Nearly a year into the largescale remote work experiment compelled by the coronavirus pandemic, most people have reconciled that no matter what lies ahead, it won’t be the old normal. Evolving Privileged Identity Management (PIM) In The Next Normal is a recent Forrester Consulting study (commissioned by BeyondTrust) that spotlights how the expanded remote workforce is impacting security and how organizations are adapting to secure themselves in the post-COVID Era. The study is based on a survey of 320 IT and security decision-makers across North America, Europe, and Asia.
In this blog, I highlight some key findings and recommendations from the study.
Securing Today & What’s Next
The pandemic abruptly sent IT organizations worldwide scrambling to enable remote work for their employees and vendors. The urgency often resulted in hasty shortcuts that created dangerous security exposures. Cyber attackers didn’t miss a beat. They rapidly honed their methods to exploit insecure remote access pathways, BYOD, and the use of unproven or inadequately hardened tools meant to enable remote workers.
Unsurprisingly, 83% of IT/security decision-makers surveyed in the new Forrester Consulting study say the rise in remote workers increased their cyber risk. Of course, 2020 was capped off by one of the most spectacular and devastating cyberattacks ever, the full implications and scope of which may not be grasped for years.
Even pre-pandemic, IT environments were trending toward decentralization, making them harder to defend and creating new attack vectors. With remote work now expected to become a fixture long after the COVID-19 pandemic subsides, many organizations are rethinking how to better secure their networks for the long term. While IT and security decision-makers expect 42% of workers to be primarily remote post-pandemic, two-thirds feel underprepared for a significant increase in a permanent remote workforce. Preparing for an increasing remote workforce was the top security priority for survey respondents for 2021.
COVID-19 & the Next Normal: Accelerating the Need For PIM
Prior to the pandemic, Forrester estimated that privileged credentials are implicated in at least 80% of data breaches. The study states, “Attack surfaces for privileged access have expanded since the surge in remote working; shrinking them needs to be a top concern for organizations.”
One pervasive challenge is that many remote access technologies now being used by remote workers—whether employees or third-parties—do not provide adequate security. The Forrester Consulting study asserts, “Relying on perimeter-based network security and legacy remote technologies like VPN for remote access does not provide the granular identity-based security that is needed when the workforce — and the apps, data, and infrastructure they are using — could be located anywhere.” Moreover, using technologies like VPN for BYOD and home networks can also open up compliance and security issues.
When it comes to PIM, IT and security decision-makers in the survey reported:
- Their top PIM challenge is the increase in users requiring privileged access
- Their organization will experience more privileged sessions over the next two years (76%)
- The increase in privilege users is largely because more users will need to be treated as privileged, thanks to remote access (60%)
- PIM plays a crucial role in securing remote workers (91%)
- Their organization will invest more in PIM over the next two years (86%)
While organizations overwhelmingly (91%) recognize the pivotal role privilege management plays in securing remote workers and the enterprise, and plan to invest more in it (86%), only 2% of decision-makers indicate that they currently have a mature, holistic PIM implementation in place. For instance, only 37% are applying privileged escalation and delegation management, which is an essential piece of enforcing the security best practice of least privilege.
While the security and compliance benefits of privilege management are well established, the productivity-enhancing benefits are less well publicized. Survey participants cited improved IT administration efficiencies as the top benefit of PIM, even above that of improving security. IT system synergies and improved user experience also ranked highly as benefits.
We routinely hear about these productivity-enhancing benefits of privilege management from our BeyondTrust customers, however, they may come as a surprise to those organizations early in their privilege management journey. Don’t overlook the ability of privilege management automation (asset discovery/onboarding, credential rotation, credential injection, just-in-time access, privilege elevation/delegation, AD bridging, etc.) and integrations (ITSM, IAM, SIEM, etc.) to minimize your cyber risk, cut down on IT tickets, and help your IT and other users be more productive.
On the other hand, as Forrester Consulting notes toward the end of the study, immature and incomplete PIM practices can hamper the ability of organizations to adapt and impede their digital transformation progression.
To access the full survey results and benefit from Forrester’s analysis and key recommendations, download the study.
Learn More About BeyondTrust
BeyondTrust’s Universal Privilege Management approach entails securing every privileged user, session, and asset. Our holistic approach condenses the attack surface, limits lateral movement, and protects against any type of threat actor—whether insider, external attacker, machine, malware, or human. BeyondTrust secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. Our products enable the right level of privileges for just the time needed, creating a frictionless experience for users that enhances productivity.
To learn more, contact us today.
Matt Miller, Director, Content Marketing & SEO
Matt Miller is Director, Content Marketing at BeyondTrust. Prior to BeyondTrust, he developed and executed marketing strategies on cybersecurity, cloud technologies, and data governance in roles at Accelerite (a business unit of Persistent Systems), WatchGuard Technologies, and Microsoft. Earlier in his career Matt held various roles in IR, marketing, and corporate communications in the biotech / biopharmaceutical industry. His experience and interests traverse cybersecurity, cloud / virtualization, IoT, economics, information governance, and risk management. He is also an avid homebrewer (working toward his Black Belt in beer) and writer.