By Diana Kelley, Cybersecurity Field Chief Technology Officer, Microsoft
In the last few months, we have seen organizations in the region truly transform the way they work and collaborate. With more and more organizations adopting technology to enable remote work and stay open for business, the need to balance friction-less collaboration and highly targeted engagement with privacy and security has never been more critical.
In fact, even before workers transitioned home in large numbers, IT leaders were facing rapidly transitioning work models fueled by an increase in remote working, freelancer exchanges and platforms, and a geographically-distributed workforce—trends that are only accelerated today by the uncommon circumstances imposed by COVID-19. A survey conducted earlier this year revealed, a full 97 percent of IT leaders saw “insider risk,” or users from within the network, as a significant security concern, with almost three in four worried about both intentional and unintentional data breaches from this group.
With today’s blended workforce which includes not only remote full- and part-time employees, but also freelancers, contractors, consultants, subsidiaries, parent companies, partners and of course customers, the term “insider risk” has taken on a whole new meaning.
According to a recent Microsoft study (February 2020) powered by Pulse, IT leaders reported that 55 percent of external users outside their organizations belong to other businesses—for example, commercial customers, partners and suppliers. This larger percentage is often viewed first as an opportunity: 98 percent of respondents from the same research felt that their company’s success would come from deepening collaboration and engagement with customers and business partners.
Extensive collaboration brings in increased security costs and demands and more importantly poses a challenging question: How can an organization be both more open to outside users and more secure at the same time?
The answer lies in leveraging cloud-based identity and access management (IAM) and customer identity and access management (CIAM) to better engage with all your cohorts.
I believe that every organization has the opportunity and imperative to digitally transform to achieve greater productivity and competitive growth while securing their digital estate. Here are some of the benefits of using a trusted CIAM that CISOs have shared with me.
- Persistent identities—Almost everyone already has a digital presence and at least one associated ID from Google, Facebook, or Microsoft. Using persistent IDs means that customers and partners can re-use their exiting identity and don’t have to worry about creating an entirely new login and password. This reduces friction and improves security.
- Data transparency—When people use the same ID across multiple business and organizational systems, both they and the company have a more efficient method for reporting on data use and access. It also means that when a user request that their history be wiped or corrected, they can easily confirm that appropriate action has been taken.
- Better audit trails—Using those same IDs also supports compliance reporting, audit trails, and forensic investigations. Rather than having to stitch together multiple IDs to determine the path of an incident, like a data exfiltration event, security professionals can follow activity of a single target ID. This also streamlines compliance reporting activity reducing burdens on already overworked staff.
- Improved security—Allowing partners and customers to bring their own ID also means that robust, enterprise-ready security can be brought along. Advanced technologies like multi-factor authentication (MFA) and conditional access with step-up authentication can be applied to all users, even those that don’t work for large companies with mature identity programs.
- Enhanced experience—The best security professionals know that technology that makes users’ lives easier is the most effective. All of the above directly impact security, but if customers and partners aren’t excited about using a solution, they’ll go around it. CIAM ensures low friction end-user experiences are supported across varied experiences from artificial intelligence (AI)-led guidance to new product and service recommendations.
COVID-19 pandemic has reinforced the pivotal role technology plays in enabling businesses. While connecting and collaborating are key, digital relationships are dependent on trust. Enabling seamless and secure identity experiences for all users outside your organization is central to unlocking greater productivity, deeper brand engagement and loyalty, and business to business collaboration.