For many, the workplace is more than just one office, building or facility. Some employees spend their entire workday on the go, out in the field, or on the road. Regardless, there is one common thing that everyone needs: an identity and an identity-based credential to gain access to the workplace. Identity is the new perimeter, and it defines how people access the workplaces and applications that are needed to do their jobs. Organizations must learn how to digitally transform the management of identities and the associated digital and physical access credentials for the workplace, big or small. This requires an understanding of the differences in technologies used for authentication as well as identification and emerging trends that are here to stay.
Streamlining Access to an Evolving Workplace
For years, security was perceived to be solid if gaining access to enterprise resources simply required more steps. This is a misconception that has created a large gap between real and perceived security. In fact, the harder it is to gain access, the more users will do everything in their power to circumvent security measures. This is particularly true for digital journeys, such as when employees are attempting to access corporate systems, networks or databases either remotely or on-site – they have gotten used to quick and seamless online access to their consumer accounts outside of the office and expect the same in the workplace.Complicating the picture, today’s workplace is now a fluid environment that is no longer limited to a single location or network. Its security perimeter is changing and organizations face many challenges managing access to it. They must learn how to address new workplace security challenges, including how to trust and manage visitors, employees, contractors, vendors and more.
Even before the pandemic altered the landscape of people’s day-to-day lives, there was a shift in workplaces. Secure workplace access was already becoming less defined by the physical perimeter of the workplace. Identity became the new – and in many cases, only – perimeter. This perimeter must be protected through a new approach to physical identity and access management that unifies both physical access as well as cyber/IT access. To establish identity management for a secure, safe, and productive workforce, there are three foundational areas where this approach must be applied: 1) credential management; 2) multi-factor authentication, and 3) secure visitor management.
Secure Visitor Management
A more hybrid workforce, which is not permanently office-based, requires a new generation of visitor management solutions able to handle multiple different types of visitors to a site, including contractors and employees as well as customers, suppliers and partners.
Today’s unified physical identity and access management solutions improve the visitor experience through pre-registration and automated check-ins and outs that reduce wait times, and the ability to customize the visitor experience and security measures while benefitting from automated policy compliance.
These solutions have been used during the global pandemic to welcome visitors back into the workplace, enabling organizations to go touchless with self-service visitor badging kiosks and to automate wellness and other screening questionnaires. For instance, mandatory pop-up questions can be added to the visitor check-in process that helps identify anyone who may need further screenings, and the system can further mitigate risks by automatically maintaining an auditable trail of activity. The same capabilities are important for contractors, vendors and employees. Organizations can monitor and analyze the activity of everyone on the premises in the event there is a COVID-19 outbreak. This simplifies the retrieval of historical visit reports and makes it easier to generate a timeline of who was in the workplace, where they were and when they were there. They also automate and enforce continuously evolving compliance with visitor access and policy-based registration, ensuring the same safety and security steps are consistently followed by everyone, across all offices at any time.
Key features to look for include a single dashboard providing useful visitor insights, and compliance with General Data Protection Regulation (GDPR) and other privacy regulations. The solution should also enable hosts to be notified when guests arrive and request a visit, check-in and out, and more, via SMS text message or email. They should feature configurable workflows to support all specific screening requirements, on-site or pre-registration and trigger additional workflows when needed. Finally, the solution should streamline subsequent visits by capturing, storing, and editing an unlimited number of identities in a centralized database, and enable organizations to check visitors against internal and/or external watchlists.
These capabilities apply, of course, to businesses that are occupying the physical workplace. Remote work must also be supported and flexibility is critical. This requires an enterprise-grade, cloud-based authentication solution that makes it easy to support employees who need to access enterprise resources, whether they are in the office or not.
Easy-to-Deploy Authentication
Improving remote work security by adding multi-factor authentication to a unified physical identity and access management solution does not have to be complicated. It should be fast and easy to deploy, and intuitive for end-users. Several authentication form factors and methods should be supported, providing enough choice to select the one that best fits the organization's unique security needs.
The stakes are high. The majority of cybersecurity attacks seem to rely on using weak passwords to breach company systems and data. Passwords cause a variety of significant problems for end-users and security managers, alike. First, every website account, online asset or secure service typically requires a password, meaning users need to track and manage dozens or hundreds of them. Plus, different accounts have different password rules, and because they are hard to remember, they are often extensively duplicated and reused across services. Previously hacked passwords appeared on the Dark Web where hackers can gain access and use them in future attacks. In short, passwords are a major compromising factor in security and are quickly being replaced by passwordless authentication.
Multi-factor authentication solutions protect applications and data by requiring a second validation via, for example, a mobile app to verify user identity before granting access. Mobile push authentication is particularly useful, enabling users to log in securely with a simple swipe of their phone, to quickly authenticate to prove their identity before accessing protected applications. The process is just as quick as denying a fraudulent login attempt. Users can easily stop malicious attempts to access company apps and data with a swipe to decline access. Additionally, simple mobile push authentication combined with complete Identity and Access Management (IAM) solutions provides deeply secure authentication based on security needs over a secure, encrypted channel such as HTTPS.
Mobile push notification is only one example of the diverse range of authentication methods available today. Choose from biometrics, or cards and security keys enabled with standard security technologies such as FIDO, PKI, and OTP, to provide a seamless, passwordless experience. The inclusion of a bundled Certificate Authority (CA) gives organizations a choice of a publicly trusted or private dedicated CA for strengthened security.
An example of the FIDO experience is Microsoft’s passwordless authentication for enterprises using FIDO2 security keys, which allows users to authenticate to their Windows 10 machines and Azure Active Directory environments quickly, easily, and safely. HID has collaborated on this capability with FIDO-enabled high assurance smart cards and security keys that provide a single sign-on authentication experience. It is important to note that these high-assurance cards and keys should also include technology compatible with physical access control infrastructure. Full support of this infrastructure ensures a drop-in replacement for any access control card.
With an authentication ecosystem in place, the final piece to consider is the solution for centrally managing all these credentials and certificates. This capability can be delivered as a service in a multi-tenant cloud environment, enabling organizations to begin issuing and managing credentials for both physical and digital access in just a few hours.
Credential Management
Credential management solutions should be easy to deploy so that the workforce and contractors can safely operate inside and outside the workplace. Today’s cloud-based credential management services automate and simplify the physical access badge as well as the digital credential issuance process for everyone while eliminating inefficient, manual processes. Organizations have access to detailed insights about issued credentials including who has them, what they are for, why they have been credentialed, and for how long. Credential revocation is also automated, reducing the risk of insider security threats.
These cloud-management services also give administrators all details of active credentials, in any location. The services should be delivered through ISO27001-certified platforms that simplify employee access to the physical and digital workplace while solving administrative issues, regulatory compliance and other business challenges in today’s dynamic hybrid work environments. They also should include unified authentication back-end functionality that allows organizations to choose the optimal security protocol for each use case while maintaining consistent rules and audit management capabilities.
Simplifying Access, Security and Compliance
Today’s ever-expanding set of cloud-based workforce, contractor and visitor identity management applications work together on a common platform. That seamless operation transforms how organizations address cyber and physical security, compliance and business challenges. To unify, automate, and simplify identity access and management at a single facility or across any number of distributed office or remote work locations while reducing risk and removing the complexity of installing, configuring or supporting on-premise software. The result is a great user experience, scalability, and the elimination of manual processes for adapting to new challenges in today’s dynamic work environment.