With more people now choosing to work remotely, many global enterprises are splitting up their workforce between multiple locations, often in different countries. However, this new way of working poses problems for CISOs, as they try to ensure employees logging in remotely are doing so securely. Stuart Sharp, VP of solution engineering, OneLogin, tells us how security departments can manage multiple access points and levels of access for companies with remote workforces.
According to the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020.
Many organisations have been taking steps in this direction for many years and the increased uptake of ‘working from home policies’ is all but to be expected with the advancements in technology and the flexible requirements of the modern workforce.
In light of this, many are asking the question, how useful is the traditional office space?
Nowadays, it is common for global enterprises to split up their workforces between multiple locations, often in different countries and, sometimes, not in an office at all.
The number of employees who work from home routinely as part of their job has increased dramatically over the past few years. Many organisations offer incentives to employees such as ‘work from home Fridays’, with the aim of increasing morale and staff retention rates.
According to recent research on the distributed, diverse workforce of the future, 97% of CIOs said that they expect their workplaces to be widely dispersed across geographies and time zones, with part-time employees, contractors and contingent workers playing a bigger role in businesses.
Today, more than 77 million millennials are active members of the workforce.
This sizable group represents an enormous proportion of the working population – and they are increasingly unwilling to take a technological step back when entering the workplace.
Colloquially referred to as ‘the generation that grew up shopping on Amazon.co.uk’, these employees expect a mobile-first work environment, are fuelling the freelance economy and will change employers every 16 months on average.
In light of the skills shortage, organisations need to work harder than ever to close the gap; and implementing flexible working policies is one way to get ahead of the game.
Many organisations have already implemented remote working policies with varying degrees of success, however, there are challenges that are being overlooked.
The main concerns revolve around security, with many worried about how remote workers can access sensitive company data, while maintaining a secure and safe environment. With cyberattacks reported to have cost UK businesses £300bn (US$370bn) in 2018, it can be a colossal challenge for IT departments to ensure that users who are logging in remotely are doing so securely.
What is the threat? With 80% of security breaches involving the abuse and misuse of privileged credentials, the threat is passwords.
Everyone is raising the alarm about weak passwords and encouraging the use of more complex ones as an easy form of defence. However, complex passwords can often cause more havoc than simple ones.
Imagine your IT department requires you to change your password every 30 days, it must have one uppercase letter, one number and contain one special character.
There is no way the average person is going to remember a new password every month. So what happens? Users write their passwords down, email it to themselves, keep it in a spreadsheet or simply forget their password and request a reset – the most frustrating outcome for those working on IT help desks.
A single user may have anywhere from 20 to 200 passwords across dozens of enterprise-level applications, accessing secure information from various devices including laptops and smartphones.
In order to keep the remote working train moving, we need to ensure every worker is logging on to company networks safely and securely. One solution to this problem is implementing a single sign-on (SSO) system that integrates multi-factor authentication (MFA). SSO lets users securely authenticate with multiple applications and websites by logging in once with just one set of credentials.
With SSO, the applications or websites users access rely on a trusted third party to verify users are who they say they are. MFA, on the other hand, is a security system that verifies a user’s identity by requiring multiple credentials. Rather than just asking for a username and password, MFA requires other – additional – credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.
Every time a user logs into a new application or machine, it is an opportunity for hackers. To be on the defensive, companies should have an authentication strategy in place, protecting both data and end-users. In addition, companies should ensure that their authentication solution of choice can adapt to meet new and advanced types of attacks from cybercriminals.
The removal of passwords is the desired objective of everyone in the cybersecurity industry. However, passwordless authentication is not supported by most applications. Only companies that have deployed a modern cloud-based identity solution can make a passwordless future a reality, today. In the meantime, implementing secondary forms of authentication will mean that many cyberattacks are prevented. A phishing attack may garner a user’s credentials, but it can’t provide the hacker with a fingerprint.
A major benefit of SSO and MFA is they work across devices, meaning that whether a user is in the office or at home, they are signing on securely from all devices.
At the moment, we’re heavily reliant on on-premises networks and desktop technologies. However, as we transition into the cloud and out of the office, it is the responsibility of organisations to ensure that their employees – wherever in the world they may be – are accessing company files safely and securely.
As ‘the norm’ shifts, it’s only natural that more and more companies will implement remote working policies – the distributed and diverse workforce of the future is just that, the future.
Working practices must evolve in order to not fall behind the times, however, as we evolve, so do the threats. Only by taking active steps to mitigate these risks can we move forward without friction and support the remote workforce of the future.