Secure Remote Access
SailPoint on the concept of Identity Security
By Volker Sommer, Area VP DACH at SailPoint
Volker Sommer, Area VP DACH at SailPoint
As a study published last week by the Criminological Research Institute of Lower Saxony (KFN) shows, the current pandemic and the increased use of remote work often have a negative impact on IT security in companies. For its survey, the research institution based in Hanover surveyed more than 600 companies in the period July to September 2020. Here, 60 percent stated that they had to react to at least one cyber attack within a year. With a view to the future, many decision-makers in the companies surveyed expect a still tense situation in the area of IT security – even if many employees are now returning to the offices. More than half of the companies rated the risk of a cyber attack that would cause major damage to their operations as “very high” or “rather high” over the next twelve months.
The findings of the KFN are worrying, but not necessarily surprising. For one, at the time of the pandemic outbreak in the spring of 2020, many companies were working hard to keep their business running and had little time to intensively deal with the transition to remote work and the associated security risks. In the hectic transition to remote work, security and compliance gaps have often opened up. On the other hand, the crisis has massively played into the hands of cybercriminals and they have been able to use the general uncertainty and concerns of the population to carry out new attack tactics. Especially remote work was used here and at the beginning of the lockdown last year, phishing emails with subject lines such as “Did not reach you in the office-please answer“ or “Your test results”were accumulating.
For example, the study The Cybersecurity Pandora’s Box of Remote Work from autumn 2020 showed that 46 percent of the surveyed companies in Germany were very strongly affected by phishing attacks within the previous six months. A good one and a half years after the start of the pandemic, criminals know how to use the situation for themselves and the cybercrime situation remains tense. Overall, however, it is important to emphasize that it is not remote work itself that poses a threat to IT security, but the vulnerabilities in the area of IT security and compliance that were revealed by the switch.
But what can companies do specifically to ensure that their employees have the same level of IT security at home as on company premises? Basically, in times when employees can work from anywhere, the protection of digital identities is paramount. Because: Cybercriminals no longer penetrate companies via the network perimeter. Instead, they target users such as employees, contractors, suppliers, and even software bots. Once a user account is compromised, intruders may be able to access a variety of business-critical data. For this reason, it is important that users only have the permissions they really need for their work.
This is where the concept of identity security comes into play. Today, identity security means a multi-layered approach to both the applications and the sensitive data in the hundreds, if not thousands, of applications that a typical company uses. Only qualified employees have access to certain technologies and the business data contained in them. Such safeguards ensure that establishments can reserve the most sensitive company information to those they need to know.
Since IT departments of modern companies have problems keeping an overview of all identities in operation, especially in the course of remote work, solutions from the field of identity security have proven themselves in practice, in which access controls can be centrally managed and controlled with the help of artificial intelligence and machine learning. Benefits such as centralized management of access policies, automation of provisioning and revocation of access for employees, and 24/7 self-management of access and passwords enable companies to operate agile and secure. If companies are well positioned to protect their digital identities, remote work is not a horror scenario, but companies and employees are maximally protected and the respective place of work becomes secondary.