In 2020, we all were rushed into a new situation with the move to remote work. According to Gallup, nearly three-fourths of employees were working remotely to some degree when the pandemic hit. What used to be an occasional perk for a small percentage of employees, full-time remote work became the norm for most employees at many businesses.
Our offices are changing – and they'll continue to change. As we progress into 2021 and beyond, businesses everywhere are asking 'what is the future of remote work?' In the future, companies will have a hybrid mix of employees working from home partially and some full-time remote. According to a Gartner survey, nearly two-thirds of companies will provide employees the flexibility to work remotely.
As employees gradually begin returning to the office or continue to work remotely, we need to realize how this trend might change identity and access management. With the shift to remote work, we saw the majority of employees logging in from one remote location: home. For most, logging in from one location (either home or the office) gives your IAM policy a straightforward use case to validate access.
However, as activities open up and with more remote and partially remote/hybrid workers, the number of locations and use cases for access will multiply. With the ability to work anywhere and anytime, employees will start working from several locations in addition to their homes: coffee shops, libraries, a relative's home. When travel resumes, employees will begin logging in outside of their normal working hours.
Employees will soon begin logging in from a number of locations and using a number of personal devices: that combination makes for a complex equation in verifying a user's identity. Now and in the future, it is critical to centrally verify and manage identities across locations, devices and applications via secure authentication while maintaining the convenience needed by employees. Company executives recognize the need to modernize their IAM resources, and 70% of executives plan to increase their IAM investments to support a secure virtual structure.
One method to adapt to this change is for organizations to verify users through risk-based authentication. Say an employee wants access to an application. The person has the right login information, but they are logging in from a location that is abnormal, such as another country. Or, the person is accessing data or an application they typically don't use. A username and password may have been sufficient before when everyone was working in the office, but those credentials can be easily stolen. When a smart IAM system recognizes a potentially risky login, it can require step-up in authentication to maintain security and ensure that the right users can access what they need – without requiring an IT or service request to investigate.
There are multiple authentication methods to secure your users and applications, from hardware/software password tokens, push notifications to SMS. As passwords are easy targets for rogue actors, the future of authentication will be built around biometrics, passwordless, and future standards such as FIDO.
Remote work will continue to change as companies and employees develop our new normal work routines. Identity and authentication methods must evolve alongside those changes to ensure secure access and simplicity for both employees and companies.