In this blog series we briefly cover seven trends that impact your Identity and Access management strategy. In this part we cover the Increase in the need to be able to connect through anything and why it’s so important that you facilitate this in a secure and user friendly way within your IAM strategy.

In our previous blog we already talked about the importance to be able to connect to your company network from anywhere, even more so since COVID-19 and working from home became the standard where possible.

Besides connecting from anywhere your employees (and also devices) need to be able to connect to your network through anything. Whether they use their company laptop, tablet and mobile phone, or even their own devices, convenience in connectivity has become the new normal.

This is not something new, BYOD (Bring Your Own Device) has been implemented at a lot of companies and has become the standard since cloud and mobility has changed the way we work. Initially it was an extra way to access your E-mail on your personal mobile phone. Later it made its way to personal laptops and access to collaboration applications.

This enabled companies to change the policies when hiring temporary external resources for example. They now could easily work on their own devices without the company having to hand them any hardware such as a laptop and a mobile phone. This saved a significant amount of costs.

Nowadays there is a vast amount of work applications that are being used on personal devices. The office 365 apps for example are easily logged into, either via single sign on (SSO) and in other cases with multifactor authentication (MFA) or a combination of both. This access is all managed in, for example Active Directory, which uses groups to give employees rights to use these application and access files or collaborate with colleagues using MS Teams.

Other collaboration applications such a Slack for example, often depend on an EMM (Enterprise Mobility Management) or MDM (Mobile Device Management) solution. This is needed to give organizations control on how their company data is being accessed and used on mobile devices.

In general allowing employees to be able to use their personal devices to work triggers quite a unique security challenge. How can you be sure that access to your corporate applications from a personal device is secure? As previously mentioned MDM or EMM is a good solution to handle this but it also comes with its own challenges.

Employees might be worried about their own privacy when their device is being managed by the company they work for or are afraid that the performance of personal apps on their device are affected by the MDM solution. This is often based on a gut feeling the employee has and maybe a lack of trust in their employer. Either way you need be able to be in control of who has access to your applications and data in order to be secure and compliant with the rules and regulation.

The best way to be in control of this access is to implement a proper IAM solution and manage access centrally. This way you can have it linked to authoritative sources such as HR and automate access related processes by integrating with target systems such as Active Directory and your MDM solution. This way you can set up scheduled jobs that make sure a user’s access rights are made active on the day they join your company or are updated when they move to a new function. Using role based access controls (RBAC) you’re able to easily grant them the access they need to do their job.

Even more important, you can revoke access to all resources immediately when an employee leaves the company, preventing them from accessing any data they’re not supposed to access anymore. This is especially a huge security benefit as you can imagine.

To this day this still poses a challenge for a lot of companies as access rights are not managed centrally and are not automatically revoked when needed. I bet you can still access some of the applications or data from a previous employer if you haven’t removed the work apps on your mobile or laptop. Go ahead give it a try, I sure was amazed when I tried…

Would you like to know more about IAM or IAM as a managed service and what AspisID and One Identity can do for your organization? Contact us on info@aspisid.com!

Simon Voorbij

Simon Voorbij
Business Consultant