We can all agree that 2020 was a strange year – with economic uncertainty, political unrest, and to top it off: a global pandemic. Undoubtedly, the pandemic and the resulting lockdowns uprooted every aspect of normalcy and shifted day-to-day business priorities and operations. Despite the disruptions, the pandemic accelerated digital transformation in the workplace, and organizations have had to adapt, invest, and harness new technology to foster growth and innovation amid uncertainty.
As the end of the year quickly approaches, 33% of US employees are still working from home – with limited knowledge of when offices will reopen. For many organizations, COVID-19’s ramifications have forced companies to reimagine their security and IT strategy. A new year brings new change – and anticipating what’s next can enable organizations’ IT teams to be better prepared. Here’s what’s on the horizon in 2021.
Prioritization of Identity Management as the New Security Perimeter
The shift to a remote workforce has exponentially expanded the threat surface, and organizations’ IT departments are facing new security challenges. Previously, many organizations still used a perimeter-based security model, leveraging traditional controls like firewalls and VPNs to protect against threat actors. Since most, if not all employees are now doing day-to-day work outside of the office using SaaS and mobile solutions to get their work done, these controls do not scale and are no longer enough to protect against online vulnerabilities in a remote environment.
This digital dynamic workforce shift has highlighted and accelerated the need for security outside the company’s physical or even logical perimeter – as employees are now accessing business accounts through various devices in various locations. Plus, many of the accounts employees use to get their work done are not full within the control of the IT team. When you remove the perimeter, the application itself and remove control over the end device, the only thing that is left to protect is the identity of the user. Securing identity becomes the new perimeter for IT. That’s why prioritizing a robust identity and access management (IAM) strategy will become more important than ever to support a secure remote workforce. There will be a continued emphasis on organizations implementing IAM solutions such as single sign-on (SSO), password management, and multifactor authentication (MFA) to further enhance remote employees’ and the organization’s security.
Increased Adoption of Passwordless Authentication
Organizations are starting to understand the benefits of a passwordless login experience – as it encourages higher security and employee productivity, while also freeing up resources for IT. While passwords aren’t going away completely anytime soon, our recent report found that 92% of IT professionals believe that passwordless authentication is in their organization’s future. Additionally, the report found that most IT and security leaders understand the importance of reducing the number of passwords used daily.
In 2021, organizations will continue to make strides towards passwordless authentication deployment by implementing IAM solutions such as an enterprise password manager, SSO, and biometric authentication that complement regular passwords. These technologies will ultimately streamline and simplify the login experience for end users, while providing better control and visibility for IT teams.
A Renewed Focus on a Strong Security Culture
At a time when the speed and volume of cyberattacks continues to rise, the cybersecurity behaviors of employees are more important than ever – and establishing a strong security culture will take centerstage for organizations. Security is closely tied to how employees – at all levels – perceive the importance of security and understand the implications of their security habits.
People have become numb to the security threats they face – whether at home or in the office. And although they understand the potential risks, they often don’t take action. For example, in the recent LastPass Psychology of Passwords survey, found that 91% of people know that using the same password over and over is risky; however, 66% do it anyway. In 2021, we’ll see IT and security teams double down on this dissonance and get people engaged in security – through trainings, new products, and the integration of a stronger security focus into everyday life.
Looking Ahead to a New Year
As the pandemic continues a paradigm shift into a remote workforce, secure access from anywhere will remain a top priority for all IT and security leaders in 2021. A proactive security posture is necessary to navigate this new workplace normal. It’s now more critical than ever that organizations’ IT teams are prepared for the challenges that lie ahead and evaluate the best solutions to meet both their and their remote employee’s needs.
LastPass Identity provides integrated access and authentication for the control and visibility that IT needs and the frictionless experience that users demand in this remote work environment. Learn more.
Gerald Beuchelt, Chief Information Security Officer, LogMeIn
Gerald Beuchelt is the Chief Information Security Officer at LogMeIn, makers of password and identity management solution, LastPass. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.