This is the first in a series of blogs around the IDC infobrief: ‘Harnessing Identity to Position Security as a Business Enabler’. This infobrief details the perception and challenges of Security leaders and provides guidance on how to positively influence security perceptions, turn challenges arising out of digital transformation into opportunities and, finally, how best to engage the board. The infobrief can be downloaded below.
Digital transformation (DX) has been, and still is, top of the agenda for many UK businesses. Prior to Covid-19 many organisations will have been transforming to meet the needs of the mobile workforce, which, depending on your business, would have been relatively small but growing steadily. Today, the entire workforce is almost completely static and totally remote. This has kicked off a forced digital transformation that no one could have predicted. That being said – the needs of the mobile worker are not all that different to the needs of the remote worker….. they all have an identity that can be managed no matter where they are working or logging in from.
Transitioning from an office worker to a remote / work-from-home employee has placed huge demands on businesses and employees around the world. For the business, some things should be relatively straight forward to solve, like greater and faster connectivity speed, but others are more complex like using hybrid infrastructure to manage business critical applications. In addition – most employees may now be using personal devices for work purposes; the speed of office closures led to a wave of pseudo-BYOD. As IT are finding out, the blend of applications and services that employees need access to so they can add value to the business may no longer sit entirely in the comms room at the end of the hall, or even in the local data centre. Some services may not be known to the business at all (Shadow-IT). It’s the role of IT to ensure that the end user never needs to be aware of this complexity, and it’s the role of the security team to ensure that this complex infrastructure and landscape of applications can be accessed in a secure, uniform manner.
IDC identified that 58% of UK businesses are not bringing security in at the beginning of new initiatives
When IDC asked UK enterprises what their top IT Security concerns are, managing users, identities and access was in joint 2nd place with security culture and awareness. Scaling a solution to manage the access of the workforce no matter where they are located is key to addressing the managing users, identity and access concern, while providing a uniform, user friendly experience through which to manage the access can have a hugely positive impact on addressing the security culture and awareness concern.
Unfortunately, some things haven’t changed and in 2019, IDC found that 58% of UK businesses are not bringing security in at the beginning of new initiatives, meaning that its extremely difficult to influence the two security concerns mentioned earlier. This leads to significant blind spots occurring in the security perimeter as many transformation projects are happening without the security team’s involvement.
IDC’s research shows that the top value (42%) UK enterprises expect from security is risk management optimisation.
While this can be perceived as a significant challenge, it’s also presents an opportunity for security leaders to enable the business to meet transformation needs in a secure and scalable way. The Managing Identity at Digital Scale to Enable DX driver section of the infobrief identifies four ways by which security can not only be involved in transformation projects, but also add significant credibility to the work being done. One such way is to support mobile strategies and position how Identity and Access Management (IAM) solutions can deliver at scale and meet user experience expectations. The right combination of Single Sign-On (SSO), EPM (Enterprise Password Management) and MFA (Multifactor Authentication) will be unique to each business. It’s the blend of these IAM services that will enable the business to scale securely.
The result being that instead of security being brought in after the project is launched or after a security breach, they are part of the design stage and can add their professional expertise to ensuring the solution is secure-by-design and in doing so, adding the security seal of approval to the project. This ultimately helps support the top value that 42% UK business expect from security – Risk Management Optimisation.
Business transformation of any kind should ideally be undertaken when security is involved from the very start; transformation must be secure by design – that should be the default position. The infobrief, which can be downloaded below, details why Managing Identity at Digital Scale to Enable DX is a key driver that security teams can leverage to get themselves back to the table where plans are being discussed and solutions are being brainstormed.
Download the IDC Infobrief that details all five Identity Drivers, along with challenges that security teams face, how security teams are perceived, and how to talk the same language as the board.
Source1: IDC, European Security Strategies Survey, 2019 (n=700)