Without proper identity and access management controls, employees may end up with excess access to data. Learn how to secure your customers’ evolving networks with access controls.

Fortinet Guest Blogger

October 18, 2019

7 Min Read
Fingerprint login authorization and cyber security concept. Blue integrated circuit with locks on background. Control access and authentication
Getty Images

Digital transformation is changing the way your customers do business, but it’s also fundamentally transforming how their employees live and work. As increasing numbers of digital natives enter the workforce each year, competition for the best and brightest among them has intensified, and companies are looking for new and innovative technology solutions that will both enhance productivity and improve job satisfaction.

One way this is done is through accepting and even encouraging remote work in response to employees’ growing demand for workplace flexibility. According to researchers, remote workers are more productive than their in-office counterparts, take fewer sick days and have lower attrition rates. In addition, employers save on rent, office equipment and energy costs, and can recruit top talent more easily—even if it’s in short supply in the local area.

Risks That Come with the Changing Workforce

Though it brings many benefits, the rise of remote work also poses significant security challenges for your customers. Work-at-home employees have less immediate in-person access to technical support than workers in traditional office environments, which may leave them with fewer resources to call upon when their tools aren’t working as they should—or when they encounter malware or signs of a cyber attack. They’re far more likely to use personal devices for work. They’re also more likely to connect these devices via their home wireless networks, while being less likely to have the technical expertise necessary to properly configure and secure these devices and networks.

In addition, not all remote workers work from their own homes. Coworking spaces are growing in popularity, and up to one-quarter of remote workers prefer working in a public space like a café or library. This means they may be putting valuable business data or intellectual property at risk if they’re accessing company resources through insecure WiFi networks.

Remote Workforces Demand Resilient Identity and Access Management Solutions

In the past, your customers’ technology assets were located within office buildings, and employees visited specific sites to access those resources. Now that increasing numbers of customer workloads reside in the cloud, and many of their workers are mobile or remote, the policies and technologies that manage digital identities are becoming as essential to the security of their most critical business assets as the doors, locks and security guards limiting access to physical buildings once were.

Without proper identity and access management controls in place, employees may end up with broader access to more files, systems or applications than they need in order to fulfill their responsibilities. Or they may find themselves with greater degrees of administrative privilege than are strictly necessary. In this all-too-common scenario, the compromise of a single user’s password or device can result in a devastating data breach.

Outdated, poorly configured, or absent identity and access management controls can also make it more difficult for employees to access the applications they need to do their jobs. New hires may face excessive waiting periods before being granted access to necessary resources if each authorization must be granted and configured separately. If roles aren’t clearly defined, a great deal of system administrators’ time will be spent on authorization and approval procedures. This can keep IT support teams busy, as well.

What Your Customers Need in an Identity and Access Management Solution

For nearly every worker in every role in every organization, controlled access to business resources and assets is essential for doing their job. With this in mind, the ultimate goal of the authentication solutions offered to your customers should be to balance productivity enablement with risk management.

Historically, access management systems have relied on end users to enter a username and password combination to verify their identities, but passwords have long proven to be among the weakest links in organizations’ security strategies. Even the best-intentioned employees struggle to remember all the passwords they’re responsible for knowing, and their burden will only increase as more consumer devices are connected to the internet and require some type of administrative control.

When it’s too challenging to remember passwords, many employees will succumb to temptation and re-use them, even though this exponentially increases their vulnerability. For this reason, credential compromise remains the most common vector enabling hacking-related attacks. Insecure passwords led to 80% of the hacking-related data breaches studied in the 2019 Verizon Data Breach Investigations report.

Because administrative complexity and end users’ inability to remember the almost countless passwords they’re in charge of are the greatest enemies of secure authentication, today’s organizations need identity and access management solutions that are easy to use, centralized and intuitive to administer.

Single Sign-On

Single sign-on (SSO), which permits employees to use one set of login credentials to access multiple business applications, can reduce the difficulties associated with password fatigue. With SSO, your customers can ensure that their employees are granted the appropriate access to both web applications and cloud and network resources, while security administrators retain centralized control and deployment and management processes are streamlined.

Though SSO can improve end user experience and help resolve some of the challenges that arise because of today’s overabundance of passwords, it does introduce a single point of failure into authentication systems. To compensate for this potential weakness, many organizations are implementing multi-factor authentication (MFA) in conjunction with SSO identity policies.

Multi-Factor Authentication

Multi-factor authentication involves asking users to confirm their identities by supplying something they know (such as a password), something they have (such as access to a mobile device or physical hardware token), or something they are (such as a fingerprint or retina scan) at key touchpoints in the authentication process. Advanced solutions such as FortiToken Mobile can now leverage the full range of security capabilities built into today’s mobile devices, including fingerprint, facial or retina recognition, for highly robust identity confirmation.

Securing Your Customers with Fortinet

 Finding the identity and access management solution that will best meet your customers’ varying needs is no easy task. Fortinet Identity and Access Management solutions are flexible and able to support a broad variety of user identification and authentication methods, which means that a single solution that’s simple to manage centrally can be adapted for a wide range of use cases, business scenarios and budgets.

FortiAuthenticator supports single sign-on, can integrate with pre-existing Active Directory or other user database systems, and readily supports guest access, BYOD and certificate management. Because FortiAuthenticator seamlessly integrates with the FortiGate Next Generator Firewall, it makes it easy to extend the benefits of robust centralized authentication services across the whole of the Security Fabric.

Adding FortiToken Cloud to your customers’ environments will allow them to enforce two-factor authentication through a mobile app requiring no additional hardware or software to operate. It is administered through an intuitive cloud portal and scales effortlessly. FortiToken Cloud can be used to enforce secure access to a VPN, protecting your remote workers even at public wireless network access points.

Fortinet partners enable simple and centralized administrative controls to identity and access management offerings, as this is inherent to the Security Fabric approach. However, your customers also have access to the full range of capabilities of a highly versatile and customizable identity and access management solution and dashboard.

Final Thoughts

As the workforce becomes increasingly mobile and your customers continue to move to the cloud, identity and access management are critical to network security. Partners must have the expertise to evaluate customer needs based on network configuration and employee use, and the tools to secure usage across distributed environments.

 Learn more about deploying effective identity access management tools and policies on the partner portal.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like