Companies have accelerated the digitalization of their processes at a surprising rate in the past year, two or three years ahead of their plans for the next five years, according to more than 40% of executives surveyed by consulting firm PwC.
Whether we are talking about business processes or work from home, companies are increasingly relying on technology, with 35% of respondents saying they are accelerating automation to reduce costs, 31% that they are modernizing with new capabilities, and 29% that they target the speed and efficiency of the processes, according to an article written by Mircea Bozga, Risk Assurance partner, PwC Romania, and Alin Dăgădiţă, the leader of the Digital Identity team, PwC Romania.
The growing dependence on digital services exposes companies to more and more complex cyber threats, and the security of digital identity (Identity & Access Management – IAM) has never been more critical. In fact, the significant increase in cybersecurity incidents in 2020, including ransomware attacks, has propelled cyber threats as one of the top concerns for executives worldwide, with 47% of executives reporting this, compared to 33% in 2020, according to the latest PwC CEO Survey report.
In Romania, cyber-attacks are in fifth place in the top of concerns for general managers, many companies still have problems on this level, including with the management of access for employees or priviledged accounts.
What does “digital identity” mean?
“Digital identity” is critical information about employees or customers, data, and devices, thus the foundations on which a company’s digital and cybersecurity strategy is built on.
Digital identity can be divided into four different areas: 1. workforce identity, so access management, 2. privileged account/access, for users such as database administrators, 3. customer identity, from B2B customers to consumer scenarios or even governments and how they interact with their citizens, and 4. Identity of things (IoT – Internet of Things, AI and RPA).
The growing complexity of digital and the ever-changing roles of employees within an organization have increased the importance of identifying and enabling user access. Beyond digital trust and security, it enhances digital interactions with employees, customers, contractors, business partners, and the supply chain.
However, identity and access management are not just about technology, but also about the people in the organization, the processes, and the governance of the service.
Although they understand the importance of IAM solutions, according to Digital Trust Insights, only 29% of companies have implemented them. At the same time, 29% of respondents say they have started this process, and 36% have understood the benefits or want to introduce them in the future.
The benefits of automating identity and access management services
Cyber threats are complex and involve several attack vectors, the authors of the article show. Thus, privileged accounts are the basis of over 80% of cyber attacks, which means that their protection is essential, and this can be done using PAM – Privileged Access Management systems. Along with privileged accounts, the level of inadequate access of company employees (they have more access than necessary) is another vector used by attackers in the case of about 27% of cyber attacks, so it is essential that these permissions/rights be reviewed in periodically, and application managers and administrators to have an overview of user rights (eg cross applications) and not just reports from different applications. IAM-type systems provide a central point of access reporting and can implement SOD (Segregation of Duties) policies that can prevent inappropriate access, but also have the potential to reduce internal fraud.
In other words, due to its large-scale impact on the organization (people, risks, compliance, sales, etc.), digital identity and access management services are fundamental to the digitalization and cybersecurity strategy, touching on three important aspects:
Digital interaction. Improving the user experience both inside and outside the organization is a key point to keep the workforce involved and customers happy.
On the part of the workforce, timely and accurate access to organizations’ IT assets through AMI is an important part of increasing productivity and user engagement, while customers demand consistent and relevant experiences across all channels.
Risk and threat management. Almost all the assets of today’s organizations (ie data, processes) are in the digital environment, protecting access to them becoming paramount. Risk and threat management is one of the main benefits of AMI, as its basic concept is to reduce exposure to sensitive assets and to allow the correct access of authorized persons through the principles of security of authentication information.
By 2021, the Internet of Things (IoT) and cloud service providers are at the top of the list of “highly likely” cyber threats. At the same time, cyber attacks on cloud services lead to the top of threats that will have a significant negative impact on companies.
Resilience and incident management. Strengthening resilience to cyber attacks, while improving preparedness to respond quickly and resolve incidents, will help keep organizations runn smoothly and securely. AMI capabilities, such as risk-based authentication (ie multi-factor authentication), strengthen access security while revoking emergency access can help manage data leaks quickly.
In conclusion, the authors of the article argue that AMI automation helps speed up tasks that were largely manual, such as providing access for new members, protecting critical organization data from overexposure, reducing costs, and mitigating vulnerabilities in various situations, and enabling organizations to control and manage digital identities and access in a timely and efficient manner.
Translated from Romanian by Service For Life S.R.L.