Work from home is here to stay. With the WFH workforce expected to double in 2021, executives are increasing their efforts into building secure, productive remote employee experiences. Optimizing this growing model begins with ensuring strict identity verification and centralized authentication, made possible by tightening integration strategies around work-from-home applications to create frictionless and secure user experiences.
To provide understanding into what major organizations are planning, we interviewed Chief Information Security Officers from six large enterprise companies across several industries on their top app integrations plans for 2021. Here’s a summary of their insights, along with a look at key security initiatives they are focusing on for the new year.
When it comes to security initiatives, e.g., Zero Trust, Passwordless and Remote Workforce, how would you rate these initiatives in matters of importance in 2021? Why?
Overwhelmingly, the CISOs surveyed cited “remote workforce” as the top priority in the coming months. Not only are enterprises seeing a massive shift to remote work, but they are also bringing on a large number of vendors and contractors who are remote. One executive from the manufacturing industry summed it up thus:
“Remote Workforce is the clear winner given the times we’re in. COVID-19 has certainly accelerated initiatives around digital transformation, remote workforce support and digital strategies to allow work from various devices. The state of the workforce in general has been moving more remote already, given new generations of employees expecting more flexibility from a location and device perspective. We have to make sure as a security industry we are adapting to this shift, and providing mobility strategies to support a remote model.”
This is not to say Zero Trust and passwordless are being ignored; both are key security strategies that continue to take priority with this group. In a WFH world, the CISOs generally agree that Zero Trust capabilities are needed to manage hundreds of enterprise applications. One mentioned that continuing to adopt strategies around Zero Trust is important for employee retention as the remote workforce becomes natural, inherent and expected.
Access friction was mentioned several times as a large issue. While one CISO from the financial services industry said removing passwords as a point of friction and risk is a desired end state, they pointed out that to be truly frictionless—i.e., passwordless—you need a true authentication platform, which helps enable a company to take a user-centric view on security and align that view to the assets they are trying to protect.
As one healthcare executive put it,
“We have been moving down the remote work path, but COVID greatly accelerated our journey to the point where we believe, long-term, remote work is our future state. Due to this, we consider Zero Trust and Passwordless to be part of the remote workforce. So Remote Workforce would be the umbrella with Zero Trust and Passwordless being two high-priority improvements for our remote workforce.”
Lastly, one CISO in insurance described the main cybersecurity initiatives their enterprise will continue to focus on:
- Cloud Security. Properly protecting and managing environments as more IT capabilities move to the cloud.
- Evolving the managed trust model (right person, right access, right time) and putting an emphasis on digital identity lifecycle, which is considered a cornerstone of a robust and resilient program.
- Application Security. Protecting applications from vulnerability exploitation by threat actors.
- Insider Threat. Enhancing capabilities to detect and prevent insider threats.
- Vulnerability Management. Ensuring consistent identification, prioritization and remediation of vulnerabilities.
Of those initiatives, which business applications and infrastructure solutions are critical for a seamless and secure user experience?
Large enterprises face complex remote work challenges in 2021 because of their workforce size and extensive application portfolio. When a company has several hundred SaaS apps, as one education executive pointed out, the challenge is to get those identified and onboarded into single sign-on. The CISO went on to say that a lot of shadow IT has come out of the woodwork, and authentication is needed to leverage cloud-native platforms.