The COVID pandemic has accelerated the shift to a remote work or hybrid work environment. According to recent research, it is estimated that by 2030 there will be a 30% increase in the number of remote workers. In the absence of an arduous daily commute, employees now contribute a decreased carbon footprint due to reduced auto and public transit; in some cases, this reduction can be up to 80 percent. With the flexibility of creating schedules to accommodate the most effective working hours, remote workers enjoy a boost in productivity. As we have seen during the last couple of years, the work-from-home model is moving toward a state of permanence.
While the benefits have been plentiful, the workforce transformation has introduced new challenges in enforcing security. The challenges stem from the following factors:
These conditions necessitate a robust and fast method of authentication and authorization to enable remote workers to securely connect to applications, networks, and databases. OpenIAM provides a number of features that can help remote workers interact with corporate resources safely. As a first step, OpenIAM’s Identity Governance functionality can be leveraged to ensure that only the right level of access has been provided for each user at the right time. This foundational step will help manage what a user can gain access to.
For organizations that already have a VPN infrastructure in place, OpenIAM provides RADIUS-based authentication. VPNs such as Fortigate can be integrated with the RADIUS service in OpenIAM to allow VPN users to transparently authenticate against OpenIAM in the background. The benefits of this approach are that it allows organizations to take advantage of the following functionalities in OpenIAM:
The credential provider from OpenIAM replaces the default authentication interfaces on Windows desktop, server and MacOS. This functionality has been a part of OpenIAM for many years. Initially, it was largely used by admins to improve security while logging into Windows.
During the pandemic, we have seen customers take advantage of the credential provider to improve the security associated with remote workers. The credential provider is configured to authenticate against the OpenIAM IdP; in doing so, a variety of functionalities are introduced while authenticating into Windows or MacOS:
At one of our customers where users are issued corporate laptops, each user’s profile is updated with the laptop’s serial number in OpenIAM during the laptop build process. When users authenticate, the system validates that they are using the laptop that was issued to them. It also checks where the user is located. Evaluating these two factors along with using MFA (the OpenIAM mobile app with push notification) significantly improves the security surrounding authentication. Customers are not limited to the OpenIAM app — they can also leverage FIDO 2 authentication, OTP over SMS, e-mail or IVR in their desktop authentication.
In the event the user has forgotten their login credentials, the credential provider also exposes the self-service password reset functionality in OpenIAM allowing users to help themselves and improve productivity while reducing the number of help desk calls.
The shift to a distributed workforce has brought about a myriad of benefits while also introducing concerns. OpenIAM provides a credential provider and integration with RADIUS to address the precarious security challenges that accompany the work-from-home model and has a long-term commitment to further secure remote workers. The next release of OpenIAM will include machine learning during authentication, and subsequent releases will include a risk engine and account take over detection functionality.