Tag Archives: authentication

Business Tech, Technology

Securely managing identities, devices, and employee access in an increasingly complex environment

Cybercriminal tactics have evolved, but many attacks remain the same. Ransomware, phishing attacks, and even social engineering targeting emails are not new. But, these tactics continue to be highly successful in penetrating organisational defences. New technologies, such as Generative AI tools, are enhancing cybercriminal strategies. This forces companies to implement a more unified and strategic approach to tackle these issues, particularly around identity, access and device management. The popularity of hybrid working practices, where employees can work from anywhere, has made this approach increasingly critical.

However, humans are still a weak link. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks can provide malicious actors with an easy gateway into secure systems. Social engineering exploits, and the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access.

Despite widespread awareness campaigns, these tactics continue to succeed. This highlights the gap between knowledge and practice, which continues to present a risk to organisations.

To overcome these challenges, companies must implement stringent security measures, such as multi-factor authentication (MFA) or frequent mandatory password changes to lock down access. Yet users often view these as cumbersome or inconvenient. Consequently, employees seek shortcuts that undermine the intended security benefits.

Therefore, balancing security with usability is a continual challenge and organisations must strive to implement measures that are robust, yet user-friendly, ensuring compliance without compromising security.

Growing demand for robust IAM strategies and solutions

Identity and access management (IAM) is essential for business security. This framework of technologies and strategies allows organisations to control access to user systems and data. By regulating access, organisations can increase the security of company systems and documents. Robust IAM strategies and solutions can also prevent unauthorised people from misusing data.

However, rising demand for remote and hybrid work increases device sprawl, as the number and variety of laptops, phones, tablets, and other devices that users need to work effectively only continues to grow. This makes it harder to implement IAM solutions, causing teams to hunt for the holy grail – how to flexibly and securely manage a growing fleet of devices that users rely on.

Simplifying the IT stack, as well as consolidating everything from onboarding, reporting, and device management – not to mention ease of data access for end users – is immensely important to SMEs.

Our Q3 2024 SME IT Trends Report shows that despite their rising interest in centralised IT management, IT professionals continue to juggle several point solutions. Nearly half of respondents (45%) require five to 10 tools to manage employee worker lifecycle; over a quarter (28%) require 11 applications or more; and 10% require more than 15.

Unfortunately, patchwork IT leaves too many holes in the infrastructure that hackers can take advantage of. Plus, multiple point solutions frustrate IT professionals tasked with managing this environment. They want a better, more unified way to manage identity, devices, and access.

But, as the research found, the perfect balance between security and user experience continues to elude IT professionals. Over eight in 10 (84%) would prefer a single platform to manage user identity, access, and security over a mix of best-in-class point solutions.

Increased use of centralised management and biometrics authentication

One of the best ways to manage identity and access and fortify security posture is through centralised IT management. Our research found that when it comes to employees accessing IT resources, 49% say that all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage – but don’t necessarily mandate – the implementation of measures such as MFA.

Increased use of biometric authentication is also a notable trend in 2024. This advanced cybersecurity process verifies user identity with distinctive biological traits, like fingerprints or facial features, and is already used in smartphones, tablets, and laptops.

Biometric authentication is often more secure than other authentication measures because it’s challenging to replicate these unique features. With the proliferation of devices, it’s not surprising that the number of organisations adopting biometrics is on the rise. IT professionals look to introduce additional security without affecting productivity.

Our Q3 2024 research found that biometrics adoption has remained steady, with 66% of SMEs requiring it, a similar figure to our Q1 2024 report. Two thirds of IT professionals agree that their organisation’s security posture would be stronger if biometrics were required. Indeed, as biometric authentication use increases, developers are discovering new ways to optimise the technology and increase its security.

That said, our research found that 95% of respondents use passwords to secure at least some IT resources, despite SMEs adopting tools like MFA, biometrics, and single sign-on (SSO). Whether it’s legacy systems, complicated implementations, or other reasons, only 26% of employees can access all their IT resources with just one to two passwords, whilst 17% have to manage 10 passwords or more.

The need for a unified platform

In today’s modern environment, IT teams are having to skilfully navigate a complex environment often creating their own map as they go. This means ripping up old playbooks and adapting to the changes around them to tackle the most pressing technology challenges, regardless of the uncertainties they face.

Getting the balance right between security and flexibility that users need is a persistent challenge. For SME IT professionals, a unified platform is preferred to easily and securely manage identities, devices, and access across the organisation. Such platforms enable IT professionals to grant users secure and frictionless access, through a single pane of glass, to the resources that their employees need to do their job.

As cyberthreats continue to evolve and artificial intelligence reshapes the digital landscape, keeping identities, access and devices secure will be top of mind for SMEs – but harder to achieve in the complex environment we now operate in.

News

LastPass by LogMeIn delivers enhanced authentication experience for businesses

Employing multi-factor authentication (MFA) when accessing important or sensitive web-based resources is considered a best practice for individuals and businesses looking to maintain protection against cyber-threats. LogMeIn, Inc., a leading provider of cloud-based remote work solutions enabling the work-from-anywhere era, has introduced an improved multifactor authentication experience with the release of an enhanced LastPass Authenticator mobile app, new integrations with top VPN providers, Cisco, Palo Alto Networks, and OpenVPN, and a new MFA admin experience.

Recent research found that 62 percent of IT decision makers believe multifactor authentication (MFA) is the most effective way to secure their remote workforce. With the right MFA solution, employees can enjoy a frictionless login experience while strong security protocols thwart cyber-attacks. The newly released Authenticator app will provide all LastPass users – from individuals to businesses – with one comprehensive application to meet their security needs.

A Single Authenticator App

A free mobile application available to all LastPass users, the LastPass Authenticator provides a second layer of authentication on logins to the LastPass vault, third-party sites, and business applications. This second layer of authentication provides users with the ability to confirm their identity prior to accessing the saved passwords in their LastPass vault. With this update, the LastPass Authenticator will offer a refreshed user interface that now offers search functionality to reduce user complexity and streamline the authentication experience.

New Features for Businesses

Businesses can purchase additional authentication functionality with the LastPass MFA package, which adds an extra layer of security to their VPN, workstations, identity providers, or cloud applications. To empower admins to configure MFA to meet the needs of their organisation, LastPass is consolidating the separate LastPass MFA mobile app into the enhanced Authenticator mobile app. As a result, admins will now only need to require one authentication option to meet a range of their organisations security needs.

New features include:

  • One Comprehensive Authenticator App: A single LastPass Authenticator application eliminates confusion and streamlines control for admins and end users. From a simple push notification to passwordless protection, LastPass Authenticator is a single place for all end user multi-factor login activity to the vault and SSO apps with new search capabilities to streamline secure access.  This enhanced app is currently being rolled out to customers.
  • VPN Integrations with Top Providers: In addition to securing business applications, admins can now add multi-factor authentication to their VPNs to provide an additional layer of security when employees are accessing the network. With new integrations with the top VPN providers, such as Cisco, Palo Alto Networks, OpenVPN, and more, LastPass amplifies endpoint security to reduce the risk of a cybercriminal gaining access to the network. A full list of supported VPN manufacturers can be found here.
  • Seamless MFA Admin Experience: Admins can now add multi-factor authentication protection to their endpoints with a new admin experience that increases visibility and streamlines MFA deployment. This functionality will be available later in Q2.

“When employees are accessing company information outside of the traditional corporate perimeter, it’s critical for IT to ensure the employee logging in is who they say they are,” said Dan DeMichele, LastPass VP of Product Management, at LogMeIn. “With a newly enhanced LastPass Authenticator app, new integrations with top VPN providers, and a refreshed MFA admin experience, admins can seamlessly choose the right level of protection for their organisation, without causing end-user confusion.”

For more information on the LastPass MFA package, please visit LastPass.com