Thank you for your interest. We Will Contact You Soon...
Your email ID is already registered with us.
The Importance of IAM in the Context of the COVID-19 Pandemic
Identity Management, Risk and Compliance - July 11, 2022
During the COVID-19 pandemic, Cloud technologies played a critical part in ensuring business
continuity. Without them, businesses would have struggled to facilitate remote work and
eventually adhere to lockout procedures. While cloud computing enabled organizations to address
the issues posed by coronavirus, it also resulted in a massive rise in the number of people they
must manage. As a result, identity and access management (IAM) has taken on a new level of
importance. In this blog, we will look at IAM from the context of the pandemic and discuss its
present state and future promise.
Pandemic Induced IAM challenges
Due to the rise of remote work following the coronavirus pandemic, organizations' capacity to
handle user identification and access control has become a serious concern. It is especially
widespread in businesses that were not prepared for large-scale remote work yet have ended up
with a complicated array of trusted, known devices and a considerable quantity of unknown assets
in their networks. With such a diverse variety of endpoints that are not subject to the same
network security or company standards, safely managing access to digital assets becomes
According to a survey by Proofpoint, 95% of cyberattacks involve human interaction. A common
method of data leak is through privileged access. According to the 2020 Insider Threat Report,
63 percent of enterprises view privileged IT users as the primary threat. Another report by IDSA
sheds more light on the impact of pandemic on enterprise identity security. The following are
the key pointers:
83 percent stated that remote work as a result of COVID-19 has resulted in an increase in
the number of identity issues.
Eighty percent report that the transition to remote work has resulted in a greater
emphasis on identity security.
Confidence in an organization's capacity to safeguard employee identities has decreased
from 49% to 32% during the last year.
At least 70% state that in the last two years, they have begun implementing or planned
identity-related security outcomes.
Over the next two years, 97 percent of companies will invest on identity-related security
93 percent feel that by utilizing identity-related security outcomes, they might have
prevented or mitigated security breaches.
The development of remote work has fundamentally altered how people operate, rendering
traditional security measures ineffective. For example, it has compelled some workers that carry
poor cyber hygiene to utilize new cloud-based collaboration tools, which might result in
employees reusing corporate user credentials to access less secure sites. Additionally,
enterprise-level protection provided by corporate firewalls and controls may be ineffective when
remote access is provided via residential networks, making perimeter-based strategies for
enterprise network security less effective.
A Crisis (Pandemic) Resistant Identity and Access Management Solution
A crisis resistant IAM tool must meet the following five criteria:
Increased Scalability and Adaptability:
Majority of firms have a predictable and
consistent number of employees and business partners who require access to their enterprise
systems. This simplifies the process of sizing the servers, storage, and networks required to
support expected traffic levels. However, the number of clients requesting such access is not
just significantly greater, it is also more volatile. An increase in demand can occur as a
consequence of events such as Christmas shopping, new product debuts, promotional events, and
travel restrictions caused by health or other situations. To swiftly respond to these spikes in
demand with a sub-second response time, organizations require a cloud-based infrastructure built
on a serverless and containerized architecture. Additionally, IAM systems can address the
requirement for constant change by implementing an application programming interface (API)
approach that provides the customisation necessary for optimal and individualized user
Providing a Unified Experience:
The most frequent failure we find in digital
interactions is inconsistent data as customers go from a Web chat to a phone call or a mobile
application to complete a transaction or address a problem. They may be required to repeat or
resubmit their name and account number, or they may encounter conflicting information, such as a
planned repair time, when they go between service channels. This lack of uniformity across
channels also makes it more difficult for employees to give a cohesive experience to consumers,
as they are forced to consult different systems to obtain the most up-to-date information.
Numerous firms struggle to easily combine data from customer relationship management, marketing,
service, and credit scoring platforms. Neither the consumer nor the staff attempting to assist
them can quickly obtain a comprehensive perspective of their interactions with the business.
This increases customer service expenses and complicates determining which items or services can
be provided to each consumer. An ideal IAM solution should be designed on an open,
standards-based platform that enables easy integration. This significantly simplifies the
process of utilizing the customer's context to acquire data from all relevant apps without
resorting to costly and time-consuming bespoke integration.
Increased Personalisation Based on Events:
The more information merchants have
their consumers, the more effectively they can target them with products, services, and special
offers. However, few customers will take the time to complete extensive questionnaires on their
first visit to a website, or even on their first purchase. Efficient identity and access
management platforms, such as ISSQUARED's ORSUS, allow event-driven personalization strategies
such as dynamic profiling, which gradually accumulates personal consumer data over time. For
example, a merchant might ask a client for missing profile information based on their
satisfaction index (such as a successful support contact or purchase) by coupling the ask with a
Strict Adherence to Privacy Laws:
In many nations, customers have significantly greater
control over their personal data than employees have ( e.g., GDPR and CCPA). This means that IAM
systems must be able to handle consumer consent for data usage and privacy, as well as their
choices for how and when they receive messages. Such platforms should have audit tools that
enable them to track where such data is held and how it is utilized, as well as notify consumers
when their data is abused or hacked. Additionally, customers must be offered the option to
refuse the use of their personal information.
Extremely Thorough Security Measures:
Any IAM project should be supported by a strong
security architecture and roadmap. A strong identity and access management (IAM) vendor, such as
ISSQUARED Inc., handles new and developing security needs. Outdated client identity verification
approaches check a user's identification without requiring them to produce formal documents.
They achieve this by utilizing data from outside the company (such as automobile registration or
birth information). An effective IAM platform would enable enhanced and seamless client
verification using approaches such as online identity proving and BYOID. Online identity
verification verifies government-issued evidence of identification against external sources
using advanced digital tools. It is critical to offer adaptive access, which allows users'
access to be restricted based on their circumstances.
Integrating Zero Trust Concepts into Your IAM Strategy
We have entered a new age in which technology enables employees to work from anywhere and
anytime. The zero-trust security paradigm is a solid candidate for creating the appropriate tone
for ongoing, persistent, and flexible access management. The technique has gained widespread
acceptance during the last decade. The zero trust principles are intended to alleviate the
dangers inherent in a large, dispersed company. Many of the most modern technologies on the
market enable these concepts, allowing for continuous verification of all interactions between
anything and anybody desiring to connect to corporate networks and access a company's data. This
mandates the use of a matrix model to microsegment the network, making it more difficult for
attackers to move laterally through a company's infrastructure after it has been compromised.
Additionally, businesses are increasingly relying on sophisticated behavioural analytics to
identify abnormal user behavior and therefore improve their detection of both internal threats
and advanced assaults.
While zero-trust principles are extremely effective for managing identity and access, they may
be difficult for enterprises to adopt. A mix of antiquated technology limited holistic network
visibility, and deeply ingrained security rules that resist automation and continuous
verification make zero trust implementation extremely challenging.
Making Identity Our Perimeter Security
The coronavirus pandemic has altered how we think about perimeter security. With employees
working in remote locations, firewalls and VPNs are incapable of defending an organization's
corporate network; but employees can, which means that businesses must make identification their
As a component of the network that remains consistent regardless of the location of employees,
Identities are now at the heart of cyber security. Simultaneously, governance has become an ever
more critical concern. To make identification a central component of organizations' security
policies, they must make governance an integral part of every work. Governance is concerned with
the why behind the job rather than the how. With greater knowledge of why security processes
exist, security personnel are better equipped to sustain security regardless of how much
corporate strategy changes. However, given the uncertain future of work, organizations must be
prepared for the additional change from a cyber security standpoint.
Our workforce's mobility must be reflected in the fluidity of our access control systems for
company data. Dynamic adaptability to changing conditions is a critical design criterion for a
robust IAM system.
How are we to going attain this adaptability? Utilizing already-developed intelligent
technologies could be helpful. Machine learning is an example, although this is not confined to
capabilities associated with artificial intelligence. Rules of operation that affect system
behavior are an overlay of IAM that give the amount of control required in a complex business
setting with fluid workforces in an unpredictable world. Having a design that adheres to zero
trust principles combined with adaptive rules, tasks such as continuous verification, threat
intelligence that overlay an IAM enables a solution that works for everyone: workers,
non-employees, and gadgets.
The problems that have arisen throughout this pandemic are not novel. COVID-19 has only brought
them into clear focus. Work is expected to continue adapting to the new world order: with
decreased travel due to pandemic and home working; an increase in the use of freelancers and
consultants for non-employee assistance; and unpredictable economic conditions are likely to
result in an unstable employee base.
Our access control mechanisms must evolve as well, and the moment has come to assess how a
company is adapting to an uncertain situation like the pandemic.
Surya Jatavallabhula is a Cyber Security and Risk professional with an extensive history in
Banking, Biotech, Medical,
and Education sectors. Surya has played various roles under security domains including CISO,
Security Partner/SME for
Information and Cyber Security, DevSecOps, Risk Management, Data privacy, Enterprise Security
Data Architecture, Technology Risk, and Portfolio Management after graduating in MS Risk
Management from Stern School
of Business, New York University, U.S and M.B.A from Leeds University Business School, U.K.