As businesses begin to take tentative steps to recover from the pandemic, we are still figuring out what our ‘new normal’ is. In the face of an ongoing pandemic, we’re taking a more risk-based approach to living and working.
Businesses and departments that were unable to work remotely shutting down during the lockdown have led to a negative impact on businesses, industries, and the economy as a whole – you only have to look at the retail and hospitality sectors to see this. A paradigm shift has occurred, particularly with technology and its use in a post-pandemic world.
Technology is no longer viewed solely for the IT team, certain departments or roles. From ordering essentials, making secure payments, and converting our homes into virtual offices, these recent experiences have one strong message for all of us - IT is no longer a niche but a necessity, embraced by the whole nation. Many industries that weren’t ready for this shift in Sri Lanka were massively impacted resulting in the closure of operations and salary reductions.
This means that even if you are not a technical person, you are now expected to understand the basics. The good news is that organisations who purely focused on clients who belonged to particular roles and departments are now looking at a much wider opportunity where their products could be made in a way that is slightly less technical or sophisticated, more user friendly, and serves a variety of business units as opposed to just IT.
Human Resources is a great example. During the pandemic, one-to-one communication opportunities for hiring, conflict resolution, resignation processes, and plenty of other HR-based activities couldn’t function as they normally do; workarounds were needed. We had to interview via Zoom, handle conflict resolutions remotely, and so much more. This was also harder for the HR team who had to reinvent their processes to fit a virtual world, with some being less tech-savvy than other departments or teams. There are a few areas where an identity and access management (IAM) solution can help those less tech-savvy individuals who are not so used to remote working get through the learning curve – particularly if they are working from home. Here are four top tips that I picked up which helped me:
Signing in to your systems once
With a lot of the questions I have, I can get answers via different applications centrally located in an internal cloud. This has resources that I need for day-to-day HR activities, as well as inquiries relating to payroll, partners, and customers. However, signing in to each and every one of these applications is time-consuming and can get frustrating.
This is where IAM comes into the picture. The single sign-on (SSO) feature in IAM allows me to access all the applications within a given session, using a single secure authentication. When I sign in to one application, it authenticates me to proceed to all my other applications without having to sign in again. I can safely log out of all my applications using the single logout feature. This way, I am not worried about having to log out of all applications individually. Additionally, we utilise IAM to access conference apps like Zoom using the organisation-level user credentials so that employees need not create separate accounts every time they want to use Zoom.
Proof
Since many of us are working from home, the chances of intruders and imposters trying to act as if they are part of the business can put the organisation at risk. This is where multi-factor authentication (MFA) comes into play. In addition to basic authentication, you can include a fact the user knows (like a password), a fact the user has (like an RSA token), or something that the user is (any biometric references like retina scans or fingerprints).
However, while adding this additional element brings more security, it can be super annoying for an average user – like me.
This is why we have adaptive authentication. You can choose the MFA factors depending on how prominent the resources that a certain user handles are, the user’s geographical location (if the user is stuck somewhere other than their home or business due to the situation), the user’s access privileges, or in other words, what the user can do with the accessed data, the user’s IP address and many more factors. This proves to be secure while still being user-friendly.
It can be a real struggle if we forget passwords in these circumstances. Imagine the plight of the IT team if several people forget their passwords daily. Also, writing these passwords down is not particularly smart when you can’t remember them by heart.
Having weak passwords, or having the same passwords for multiple applications for convenience, can all lead to a hacker’s paradise. Passwordless authentication protocols like FIDO2 depend on security key mechanisms instead of passwords. This is both user-friendly and secure.
Onboard, promote, transfer
Onboarding, promoting, or transferring an employee requires IT to give them access to certain applications and rights; and modify them whenever required.
This is not a hassle with identity and access management since the users and roles exist in the system and creating new employees, promoting employees to another role, and transferring the department of an employee can all be done easily. These functions can also be enhanced using the workflow feature in IAM. These are just a few simple ways that an IAM solution can manage secure access to your applications. Technology and remote working are not a short-term fix for the pandemic. This is going to be the way of life going forward since organisations now have a greater understanding of its benefits and how feasible it is for many non-IT departments and functions.
All Sri Lankan companies, irrespective of the industry or the department, need to prepare themselves for a virtual business environment as quickly as possible, to ensure sustained growth.
Kumarkuruparan is a Technical Writer at an IT company.