When looking to keep a remote workforce secure, IT admins need to evaluate their current identity and access management (IAM) toolkit and address any potential holes in how they remotely manage devices and control what those devices and users can access. In order to optimize remote worker security, you may need to consider a new tool to cover your needs.
Breaking Down the IAM Toolkit
The first place to consider when optimizing remote worker security and uptime is the focal point of their work: their system.
An end user’s device is the gateway to access all of their other IT resources. Although it can be used remotely with little effort on the part of the end user, the device is subsequently out of IT’s direct control, making it more susceptible to attack if stolen or otherwise compromised.
As such, IT admins need to be able to leverage the cloud to tightly manage each remote system, establishing device trust through security policies and enhancing performance by making sure that the system is properly updated and configured. When it comes to actually managing these requirements, however, many IT organizations using traditional IAM infrastructure find they are ill-equipped to do so.
After all, many traditional IAM tools are built with a specific operating system in mind, and often are designed to solely tend to devices and resources that operate on-premises. To make up for these struggles, organizations often find themselves spending too much on a wide range of IAM services to keep up with the current IT landscape.
IT organizations need to seek out IAM solutions that they can use to manage any system — regardless of location or OS. This all-in-one type of solution should include the ability to enforce:
- Strong, complex passwords
- Multi-factor authentication (MFA)
- Full disk encryption (FDE)
- Other system policies such as screen lock and scheduled OS updates
While not an extensive list of requirements, these are certainly important items to consider, and should be key criteria when finding a solution to manage devices across your remote workforce.
Once the device is taken care of, IT organizations next need to focus on the other resources remote workers will need to access. These include on-prem infrastructure and files, as well as all of the cloud-based tools they may use, such as SaaS apps and IaaS solutions.
IT organizations need to make sure they have certain measures in place to ensure that access to these resources is available for remote workers. These include:
- VPNs: Create encrypted tunnels to access resources remotely and to protect internet access on public networks
- SSH keys: Use 2048-bit cryptographic key pairs made up of a public and private key to securely authenticate server/infrastructure access
- Authentication: Implement LDAP, RADIUS, SAML, and other protocols that authenticate identities when accessing an app or network from the core directory
All of these tools promote secure access to remote IT resources, but all also require an identity in order to authenticate. For most organizations, this identity stems from an on-prem directory service. Unfortunately, many on-prem IAM tools require a direct connection (i.e. each IT resource must have a clear path back to the IAM tool), which presents an issue if the IT admin themselves are also working from home.
In order to remotely control access, IT organizations need to leverage cloud IAM tools that either replace or extend their existing IAM infrastructure. Although it may seem daunting, there are cloud IAM solutions on the market today that provide both remote access control and device management through an all-in-one platform.
Using an all-in-one tool, IT organizations can cut down costs spent on a collection of best-of-breed solutions that achieve a similar goal. Additionally, dealing with only one vendor means less time spent dealing with vendors in general, as well as less end user training, meaning more time to roll out other remote work policies and plan for the future.
Now is the time to reassess your IT environment and identify any gaps that you may have in your processes. If you’re unsure where to start, contact us; we can help. As experts in the transition to a fully remote and secure workforce, we can help you evaluate your cloud IAM needs, and point you in the direction of resources and tools that you can use to make the shift, such as our Admin’s Guide to Working from Home.