COVID-driven work changes created turbulence for IT security stakeholders

One Identity released commissioned global survey results that reveal IT and security team attitudes regarding their responses to COVID-19-driven work environment changes. The results shed insight into IT best practices that have emerged in recent months, and how organizations rushed to adopt them to maintain a secure and efficient virtual workplace.

A free executive summary and key findings of the survey results announced today are available online here. Dimensional Research conducted the One Identity-commissioned research, which surveyed 1216 IT security stakeholders between August 20 and September 3, 2020.

According to the survey, IT security professionals universally (99%) said their organizations transitioned to remote work because of COVID-19, and only a third described that transition as “smooth.” Better than six in ten (62%) respondents indicated that cloud infrastructure is more important now than 12 months ago. Thirty-one percent attributed this shift directly to COVID-19. The cloud has become front and center to the new working reality, creating flexibility for employees. These results demonstrate that the previous level of attention to cloud deployments, while notable, does not appear to have been nearly enough to accommodate the dramatic computing shift across organizations.

“This research makes it clearly evident that cloud computing has been a lifesaver for many enterprises as IT teams pivoted and supported the massive shift to working away from offices,” said Darrell Long, president and general manager at One Identity. “While we knew the pandemic-driven changes were sudden, what was particularly notable was how strongly the results proved that organizations had to turn their focus on the immediate challenges presented by the aggressive move to cloud computing, chiefly finding solutions that streamlined administering and securing who has access to what and how.”

Shifts in priorities indicate organizations are turning their focus on tackling the security basics. When compared to 12 months ago, 50% of respondents are placing a higher priority on access request technologies, and 31% said this change in prioritization is because of COVID. Identity/access lifecycle management, identity process and workflow, and role management all saw increased priority among at least half of those surveyed.

Todd Peterson, security evangelist at One Identity, says many security professionals overlooked some basic security practices. "At the beginning of the pandemic, many companies implemented new and creative solutions to deal with the shift to remote work. However, many of these solutions were only a bandage and didn’t suffice for the long-term remote work landscape. What’s alarming about how unprepared security professionals were was how poorly many organizations handled the authorization needs required to secure the remote workforce."

Peterson adds, "In the scramble to enable users to work remotely, many security professionals paid little attention to the strength and weaknesses of its network permissions. Their effort to ease the transition resulted in many organizations over-provisioning users. Due to this inefficiency, 50% of IT security professionals stated that they’re now placing a higher priority on access request technologies compared to a year ago. Additionally, over half of security professionals have increased their prioritization of identity/access lifecycle management and identity processes and workflows. These technologies are the key to creating a holistic cybersecurity strategy that not only secures an organization's endpoints but factors in how an employee’s access could allow a cybercriminal to infiltrate the network. "

Perhaps shell shocked, only 45% of IT security professionals indicated they are prepared for the IT changes necessary when their employees move back to organizations’ offices, according to survey results. Yet, two thirds (66%) expressed increased confidence in the effectiveness of their identity management programs post COVID-based changes.

"According to our research, 55% of security professionals don’t feel fully prepared for the account changes necessary to return to the office. This can be due to a variety of factors, including the challenges that come with securing the distributed workforce that will result from the pandemic. The remote workforce has already created a variety of holes in organizations perimeters, that many are still working to secure. However, a distributed workforce creates an even wider attack surface," Peterson says. "The security professionals that are better positioned for the transition back into the office are the ones that have put identity at the center of its security strategy. Luckily, 56% of security professionals are more confident in their identity management program, meaning they’re already a step ahead of where they were in March. I predict that even after we transition back into the office there’s going to be another disruptive change to the way we work. Knowing this, I recommend that security professionals have a plan in place to deal with another drastic change so it doesn’t have to sacrifice its security to address another unexpected event. "

Peterson explains, "COVID-19 has drastically changed what a perimeter is. With everyone working remotely, firewalls and VPNs can’t defend an organization's corporate network, but employees can. Meaning that companies need to make identity their new perimeter. As a section of the network that remains consistent, no matter where it’s employees are working from, identities are now the root of cybersecurity. To place the concept of identity at the center of organizations’ security strategy they need to make governance an essential element of every task. Governance is focused on the why behind the task versus how the task is done. With a deep understanding of why its security procedures are in place, security professionals are better positioned to maintain security, regardless of the amount of changes in its business strategy."

An in-depth analysis of the survey study - “And the Survey Says: Insights gained from the annual One Identity Global Survey” presented by Todd Peterson, IAM Evangelist - will be presented during the live session of One Identity’s UNITE virtual user and partner conference, starting at 11 am EST/5 pm CET on November 10, 2020. Registration is free through the online site.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.