Tag Archives: IAM

Business Tech, Technology

Securely managing identities, devices, and employee access in an increasingly complex environment

Cybercriminal tactics have evolved, but many attacks remain the same. Ransomware, phishing attacks, and even social engineering targeting emails are not new. But, these tactics continue to be highly successful in penetrating organisational defences. New technologies, such as Generative AI tools, are enhancing cybercriminal strategies. This forces companies to implement a more unified and strategic approach to tackle these issues, particularly around identity, access and device management. The popularity of hybrid working practices, where employees can work from anywhere, has made this approach increasingly critical.

However, humans are still a weak link. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks can provide malicious actors with an easy gateway into secure systems. Social engineering exploits, and the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access.

Despite widespread awareness campaigns, these tactics continue to succeed. This highlights the gap between knowledge and practice, which continues to present a risk to organisations.

To overcome these challenges, companies must implement stringent security measures, such as multi-factor authentication (MFA) or frequent mandatory password changes to lock down access. Yet users often view these as cumbersome or inconvenient. Consequently, employees seek shortcuts that undermine the intended security benefits.

Therefore, balancing security with usability is a continual challenge and organisations must strive to implement measures that are robust, yet user-friendly, ensuring compliance without compromising security.

Growing demand for robust IAM strategies and solutions

Identity and access management (IAM) is essential for business security. This framework of technologies and strategies allows organisations to control access to user systems and data. By regulating access, organisations can increase the security of company systems and documents. Robust IAM strategies and solutions can also prevent unauthorised people from misusing data.

However, rising demand for remote and hybrid work increases device sprawl, as the number and variety of laptops, phones, tablets, and other devices that users need to work effectively only continues to grow. This makes it harder to implement IAM solutions, causing teams to hunt for the holy grail – how to flexibly and securely manage a growing fleet of devices that users rely on.

Simplifying the IT stack, as well as consolidating everything from onboarding, reporting, and device management – not to mention ease of data access for end users – is immensely important to SMEs.

Our Q3 2024 SME IT Trends Report shows that despite their rising interest in centralised IT management, IT professionals continue to juggle several point solutions. Nearly half of respondents (45%) require five to 10 tools to manage employee worker lifecycle; over a quarter (28%) require 11 applications or more; and 10% require more than 15.

Unfortunately, patchwork IT leaves too many holes in the infrastructure that hackers can take advantage of. Plus, multiple point solutions frustrate IT professionals tasked with managing this environment. They want a better, more unified way to manage identity, devices, and access.

But, as the research found, the perfect balance between security and user experience continues to elude IT professionals. Over eight in 10 (84%) would prefer a single platform to manage user identity, access, and security over a mix of best-in-class point solutions.

Increased use of centralised management and biometrics authentication

One of the best ways to manage identity and access and fortify security posture is through centralised IT management. Our research found that when it comes to employees accessing IT resources, 49% say that all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage – but don’t necessarily mandate – the implementation of measures such as MFA.

Increased use of biometric authentication is also a notable trend in 2024. This advanced cybersecurity process verifies user identity with distinctive biological traits, like fingerprints or facial features, and is already used in smartphones, tablets, and laptops.

Biometric authentication is often more secure than other authentication measures because it’s challenging to replicate these unique features. With the proliferation of devices, it’s not surprising that the number of organisations adopting biometrics is on the rise. IT professionals look to introduce additional security without affecting productivity.

Our Q3 2024 research found that biometrics adoption has remained steady, with 66% of SMEs requiring it, a similar figure to our Q1 2024 report. Two thirds of IT professionals agree that their organisation’s security posture would be stronger if biometrics were required. Indeed, as biometric authentication use increases, developers are discovering new ways to optimise the technology and increase its security.

That said, our research found that 95% of respondents use passwords to secure at least some IT resources, despite SMEs adopting tools like MFA, biometrics, and single sign-on (SSO). Whether it’s legacy systems, complicated implementations, or other reasons, only 26% of employees can access all their IT resources with just one to two passwords, whilst 17% have to manage 10 passwords or more.

The need for a unified platform

In today’s modern environment, IT teams are having to skilfully navigate a complex environment often creating their own map as they go. This means ripping up old playbooks and adapting to the changes around them to tackle the most pressing technology challenges, regardless of the uncertainties they face.

Getting the balance right between security and flexibility that users need is a persistent challenge. For SME IT professionals, a unified platform is preferred to easily and securely manage identities, devices, and access across the organisation. Such platforms enable IT professionals to grant users secure and frictionless access, through a single pane of glass, to the resources that their employees need to do their job.

As cyberthreats continue to evolve and artificial intelligence reshapes the digital landscape, keeping identities, access and devices secure will be top of mind for SMEs – but harder to achieve in the complex environment we now operate in.

Cybersecurity, IoT, News, Tech

Device Authority launches KeyScaler Edge to address Edge IoT security challenges

Device Authority, a global leader in identity and access management (IAM) for the Internet of Things (IoT), today announces it latest major software release which includes KeyScaler Edge.

Today’s market is driving a more mature Edge computing model with localized AI and ML becoming more mainstream. However, no solution exists today to address localized Edge gateway IoT security services. Organizations require automation for Edge deployments to drive efficiency at IoT scale. This includes:

– Security lifecycle management
– Device bound identity
– Leaf device authentication and authorization to edge gateways
– Zero touch onboarding and registration
– Automated credential management

Additionally, organizations still need to meet compliance and regulatory adherence for private local network deployments. Safety, confidentiality, data theft/privacy, brand reputation, revenue protection is important for edge deployments.

“We’re delighted to bring KeyScaler Edge to the market and help our customers with their IoT edge deployments. Our BETA program has been a success within healthcare, retail and transport sectors, and we’re regularly speaking with companies who have experienced similar challenges and see KeyScaler Edge as the solution,” said Darron Antill, CEO of Device Authority.

KeyScaler Edge is the first device identity centric IAM to address the complex end-to-end challenges of IoT security lifecycle management at the Edge. It is a lightweight version of KeyScaler that is created specifically for Edge nodes, with the ability to register, authenticate, and provision certificates and tokens to devices in the local network, independent of an available internet connection.

“KeyScaler Edge gives technical, security and operations teams the confidence that their IoT devices won’t lose robust security when no connection to the cloud is available,” said James Penney, CTO of Device Authority. “We’ve developed the functionality to support any public and private CA, as well as provide central reporting and management of all certificates and central visibility of Edge and Leaf node relationships. As Edge becomes mainstream customers are asking for Online and Offline capability and for KeyScaler to solves the associated security challenges,” he added.