The pandemic has forced a global shift to remote working at an unprecedented scale. Organizations have had to manage the challenge of reducing disruption to their businesses at a time of great economic uncertainty while ensuring that the security protocols typically in place at the office are followed by an increasingly remote workforce.
Despite it being almost two years since the pandemic upended life for all of us, the post-pandemic world still appears to be a dream. Subsequent waves are forcing companies to abandon plans of bringing the workforce back to the office. Many organizations are also realizing that the shift to a work-from-home culture can actually boost productivity.
Organizations must now look to improve the security protocols for remote teams as employees would be using personal devices and networks to do tasks that would have otherwise been done on a secure network. That underscores the importance of setting up MFA for remote employees.
Why is MFA Important For Remote Employees?
No matter where employees work, they need access to an organization’s IT resources in order to do their jobs effectively. When the work environment is fully contained within the domain (generally determined by a physical office space and a managed network, with heavy requirements to leverage VPN access for the occasional remote work), an IT organization has much more control over the security posture of their environment. Physical access to office locations are limited to employees and the occasional temp, contractor or stand-alone vendor meeting, with a layer of physical security protecting the premises in the form of security personnel, cameras and security motion sensors. On top of that, access into and out of the network can be monitored and controlled via strong perimeter defenses like firewalls, internal network monitoring tools and more.
However, with the remote-first environment we currently work within, IT admins have much less control; they cannot determine who comes into an employee’s home, or even dictate that remote workers must always work from their homes and not from someplace else. Though they can try, IT does not have direct control over the routers and modems used by employees in their homes, and they certainly cannot keep business devices separated on a distinct network from the personal devices of the employee and those who live with them.
In short: when the workforce is fully (or primarily) remote, the traditional “castle and moat” security paradigm no longer applies, and the once slow-but-steady shift to Zero Trust Security principles becomes the imperative of the day. The notion that IT should trust nothing, and verify everything is a simple, effective foundation, but (as we’ll discuss further below) when it comes to working directly with end users, adoption can be difficult.
This is why multi-factor authentication is so important for remote employees. It not only adds an extra layer of security to the login process by requiring the user to validate that they are, in fact, who they say they are, but it’s become a familiar security technology in everyone’s personal lives as well, helping to promote adoption and continued use. While that additional factor can vary greatly, from one-time codes sent to through email or registered numbers, accessed via a dedicated app on a mobile device, delivered through a push notification, physical security key, or even biometrics, chances are the workforce has come across and had to implement it.
What are The Challenges Around Setting Up MFA For Remote Employees?
Organizations can choose to require a second factor for authentication when the user logs into a system or an application. However, this is easier said than done when dealing with remote workers. No matter how sophisticated the IT department may be, there are many challenges facing MFA adoption.
Inconsistency Of Available Second Factors
Employees will inevitably need access to multiple applications, environments, and even internally-managed resources to enable them to do their jobs without having to be present in the office. The challenge, though, is that not every system or application is going to support the same set of factors. This leads to an inconsistent experience, as one factor that’s supported by a particular application is not supported by the other. Assuming every resource even supports MFA to begin with, this is going to require employees to remember which resource takes what factor; a difficult proposition to add to the already strained ability to remember multiple passwords.
Setting up MFA for remote employees can prove to be a hassle in such instances as organizations are unable to deploy a uniform MFA solution that keeps it simple for employees to use.
Frustrations Rise During Initial MFA Setup
It’s possible that some employees may run into issues when initially setting up multi-factor authentication. Often they are asked to set up MFA in the process of their first login attempt; it can be too easy for employees to skip this step altogether. But, if they have to set it up before they’re able to actually log in, this can lead to a frustrating experience for remote workers if they are unable to figure out how to set up the second factor.
Employees may also need to acquire additional hardware, depending on the type of MFA used in the organization, which can delay the process of either setting up the factor or using the resource itself. For example, they may have to wait for a physical security key to be shipped to them from the office or key manufacturer, or find that they require a particular application to be installed prior to setup in order to complete the process.
A Noisy Experience
MFA fatigue is the real deal. Remote employees can feel frustrated by having to constantly engage with the MFA challenge. Even if they leave their desk for a minute to grab a glass of water, and the organization’s policy requires a fresh login after the session times out, they may have to go through the MFA process once again just to regain access.
If MFA is dictated by the resources themselves, rather than through an overlay solution, the requirements around how often, and within what timeframe second factors must be submitted will vary, and may be difficult (or impossible) to customize. As mentioned above, an inconsistent experience will hinder adoption and create an incentive to bypass the process.
Inability to “Pop Over” For In-Person Support
The inability to provide employees with in-person support is another challenge that often makes setting up MFA for remote employees very difficult. IT support personnel can rapidly provide in-person guidance when employees are at the office. That’s obviously not possible when they’re working from home.
Organizations then need to set up teams that can provide remote support services. They need to have systems in place that allow IT admins to look at problems and solve them remotely so that there’s no disruption in the work.
Evidently, there are a few challenges when setting up MFA for remote workers, but none is difficult enough to abandon the exceptional security benefits that having a second factor provides. Furthermore, there are solutions that don’t only make the implementation of MFA easy for organizations, but also simplify matters for the users.
What Solutions Easily Deliver MFA To Remote Employees?
The JumpCloud Directory Platform sits at the intersection of devices, identities and access. It provides organizations with the ability to establish a single, secure identity that can be granted secure access to all IT resources. Organizations can rely on JumpCloud’s solution to layer MFA in front of the access transaction of almost any resource they need to: cloud applications, networks, devices including Windows, Mac and Linux, infrastructure and more.
In addition, JumpCloud Protect is a multi-factor authentication app for iOS and Android that comes fully integrated into the cloud directory, providing for a cohesive end user experience without the additional cost of an enterprise overlay MFA solution.
Through JumpCloud IT admins can establish conditional access policies that can relax or enhance the requirements around MFA, based on whether or not an employee is on a trusted device or network, based on the user’s location, or even on a resource-by-resource basis. Admins can even selectively disable MFA for certain apps that the organization categorizes as low risk.
If you’re new to JumpCloud and ready to get started with JumpCloud Protect, then evaluate JumpCloud today! JumpCloud Free grants admins 10 devices and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your JumpCloud account, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.