The Role of Digital Identity in COVID-19
Globally, COVID-19 has become a top-of-mind issue dominating daily lives, and the toll it’s taking on businesses from every industry is climbing. In an effort to contain the rapidly-spreading virus and to keep their employees out of harm’s way, many companies are restricting travel and asking, or even requiring, their employees work from home. This rapid shift has illuminated shortcomings in corporate digital identity infrastructures and processes that need to be addressed for the global economy to operate effectively.
This week, Google announced that they’ve requested all North American employees to work from home. Google currently employs over 100,000 people around the world, with a large portion based in North America. While Google is certainly not the first company or the last to do so (insider insight: this blog was written from our respective sweatpant-clad couches home offices too), it speaks to the breadth of this virus’ impact in every corner of the globe. With the numbers of remote workers rising daily, what is the true impact, what are the problems at hand, and what are the upcoming challenges posed in regards to digital identity?
Problems with the Status Quo: Challenges of a fully-remote workforce
The more common pain points of a decentralized work environment include:
- Mobile device monitoring and authentication: Establishing secure connections with remote devices, phones, tablets, and laptops while empowering a flexible workforce poses a unique set of vulnerabilities that only exist outside of the secure office environment.
- “Bring Your Own Device” (“BYOD”): In digital identity, the concept of allowing users to bring their own devices into a corporate network is known as BYOD. BYOD approaches introduce variability across device types, operating systems that are accessing network systems, permission settings, and the personal app activity currently live on everyone’s personal devices. This lack of consistency prohibits digital identity and cybersecurity professionals from instituting a unified approach to network security, and places an increased onus on individual device owners. Users should make sure their devices are up-to-date with the latest software and firmware versions, monitor app permissions, and understand what data is being pulled from their devices.
- Endpoint security: Simply, every device that has a connection to the corporate network is a potential entry vector for a cybercriminal. Digital identity professionals ought to have the ability to identify authenticated credentials and their associated devices before entering secure networks.
- Maintaining data privacy and data integrity: In a fully remote work environment, maintaining ongoing data privacy is challenging due to the increase in both targeted attacks and human error. Users should be instructed to stay away from storing data on a personal device and try to maintain everything in a secure cloud. A decentralized work environment also increases the likelihood of misplacing or losing devices. Preventative measures on these threats include installing software where sensitive data is stored that allows the company to wipe the device, helping create secure connections.
- Public Wifi: Digital identity professionals should remind their employees of the vulnerabilities of unsecure public wifi connections, and give further guidance on how to establish a secure connection.
Potential Paths Forward, What Should You be Doing
Nobody can predict how long these company mandates will continue, but they seem to be our new reality for the foreseeable future. Thankfully, there are some easy paths forward to help increase your company’s data security while ensuring your business’ functionality remains steadfast.
In implementing a security strategy for your remote team, strong authentication should be a baseline standard. Setting up multi-factor authentication, which can be done remotely, should be a priority if not already implemented.
Companies should also begin to understand what is the current of their mobile identity and device intelligence strategy. Working with an end-point security provider to centralize control over the full inventory of devices that are accessing the network at any one point will help you maintain visibility, maintain control, and reduce the potential for human error.
A key takeaway from this paradigm shift is the prioritization of data security – so that companies can be prepared for every situation, even those created by non-digital forces. To foster a secure workforce, corporate leaders need to acknowledge that every employee is a node on their network that can be easily compromised. Leaders should, if not already in place, implement consistent policies and procedures on which users are authorized to access specific data sets. What processes are considered essential and still require on-premise access from designated employees?
On the bright side, this situation gives us an opportunity to rethink digital identity as it pertains to the digital corporate world. It’s become clear that leaders shouldn’t wait until it’s too late to build more robust digital identity infrastructures. The globalization of our economy, compounded by vulnerabilities exposed by the growing Coronavirus illustrates the importance of creating and implementing more robust digital identity infrastructures.
Identity professionals and private industry participants should collaborate to make these technologies more seamless and accessible for the most amount of people. As an industry, it’s all of our responsibility to foster awareness of the potential harms and take advantage of the learnings found from this real-life case study on the impact of shifting our daily norms to a digital workforce.
How has your company personally succeeded or failed in this shift? What next steps are you planning to take? Find us on LinkedIn and let us know – we’d love to hear your personal takeaways.