Identity Security Can Reshape Enterprise IT Post-Pandemic

Incredible pressure often produces incredible developments — and if nothing else, the global pandemic has been a prime example of that very process.  

As Microsoft CEO Satya Nadella told the press in 2020, “As COVID-19 impacts every aspect of our work and life, we have seen two years’ worth of digital transformation in two months.” Over the last year, we’ve seen the fastest ever development of multiple vaccines and breakthroughs in multiple different fields. Remote working now looks as though it will remain a fixture of work far beyond the pandemic as a way to cut costs and improve employee satisfaction. Furthermore, enterprise security is adapting to the new landscape. 

One place this is especially true is enterprise security. Security teams were under immense stress during the pandemic. As the world went into lockdown, IT teams had to make effective remote work possible for up to thousands of workers in some cases. They had to do this on networks that were strictly built to be used in offices and with security infrastructures that were never made to accommodate more than a handful of remote workers at a time. 

The difficulties found therein appear to have put yet another nail in the coffin of the traditional network perimeter. Now, organizations are looking towards identity security to reimagine how they protect their network. 

New research certainly points in that direction. Ping Identity commissioned a survey seeking insights from 1350 executives across the US, Europe, Australia and New Zealand to see how their organizations pivoted throughout the pandemic. The study found that 55% of respondents have invested in new identity security capabilities since the start of the pandemic.

This can be interpreted not only as a way to adapt to the new realities of IT during the pandemic but also to the increased security threats that arose during it. After all, identity-related attacks rose during the pandemic, exploiting the isolation of national lockdowns. One study by Aite Group found that nearly half (47%) of US consumers experienced identity theft between 2019 and 2020. Meanwhile, the US Federal Trade Commission announced in February that 2020 reports of identity theft had doubled to 1.4 million since 2019. 

We also saw a spike in employees with excessive access privileges getting hacked, exposing the company to outsider-based cybercrime. Since the COVID pandemic, there has been a 47% jump in the severity of ransomware attacks, a 35% increase in funds transfer fraud and a 67% increase in business email attacks, to cite just a few statistics

"Since the COVID pandemic, there has been a 47% jump in the severity of ransomware attacks, a 35% increase in funds transfer fraud and a 67% increase in business email attack"

Now, 85% of surveyed executives agree that identity security technologies are critical to their companies’ mobile capabilities and user experience. It’s not just a conceptual victory, either. Well over half (60%) of respondents have already increased their spending on strategic identity-related investments. To boot, 69% of executives expect their investments in identity and access management to grow over the next 12 months. 

There has been a similar acceleration around zero trust, a security architecture that places identity as the cornerstone of the new perimeter. Much like remote working, zero trust architectures were already gaining popularity before the pandemic, but the events of the last year appear to have accelerated their adoption. 

The harsh conditions of working under the pandemic may have destroyed what was left of the old “castle and moat” architecture. Such architectures normally provided trust to those that could authenticate with a simple username and password combination. The efficacy of that structure has eroded over time with successive digital transformations that have sent enterprise IT far beyond the boundaries of the traditional perimeter. During lockdown, networks couldn't rely on office-bound employees using their trusted enterprise machines from behind the protection of office security controls. Trust had to be found another way.

As you might be able to tell from the name, zero trust grants no pre-ordained trust to any entity, identity, device or network. Instead, that entity must constantly authenticate itself as it moves through the network using a variety of identification factors like behavior. It is perhaps for that reason that 82% of executives told Ping Identity that they have already introduced zero trust elements into their environments to varying extents. Further, nearly three-quarters (71%) believe that their investments in zero trust will increase over the next 12 months.

Enterprise security will emerge from the pandemic as a changed force, but many of the emergency measures that were put in place to survive the pandemic will remain. For example, 47% of Ping Identity’s executive respondents said that many of their employees would be working remotely well into 2022. IT teams have been granted a new centrality within the enterprise, and 37% of our respondents said they’d increase their IT teams' size. With perimeter-focused architectures becoming quickly irrelevant, enterprises are looking towards identity-focused security measures to secure these new networks and new forms of working.

What’s Hot on Infosecurity Magazine?