partners.  MSPs are a critical tool for SMEs and investment is expected to increase. Seventy-six percent of SMEs rely on an MSP for at least some functions, the same as the 76% who reported so in Q1 2024. Over the next 12 months, 67% of SMEs say they'll increase their MSP investment.  While MSPs drive cost savings, SMEs report improvements in security and efficiency as the biggest return. When asked about the results of working with an MSP, 56% said MSPs led to better security. Fifty-seven percent said MSPs increased their effectiveness at managing IT, and 37% said they saved money for their organisation. Not all IT teams are eager to work with MSPs. For the 24% who don't use an MSP, nearly half say it's because they prefer to handle IT themselves (47%), and 39% say it's because MSPs are too expensive. To be successful, MSPs should keep an eye on security, costs, scale, and customer experience. For all SMEs, including those that use MSPs, 39% have concerns about how MSPs manage security. The main reason SMEs stopped working with an MSP was cost (28%). Next, they outgrew the MSP's service offerings (26%), moved IT internal (24%), or had a bad customer service or sales team experience (23%). Balancing the unexpected and unknown of AI  IT teams hope that AI can streamline operations and are actively preparing to integrate AI into operations. At the same time, admins are also concerned about AI’s impact on security and unsure about how AI may impact their jobs.  IT teams have a varied response to AI. When asked how their opinion changed in the last six months about how AI will impact their job, 22% say the impact of AI is much lower than they thought. Thirty-four percent say the potential impact of AI is the same but it's moving slower than they thought it would. Twenty-one percent say their opinion hasn't changed, and 23% say they feel the impact of AI is even greater than they thought it would be.  AI fears remain while IT teams work to adopt it responsibly. Sixty-one percent agree that AI is outpacing their organisation's ability to protect against threats. Over one-third of IT admins (35%) say they're worried about AI's impact on their job. This is down from the 45% who said the same in Q1 2024.  Unified open directory platform JumpCloud delivers a unified open directory platform that makes it easy to securely manage identities Thousands of organisations worldwide rely on JumpCloud to fulfil their commitments and tackle the most pressing technology challenges, regardless of the uncertainties they face. JumpCloud delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across the organisation.  With JumpCloud, IT admins grant users secure, frictionless access to the resources they need to do their job, and manage their entire fleet of Windows, macOS, Linux, iOS, and Android devices from a single console. JumpCloud is IT Simplified. If they want to find to how JumpCloud can help them get to the destination that matters most to the organisation, visit the website or get in touch with the global sales team.   Methodology JumpCloud surveyed 612 IT decision-makers in the U.K. and U.S., including managers, directors, vice presidents, and executives. Each survey respondent represented an organisation with 2,500 or fewer employees across a variety of industries. The online survey was conducted by Propeller Insights, from June 4, 2024 to June 7, 2024. The findings from the JumpCloud Q3 2024 SME IT Trends Report can be found in “Detours Ahead: How IT Navigates an Evolving World.”

JumpCloud announced the findings from its recent survey, “2021 Impact of COVID-19 on SMEs.” With global changes in the workplace due to COVID-19 and the Delta variant, small and medium-sized enterprises are continuing to adjust their workplace models. The survey results detail the impact of the Delta variant of COVID-19 on SMEs, how SMEs are making adjustments to the workplace, and what the future of the SME workplace might look like. JumpCloud’s 2021 Impact of COVID-19 on SMEs survey represents more than 500 decision-makers from small and mid-sized organisations in both the U.S. and the U.K. Multi-factor authentication for advanced security  “SMEs continue to exhibit great resourcefulness, flexibility, and initiative in responding to the pandemic and the Delta variant,” said Rajat Bhargava, CEO of JumpCloud. JumpCloud announced one-touch push multi-factor authentication for small IT teams to adopt advanced security policies “As an SME ourselves, we know the current conditions are extremely fluid, and like the majority of respondents, we had to rethink and delay our office return and hybrid workplace options.” “While SMEs grapple with how and where employees will work, we are rapidly expanding functionality delivered through the JumpCloud platform with new security like our recently announced one-touch push multi-factor authentication that makes it easier and more cost-effective for small IT teams to adopt advanced security policies.” Key findings below include total responses and U.K. responses. Difference by geography, size of company, industry Businesses in the U.S. South are least likely to mandate vaccines: Whereas 67.9% of U.S. companies in the survey are taking steps regarding mandating vaccinations for employees, in Southern states (AL, AR, FL, GA, KY, LA, MS, NC, SC, TN, TX, WV) the number drops to 56.1%. K. is split: 72.8% of companies in Greater London are taking steps to mandate vaccinations, whereas only 44.9% in the rest of the U.K. are. Geographic vaccination outliers: U.S. Northeastern states (CT, ME, MA, NH, NJ, NY, PA, RI, VT) are most likely to be taking steps for vaccination (82%), and areas of the U.K. outside of London are the least likely (44.9%). COVID-19 Delta variant impact – U.S. and U.K. Rethinking return to the office: 52.8% of respondents are currently rethinking the plan to return to the office. An additional 15.9% have already delayed their “work in the office” start date. Delta is delaying the return to offices and SMEs are staying flexible: Of those who have delayed a return to the office, 30% of respondents are delaying a return to the office until September; 16.3% are delaying until October; 18.8% are delaying until November or later; and 35% don’t yet have a firm timeline. Policies changing for returning to the office given the resurgence of COVID-19 cases: For those who have made changes to their return-to-work plans, this includes requiring social distancing in the workplace (59.2%); limiting the number of people in the workspace at one time (57.4%); requiring masks or PPE (54.3%); upgrading air filters or HVAC equipment (43.8%), and altering the workplace with physical dividers (41.9%). Permanent changes: 70% of SMEs will be offering a work-from-home option indefinitely. Employees mostly comfortable with company decisions: When asked if they agree with their company’s decision whether or not to go back into the office, 80.5% answered yes (44% agreed that there is no reason to delay in-office work because of COVID-19, and 36.5% agreed because they were working from home). For the 19.5% that did not agree, 9.8% reported they disagreed because there is “nothing to worry about,” and 9.8% reported they disagreed because they felt things are being rushed. Vaccines in the SME workplace Mandating vaccines: 62.7% of SMEs have taken steps to mandate vaccination for employees. Incentives for vaccines: More than half of those mandating vaccinations (55.6%) will offer special incentives to encourage vaccination. Of those, 73.7% of respondents offer paid time off work to get a vaccine, 53.7% offer a holiday with proof of vaccination, and 59.4% offer cash or cash equivalent compensation. Differences in general COVID-19 responses at SMEs: 14.1% report they never left the office, 18.7% still work remotely, 36.9% are back in the office, and 30.3% are working in a hybrid environment.  COVID-19 Delta variant impact – U.K. Only  Rethinking return to the office: 53.2% of respondents are currently rethinking the plan to return to the office. An additional 14.8% have already delayed the “work in the office” start date. Delta is delaying return to the office: Of those who have delayed a return to the office, 32.4% of respondents are delaying a return to the office until September; 10.8% delaying until October; 18.9% delaying until November or later; and 37.8% don’t yet have a firm timeline. Policies changing for returning to the office given the resurgence of COVID-19 cases in the U.K.: For those who have made changes to their return-to-work plans, this includes requiring social distancing in the workspace (61.7%); limiting the number of people in the workspace at one time (60.2%); requiring masks or PPE (47.4%); upgrading air filters or HVAC equipment (48.9%); and altering the workspace with physical dividers (45.1%). Permanent changes: 71% of U.K. SMEs will be offering a work from home option indefinitely. Employees mostly comfortable with U.K. company decisions: When asked if they agree with their company’s decision whether or not to go back into the office, 77% answered yes (41.2% agreed that there is no reason to delay in-office work because of COVID-19, and 35.6% agreed because they were working from home). Of the 23% that did not agree, 10% reported they disagreed because there is “nothing to worry about,” and 13% reported they disagreed because they felt things are being rushed. Vaccines in the SME workplace Mandating vaccines: 57.6% of U.K. SMEs have taken steps regarding mandating vaccination for employees. K. incentives for vaccines: More than half of those mandating vaccinations (56.9%) will offer special incentives to encourage vaccination in the U.K. Of those, 75.6% of respondents offer paid time off work to get a vaccine, 57.3% offer a holiday with proof of vaccination, and 52.4% offer cash or cash equivalent compensation. Differences in general COVID-19 response at U.K. SMEs: 9.2% report they never left the office, 19.6% still work remotely, 39.6% are back in the office, and 31.6% are working in a hybrid environment. Survey methodology JumpCloud surveyed 502 SME decision-makers in the U.S. and U.K., including managers, directors, vice presidents, C-level executives, and owners. Each survey respondent represented an organisation with 2,500 or fewer employees across 32 different industries. The survey was conducted via Propeller Insights, August 9 - August 18.

JumpCloud announced JumpCloud Protect™, a one-touch multi-factor authentication (MFA) solution that makes it easy for IT admins to deploy and enforce MFA without adversely impacting end users. Available for iOS and Android devices, JumpCloud Protect enables simple and efficient “touch to verify” functionality for employees when accessing corporate IT resources authenticated by the JumpCloud Directory Platform.  Mobile MFA app JumpCloud Protect is a fully featured mobile MFA app that allows employees authenticating into protected apps and resources to verify themselves directly from their corporate-issued or BYOD mobile device.  JumpCloud Protect: Installs on both iOS and Android devices Simple “one-touch” accept or deny functionality to verify identity when accessing IT resources  Alternate Time-based One-time Password (TOTP) token-generation capabilities for any JumpCloud authenticated resources or users’ personal online accounts requiring second-factor verification. Simplest verification solution “Our IT team is challenged with several requirements. Making employees happy and productive, reducing the total cost of equipping them with the right IT tools, and ensuring we are keeping the company secure while people are remote is our new normal,” said Randy Tanenhaus, IT Manager at ClassPass. “I like JumpCloud’s direction. JumpCloud Protect means we can give our employees the simplest verification solution on the market. Without disrupting their work, we really know it’s them. Further, I have been able to think about other critical priorities versus evaluating, buying, and integrating a 2FA solution into our identity strategy.” Identity and security in one place JumpCloud Protect will reduce the cost of maintaining a separate MFA solution “At Employee Zero, we’ve been implementing JumpCloud solutions for our clients for the past six years,” said James Martin, director at Employee Zero, an IT consultancy and managed service provider. “In that time, we have seen so many exciting advancements in features and value-adds to the platform. JumpCloud Protect is a major leap forward in keeping identity and security in one easy-to-manage place for both the end-user and for us as IT support. JumpCloud Protect will reduce the cost of maintaining a separate MFA solution for our clients whilst making things more streamlined.” JumpCloud Protect benefits In addition to its extensive feature set, JumpCloud Protect provides several benefits for customers of JumpCloud at any package level, and the employees and IT and security teams that manage access and security controls at these companies: Secure all endpoints: JumpCloud Protect will extend beyond the JumpCloud user portal and cloud applications, to also protect on-premise applications, Mac, Windows, and Linux desktops, VPN and wireless networks, and servers. Reduce IT cost: JumpCloud Protect is included with all packages at no extra cost. This includes any customers of the JumpCloud Free package.  Vendor consolidation: Admins will no longer have to manage third-party MFA or authenticator apps and save on their associated licensing and integration costs. JumpCloud Protect is natively combined with the JumpCloud Directory Platform. Integrated with JumpCloud’s Conditional Access “step-up” authentication policies: For customers of JumpCloud’s Platform Plus package, JumpCloud Protect adds an extra layer of security by providing an integrated MFA solution with the package’s Conditional Access Policies, triggering verification of an identity based upon a variety of parameters, such as device trust, location, network trust, and application-specific step-up challenges.  Ease of use: Standard MFA methods are often viewed as cumbersome for end-users such as the insertion of six-digit token numbers into authentication fields or combined with passwords. JumpCloud Protect provides a one-touch authentication method to provide employee convenience when challenged with verifying their identity. Easy-to-use solution “Most organisations struggle to find the balance of appropriate security levels and convenience for employees. Security and IT teams are looking for solutions that eliminate friction, without incurring additional costs in integration time, effort, and vendor management,” said Greg Keller, CTO at JumpCloud. “JumpCloud Protect gives IT and security teams a path to protection without irritating users or overcomplicating their infrastructure. Mobile push MFA is an easy-to-understand and easy-to-use solution for employees and simplifies IT and SecOps who can rely upon the same vendor they use for their identity and device management solutions with tightly integrated MFA solutions.” Domainless enterprise For IT admins with limited resources, the JumpCloud Directory Platform puts simple user management JumpCloud is redefining the directory to enable the domainless enterprise, where admins can secure every user and device from the cloud, without any legacy on-premise infrastructure or networking required. The announcement of JumpCloud Protect follows the recent Zero-Touch Enrollment release, which streamlines device and onboarding for organisations. Secure, and cost-effective user management The company just won the 2021 Cutting Edge in SMB Cybersecurity Global InfoSec award, was named one of America’s Best Startup Employers 2021 by Forbes, and named a finalist for the EdTech Awards in the Networking, Information Technology (IT), Connectivity, or Access Solution category. G2 acknowledged JumpCloud across several categories for Best Software of 2021, and nearly 700 IT admins have rated JumpCloud as a market leader in Cloud Directory Service Software, Privileged Access Management, Identity and Access Management (IAM), Single Sign-On (SSO) Software, User Provisioning, and Governance Tools. For IT admins with limited resources, the JumpCloud Directory Platform puts simple, secure, and cost-effective user management within reach by consolidating identity across any and all IT resources without the complexity of other enterprise solutions.  Availability JumpCloud Protect is currently in an early access evaluation period with select customers and will launch in late Q2.

For the past few years, security professionals have had to change the way that they go about protecting their organisations. From challenging old assumptions around access control through to implementing more access management and authentication policies, security has been at the heart of how companies have responded to the pandemic. The journey to more modern security processes that could support more flexible working was a rapid one. Remote work programmes have bedded in, based on how IT security teams have implemented better identity and access control. Identity and access control According to our research, the use of biometrics for authentication has doubled. In 2022, 55.9 percent of systems administrators say that biometrics have been implemented in their companies, compared to only 22.3 percent of admins that said their company used biometrics in 2021. Around 18 percent use SSO for their collaboration tools, while only 12.5 percent are not using SSO Similarly, single sign-on (SSO) has increased in popularity with 33.9 percent of companies using SSO across their entire organisation and 35.6 percent using SSO for a limited number of apps or devices. Around 18 percent use SSO for their collaboration tools, while only 12.5 percent are not using SSO. The change in a year has been huge - in 2021, only 20.4 percent of companies were using SSO. Remote work programmes These changes were essential in order to make remote work, well, work. Without the ability to control access and be sure that someone is who they say they are, remote work programmes can’t succeed. However, while these initiatives have succeeded so far, security management problems still exist. According to the Verizon Data Breach Investigations Report for 2022, there were more than 23,000 incidents and 5.000 data breaches at companies, showing the sheer scale of security problems that we are up against as an industry. While we have come far on the security journey, we can’t say that we are out of the woods yet. Security is the highest priority Security teams have gone through a lot of changes in how they make everything work According to 59.4 percent of systems administrators, security is now back as the number one challenge for them. Balancing security and user experience is critical too - no user wants to work with services that are cumbersome or intrusive, as it gets in the way of them being productive. Many employees can easily find alternative employment too, so implementing any security and access control processes that get in the way or hamper people in their work can easily lead to losing staff. Based on these trends, security teams have gone through a lot of changes in how they make everything work. The issue now is not so much making remote work possible, but instead how to make this process simpler and more efficient both for the user and for the security team responsible for everything. Users want secure frictionless access and authentication to all their IT resources. Maintaining effective security In the rush to get everything ready for remote work, companies invested in tools and products to fix the gaps that they had. For example, 38.2 percent of teams use three or more tools to manage their IT security. This worked at the time. However, the technology sector is famous for never standing still. All those tools have evolved and added to their services. This leads to more overlaps and redundancy in functionality, where the same overall goal can be achieved multiple ways. 38.2 percent of teams use three or more tools to manage their IT security In practice, this means that security teams can be paying more than they need to in order to maintain effective security. To respond to this, teams can look at how they consolidate their tools and remove anything that is a duplicate. This should help the security team to reduce their spend, but also help to streamline the overall process to manage access and security over time. Security and consolidation This kind of cost saving is important as it can help IT teams get ahead of any problems due to the current macroeconomic situation taking place. Supply chain delays, employment pressure and inflation can all affect businesses, and this will affect IT budgets and goals. For 26.2 percent of IT teams, recession planning is already taking place, while 57.4 percent consider recession planning a good idea. Only 5.1 percent of IT teams say inflation does not worry them. This consolidation exercise can provide an opportunity to look at the whole process around security and access, and what employees have to do in their work to keep secure. Auditing this can show up potential problems around how people work, but it can also flag where there are opportunities to improve the experience for users too. Providing easier access Biometric access can be used for logging into devices or physical access to buildings For example, biometric access can be used for logging into devices or physical access to buildings. This implementation can be extended to provide easier access to other services and single sign-on to applications. This joined-up approach can make biometric authentication more useful in how people work, rather than solely about protecting devices. Similarly, any tools that you have in place may be able to help your team improve their processes. For example, patching software is one of the biggest tasks that IT teams have to manage. Automating this area is a goal that all teams want to achieve, but the work is hard and - to be blunt - boring. Security can help here, as it will already have to know all the assets that the company has. Effective security processes This can be extended to cover more device management around areas like patching the software. By consolidating your approach, you can achieve more goals at the same time. All the work that security teams have put into managing access has helped their companies expand their possibilities for work. However, the economic situation means that there is more pressure than ever on how companies function. Helping employees across the company to work more effectively from wherever they are is critical for the future. This requires effective security processes to be in place that can identify and authenticate users, making them more efficient in their processes. Without this ability to make security easy and transparent for users, we will still have far to go in our mission.

As we enter into 2022, there is still a level of uncertainty in place. It’s unclear what the future holds, as companies around the world still contend with the COVID-19 pandemic. Remote working has been encouraged by most organisations and the move to a hybrid working system has become ‘business as usual’, for the majority of businesses. Some have reduced their office space or done away with their locations altogether. Following best security practices With all this change in place, there are problems to deal with. According to research, 32.7% of IT admins say they are concerned about employees using unsecured networks to carry out that work. Alongside this, 74% of IT admins thought that remote work makes it harder for employees to follow best security practices. This need to manage security around remote work is no longer temporary. Instead, companies have to build permanent strategies around remote work and security. The coming year will also create a different landscape for small and mid-sized businesses (SMBs). Here are some key predictions for next year and what to start preparing for in 2022: The reality of SMB spending around security will hit home SMBs had to undertake significant investments to adapt to remote working SMBs had to undertake significant investments to adapt to remote working, especially in comparison to their size. They had to undertake significant digital transformation projects that made it possible to deliver services remotely, during the COVID-19 pandemic. We’ve seen a shift in mindset for these companies, which are now more tech-focused in their approach to problem solving. According to our research, 45% of SMBs plan to increase their spending towards IT services in 2022. Around half of all organisations think their IT budgets are adequate for their needs, while 14.5% of those surveyed believe they will need more, to cover all that needs to be done. Identity management spending to support remote work For others, the COVID-19 pandemic led to over-spending, just to get ahead of things and they will spend in 2022, looking at what they should keep and what they can reduce their spending on. Areas like identity management will stay in place, as companies struggle to support remote work and security, without this in place. However, on-premise IT spending will be reduced or cut, as those solutions are not relevant for the new work model. Services that rely on on-premise IT will be cut or replaced. The device will lead the way for security We rely on our phones to work and to communicate. In 2022, they will become central to how we manage access, to all our assets and locations, IT and physical. When employees can use company devices and their own phones for work, security is more difficult. IT teams have to ensure that they’re prepared for this, by making sure that these devices can be trusted. Wide use of digital certificates and strong MFA factors Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication There are multiple ways that companies can achieve this, for example - By using digital certificates to identify company devices as trusted, an agent, or strong MFA factors, like a FIDO security key or mobile push authentication. Whichever approach you choose, this can prevent unauthorised access to IT assets and applications, and these same devices can be used for authentication into physical locations too. Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication. Understanding human behaviour Alongside this, it is important to understand human behaviour. Anything that introduces an extra step for authentication can lead to employees taking workarounds. To stop this, it is important to put an employee education process in place, in order to emphasize on the importance of security. The next step is to think about adopting passwordless security, to further reduce friction and increase adoption. Lastly, as devices become the starting point for security and trust, remote device management will be needed too. More companies will need to manage devices remotely, from wiping an asset remotely if it gets lost or stolen, through to de-provisioning users easily and removing their access rights, when they leave the company. Identity will be a layer cake Zero Trust approaches to security Identity management relies on being able to trust that someone is who they say they are. Zero Trust approaches to security can support this effectively, particularly when aligned with least privilege access models. In order to turn theory into practical easy-to-deploy steps, companies need to use contextual access, as part of their identity management strategy. This involves looking at the context that employees will work in and putting together the right management approach for those circumstances. For typical employee behaviour, using two factor authentication might be enough to help them work, without security getting in the way. How enterprises manage, access and store identity data There will also be a shift in how enterprises manage, access, and store that identity data over time For areas where security is more important, additional security policies can be put over the top, to ensure that only the right people have access. A step-up in authentication can be added, based on the sensitivity of resources or risk-based adaptive authentication policies might be needed. There will also be a shift in how enterprises manage, access, and store that identity data over time, so that it aligns more closely with those use cases. Identity management critical to secure assets in 2022 There are bigger conversations taking place around digital identity for citizenship, as more services move online as well. Any moves that take place in this arena will affect how businesses think about their identity management processes too, encouraging them to look at their requirements in more detail. Overall, 2022 will be the year when identity will be critical to how companies keep their assets secure and their employees productive. With employees working remotely and businesses becoming decentralised, identity strategies will have to take the same approach. This will put the emphasis on strong identity management as the starting point for all security planning.

Ask anyone how they are, and you will probably get the default response: “Fine.” Ask again and you will get a more truthful response. This could be anything from how things are going well, through grumbling around sports results, or more serious statements about pressure and mental health. Getting that real response is essential if you are going to make a difference in the future. For those of us involved in security and access management, pressure is almost a default state. Managing risk and preventing theft or data loss involves being right all the time, minimising the windows of opportunity for attackers, and keeping users productive. The last year has involved supporting remote work, managing access and identities, and keeping things working when faced with restrictions and problems on a daily basis. According to research, managing remote workers has been the biggest challenge to IT teams since the start of the pandemic. The impact of this is high, too - nearly two-thirds (66.3 percent) of IT professionals agree that they feel overwhelmed by trying to manage remote work. Of those surveyed, 55.9 percent plan to spend more on security during the next twelve months. At the same time, more than half (55.7 percent) of IT professionals feel like they are spending too much to secure and enable remote work, and (61.6 percent) believe that their company pays far more for tooling to manage users’ identities and devices than they need (or use).  Looking ahead, fingerprint readers could be used as part of user authentication to grant logical and physical access So what can we learn from these findings? The first thing is that the hybrid workspace is here to stay, and these trends aren’t going away as we emerge from the pandemic. Managing access - whether it is to cloud assets, on-premise, or to accounts on remote devices - will therefore be important in the future. The second is that improving the impact of any spend around identity should be on the roadmap for any business, but particularly at smaller companies. Implementing multi-factor authentication (MFA) is one step that everyone should take as it prevents unauthorised access to devices, applications and data. Alongside this, companies can look at how to integrate authentication into their wider working processes through risk-based conditional access and expanding mobile authentication factors. For example, many smartphones today have fingerprint readers included, and these readers can unlock devices and authorise purchases. Looking ahead, those fingerprint readers could be used as part of user authentication to grant logical and physical access, based on integrating those devices into the wider authentication and access control strategy. For many SMBs, the cost to manage access can be high when it involves implementing a traditional directory to control who has access to what. These directories involve hardware and software assets that are costly to run, so cloud-based services can offer a better approach. By removing the hardware side, and by cutting the software cost, more small businesses can improve their approach to identity and access management. Supporting a hybrid world of a physical office and remote access will put more emphasis on identity management Alongside the cost, getting people with the right skills is essential. For example, the ISC2 has estimated that there are around 3.12 million open roles for IT security professionals worldwide. Similarly, according to research by the London School of Economics, the amount of training available is reducing with expenditure per trainee falling by 17 percent. With so many open roles unfilled - and with lower budgets to train them - simplifying the overall process around access control and security is a must. This makes life easier for IT admins that are in place, and helps to free up time. The good news is that budgets have gone up for many IT admins - nearly three-quarters (74.8 percent) of small companies’ IT budgets increased during 2020, and nearly half (49.6 percent) increased by at least 10 percent. While this increase in spending was not matched by higher wages, it seems as though the majority of IT admins have actually seen their satisfaction levels increase. What can we take away from all this? Firstly, the importance of feeling like you are making a difference to your organisation is critical. As companies moved everything online and had to support remote working, the IT admin had to step up. Secondly, supporting a hybrid world of physical office and remote access will put more emphasis on identity management. This environment is one that all companies will have to embrace, even as the world looks to get back to normal. And it will be one that we can all make more than just “fine.” Instead, we can make this hybrid environment more secure and more productive for everyone.