In this blog, the first in our two-part blog series on the Modern Workspace, we look at identity management, also known as identity and access management, and its role in supporting more trusted and productive environments.
Many people think about cyber security in terms of managing the risks of attack and keeping the bad guys out.
But for most organisations, there is a strong relationship between the quality of security settings that are in place and the degree to which staff are able to collaborate and innovate.
And that relationship is becoming even more important as staff demand more flexible work arrangements, and with them the need to manage individual identities across multiple platforms and devices.
Global design firm Gensler canvassed 4,000 workers as part of its 2016 US Workspace Survey, 71 percent of whom said they’d prefer to spend 3.5 days a week in the office, and the rest working from home. Meanwhile, it goes without saying people are using a greater variety of digital devices to perform their core work duties too.
As this Modern Digital Workspace continues to evolve, it’s important that organisations are able to build ‘trust’ into these new environments, without which all manner of security, efficiency and productivity risks can arise.
Identity and authentication
At the most basic level staff are required to have a user name and a password. The user name is data a user uses to claim their identity, while their user name is the data used to ‘authenticate’ it.
This is an example of single-factor authentication, and an approach that is increasingly seen as inadequate in today’s digitally-connected business environment.
The reason is that a user name and password really only tells us that someone in possession of someone’s ‘credentials’ has just logged in.
There is no verification or validation of who is using those credentials. Sure, you can opt to allocate longer and more complex passwords, but this approach invariably makes systems less effective by making them harder to use. And the basic problem remains unresolved.
‘Multifactor’ authentication, on the other hand, is a much safer bet. Requiring users provide something they have plus something they know is a good example of two-factor authentication, while entering something they have, know and are uses three-factors.
The ability to accurately verify a user is who they say they are becomes even more critical when that user exists on multiple digital platforms and via myriad mobile devices.
Tokens and biometrics
Taking it up another level, many organisations operate security systems based on physical objects, often referred to as tokens. Combining presentation of the token – think office swipe cards or ATM card – with information such as passwords or user names.
And sitting above that we have the evolving new world of ‘biometrics’, which refers to the authentication of individuals based on individual physical traits, such as faces, iris / eye patterns, finger prints, voice, gait and probably in the not-so-distant future, DNA.
Like so many aspects of the evolving Modern Workspace, identity management and authentication is something that needs to be approached in light of every organisations’ specific needs, budgets and circumstances, including those of their staff.
You might have a very flat management structure that demands equal access to information across the company. Or maybe you have people out in the field that need access to data across multiple devices, platforms and physical locations.
Whatever your unique requirements TDL can consult with you to find the right balance of identity and security settings and policies so that you address the challenges, while reaping the benefits, of a truly fluid and mobile Modern Workspace.
Download our eBook on The Modern Workspace – enabling a better way of working to learn more.
Contact Us to find out more about creating effective digital strategies.