Friction-free personal identity protection is a strategic matter: LogMeIn
Legislators move stereotypically slowly, especially in comparison to the speed at which technology develops. But even the slowest-moving of legislative bodies is bringing forward new layers of governance concerning data protection, personal information use-strictures, and a range of other measures, that can vary widely.
That presents a complex picture to most businesses and organizations, as although compliance regulations may be localized, their effects are not.
Similarly, security pictures change too, with teams often having to prove that they have the kind of processes and methods in place that not only help comply with legislation from the other side of the globe but also sew security into the very fabric of the organization.
That’s because even the smallest trading body might interact with citizens of Russia, California, Australia, and Germany.
On each occasion, different rules and regulations — enforced by Australia’s Office of the Australian Information Commissioner (OAIC) or outlined in the European Unions’ General Data Protection Regulation (GDPR) — might apply as to what data can be stored, who has access, the sophistication of controls put in place, how data is handled and, in some cases, even where the data must be stored.
That shifts security and compliance teams’ emphasis from device protection to identity protection, which is a trend that’s been developing too as bad actors’ activities have also been shifting towards personalized attacks (like phishing attempts, for example). For business users, IDaaS (Identity as a Service) platforms are epitomizing security management, which is moving security and governance function to a more centralized, strategic role in the organization being reinvented from being a blocker to being an enabler for productivity and growth.
Here at Tech Wire Asia, we managed to grab a few minutes with Barry McMahon, the Senior International Portfolio Marketing Manager at LogMeIn, who talked to us about how to attain frictionless user experiences when it comes to protecting individuals’ identities, and thereby protecting the organizations in which those individuals operate.
Do solutions like SSO (single sign-on), EPM (Enterprise Password Management), and MFA (multi-factor authentication) have most threats covered off, therefore? In short, Identity protection platforms ensure the highest degree of data security and adherence to the law?
“No, that’s not entirely the answer, ” McMahon stated. “There’s still a need to educate users. The aforementioned solutions can help lower the company’s risk profile, but it’s not all about technology – every business should aim to make people the strongest security factor— where people are traditionally the weakest link.”
One of the most common mistakes is using technology to address a problem and ignoring post-deployment education and onboarding. Some solutions, when deployed, are destined to fail. Not because the solution is not fit for purpose, but because there is no education, no training and as a result, poor adoption. Poor adoption = low impact and zero return on investment.
But even when the strands or layers, as McMahon calls them, are all present (user education and technology) in an overarching identity suite, there is still the issue of user experience; especially user experience at any significant scale:
“You need to manage [user experiences] at scale— not to is risky. Loyalty patterns change in seconds for brands when the user experience is poor, we see it everywhere; banking and retail are the obvious examples.
In security, if the user experience is difficult or too challenging, security systems fail because folks circumvent them or stop using them altogether. Companies have to ask themselves, do you want to trade security for productivity?
And if the answer is yes – then expect people to find a work-around.
If the answer is no, then adopting is typically high and the business is more secure. Ultimately, it’s a balance that will be different for every business. The goal should be to have security almost invisible to the end user. A goal that should be continuously strived for!
In the modern enterprise, users must be able to gain access to a broad range of services, in the cloud, or on hybrid platforms, and one given is that the needed services and apps in daily use will change. That shifts the onus from protecting those systems to safeguarding the user — the user carries their security with them, regardless of the platform with which they interact.
That approach is especially pertinent in the APAC region, because of the differences between geographies being so stark in such a relatively small area. The competitive element is particularly active in the area too, and that is driving digital transformation very quickly.
“Security teams can grasp the opportunity to get a strategic role in digital transformation, with security considerations focused on the individuals at the heart of [the] business. A frictionless user experience in maintaining security on a personal basis is not a bolt-on, it’s a value-add.” McMahon said.
“A business’s ambition is to maintain competitiveness, and disruption is ever present. But security teams are up against it, with 100 percent saturation of available [cyber] security employees. We must do more with fewer people. So the old adage of work smarter, not harder is particularly relevant here”
The LastPass Identity suite helps enterprises to cover off the “layers” to which McMahon refers: enterprise password management, multi-factor authentication and single sign-on combine to support identity management. It helps security teams make the transition from a preventative force that limits the business, to one that enables individuals to act as they need to, but ensures they work safely and with due diligence for data governance.
As 2020 begins, and both bad actors and legislative bodies are concentrating on personal data, the need to move cybersecurity to a central role in the enterprise is pressing. Making security frictionless for the individual is the crucial layer that security managers can bring to the boardroom table as the business transforms.
(If you haven’t already, get LastPass Free here.)