Ricardo Diniz, vice-president and general manager at WS02 UKI & Southern Europe, discusses how identity and access management can enable users to ensure digital ethics are upheld
As we begin 2022, the COVID-19 pandemic continues to disrupt, and we are likely to see a hybrid approach to work for the foreseeable future with a mix of remote and office working for many organisations.
Many firms were able to mitigate the impact of various lockdowns with technology. However, others were not so fortunate, and those companies unable to adopt a working from home policy had to temporarily shut down. This has inevitably led to many negative impacts on businesses, industries, and the economy.
One positive is that technology has become our lifeline. This means that the responsibility for endorsing and improving technology is no longer viewed as solely the purpose of the IT team, or certain departments or roles. A paradigm shift has occurred with technology and its use in today’s hybrid world. It is now everyone’s responsibility, and everybody is relying on it– from ordering online to converting our homes into virtual offices. These recent experiences have one strong message for all of us: IT is a necessity, embraced by the whole nation.
However, our reliance on technology does raise questions around digital ethics and the way technology is shaping our political, social, and moral existence. We already live in a digital society, and we’re seeing both the positive and negative effects of these new technologies on society every day. Are smartphones eating away at our attention spans? Is Instagram making whole generations depressed? Are we seeing a rise in deep fakes and misinformation? Are we worried that AI and robots will take our jobs and leave many individuals redundant? These are all important questions to answer.
Responsible Tech Series 2021 Part 1: exploring ethics within digital practices
Making sure the right digital processes are in place
One area closely aligned with ensuring digital ethics and putting in place the right protocols to cope with our new digital processes is human resources (HR). This part of the business has had to make notable changes over the last couple of years, as it has started to rely more heavily on technology. During the pandemic, HR processes such as hiring, conflict resolution, onboarding and offboarding, and other HR-related activities could no longer follow the same face-to-face processes they had historically; workarounds were needed. HR managers had to interview via Zoom; they were required to handle conflict resolutions remotely and virtually, and so much more. Coupled with this HR teams had a new challenge: to re-invent their processes to fit the new virtual world – while ensuring that this environment has the right digital ethics for the organisation.
This is where an identity and access management solution (IAM) can help less technical individuals. In applying digital ethics, security of personnel data is paramount for organisations, and IAM solutions can help make some important security requirements of remote working easier to overcome Let’s look at how an IAM solution can ensure the security, ethics and privacy of data.
Implementing a single sign-on feature
There has been a rise in deep fakes and misinformation with hackers posing as employees and so much more. The situation is not helped by the wide variety of different applications employees need to sign into during their workday. Entering multiple passwords is time-consuming and can become frustrating, leading to bad password hygiene that increases cyber risk. By contrast, implementing a single sign on (SSO) feature in IAM allows users to access all the applications within a given session, using a single secure authentication. For example, when they sign in to one application, it authenticates them to proceed to all their other applications without having to sign into them again.
Moreover, employees can safely log out of all their applications using the single logout feature. This way, they are not worried about having to log out of everything properly; it is done automatically for them. Additionally, teams can utilise IAM to access conference apps like Zoom using the organisation-level user credentials so that employees need not create separate accounts every time they want to use Zoom.
World Password Day: What to consider when it comes to authentication
Make it harder for hackers with adaptive authentication
Since many of us are working remotely, there is a heightened chance of hackers trying to act as if they are part of the business, and therefore putting the organisation at risk. Recent research found “91% of businesses reported an increase in cyber attacks with employees working from home”. This is where multi-factor authentication (MFA) comes into play. In addition to basic authentication, you can include SMS authentication. This is where an SMS message with a code is texted to the employee to verify authenticity. Alternatively, it could be something personal to the user, for example, any biometric references like retina scans or fingerprints.
While implementing MFA brings more security, it can be super annoying for an average user. Therefore, a better solution is adaptive authentication. You can choose the factors depending on the user’s geographical location, their access privileges, or their IP address. This will help to build confidence in Digital ID because adaptive authentication is both secure and user friendly.
Remembering multiple passwords is challenging
It can be a real struggle if we forget passwords, and remembering multiple passwords – or even a simple complex password – is often a challenge. IT teams become inundated with calls to reset them daily as part of security protocol. When individuals have too many different passwords to remember, they often note them down, which is not particularly smart. However, recycling or choosing weak ‘easy options’ as passwords for convenience can lead to a hacker’s paradise. With passwordless authentication, users can log in to a computer system without entering a password or any other knowledge-based secret. By adopting passwordless authentication protocols, organisations can allow individuals to rely on key security mechanisms instead of passwords. These are more user friendly whilst also keeping businesses data secure.
Another area is onboarding, promoting, or transferring an employee, which requires IT to give them access to certain applications and rights; and modify them whenever required. Identity and access management solutions can assist with this challenge since the users and roles exist in the system, making it easy to create new employees, promote employees to another role, and transfer an employee to another department.
These are just a few simple ways that an IAM solution can manage secure access to applications and ensure digital ethics are maintained. Technology and remote working will be here for the foreseeable future – this is going to be the way of life going forward. Therefore, making it easier for non-IT users to seamlessly engage but maintain security is going to be paramount, and this is where an IAM solution can really help.