Digital transformation is nothing new. Enterprises have been striving to achieve digital El Dorado for over a decade now, looking to solve usability and security issues and improve the quality of work and service. Yet, the progress has been slow, to say the least. It’s not that companies do not understand the value. It has been widely accepted that digital transformation is THE thing to strive for. After all, digital-first companies are 64% more likely than their peers—to have exceeded their top 2018 business goals.
COVID-19 and the renewed urgency for digital transformation
As we discussed in a recent webinar with other market leaders, digital transformation has become even more urgent in the past few months with COVID-19. To continue operations in the new reality, many companies needed to adopt modern digital tools and workflows and become “digital-first” quickly. In fact, often too quickly. If previously the problem with speed was that it was painstakingly slow, now the issue is that companies are rushing into the adoption of new digital technologies at a neck-breaking speed. And this haste comes with a price – enterprises dive headfirst into the new digital world without examining closely the effects on total ownership cost, user experience, and perhaps most importantly, security.
In theory, cloud-first companies should be less affected by changes, even as dramatic as COVID-19 with all employees suddenly working from home. But the remote work era is heaven for attackers. The security of an organization depends on its weakest link (or user), and there are more ways to error these days. We’re all human and we all make mistakes, and history shows that anyone can fall for a sophisticated attack.
Ease of use vs. security: a tug of war continues
There is almost always a tradeoff between usability and security. One recent example is the case of Zoom, a video conferencing tool that became the Coronavirus darling among corporations and private users alike. Zoom has enjoyed unprecedented growth. At the same time, it became a target for Zoom bombers, privacy issues popped up all over the place, and security researchers have unveiled some pretty serious vulnerabilities.
Users love simplicity, and complexity has thwarted digital tool adoption in many organizations. Finding the balance between the two has not always been easy. But at the same time, users remain the weakest link in any system. A working service is far from being enough. It can bring more harm than good if it is not secured. Many companies have been brought down to their knees by an employee clicking on a link in an email. These same challenges continue to affect communications and collaboration solutions that enjoy skyrocketing adoption rates in the new reality. In the case of Zoom, it’s default screen sharing options left users exposed. When this issue was corrected by the company, serious usability challenges ensued.
Can companies modernize without compromising security?
Here is the billion-dollar question – can companies successfully modernize their infrastructure and workflows swiftly and without compromising security? In my option, they can. But they need to approach digital transformation carefully. Everyone wants to be the first to modernize and innovate, and indeed many companies focus on implementing their services first and only later turn to examine the security considerations. But by then, they often realize, it is too late.
Despite the urgency, every digital transformation initiative must be carefully examined in three dimensions: cost, usability, and security. By neglecting even one of these dimensions, the company is risking running into serious trouble down the road.
However, in a rush to digitize, security has often been overlooked. This is especially notable when it comes to authentication and access control solutions.
A big mistake: not carefully vetting authentication solutions
When it comes to choosing the actual tools of digital transformation, such as authentication solutions, business leaders more often than not leave the decision fully in the hands of technical teams. Since management has no particular preference for one tool over the other, IT admins adopt the first solution they find that seems “good enough.” But when it comes to authentication, looking at the easiest solution to adopt is a big mistake.
Let’s have a look at the easiest authentication solution – passwords. They are (supposedly) cheap, easy, and widely acceptable. And you can add an additional layer of security by enabling Multi-Factor Authentication via SMS, email, OTP, etc.
But we all know that passwords leave much to be desired when it comes to security. Not only 2FA can be easily bypassed, but password reuse and poor security hygiene mean that the keys to your castle are left with your users – who are the weakest link in your security architecture.
Security is too important to leave it for the user
As we all know, your users are holding the keys. But we cannot expect the users to be responsible for security. After all, they are here to do their jobs. We can’t expect users to change their ways and make security their number one priority, especially at the cost of additional time and effort.
After all, an authentication solution is a bridge to your carefully protected “network as a palace.” No matter how well your palace is protected, attackers will find that bridge, and your users will lead them through it.
That is why it is crucial to adopt the Zero-Trust approach. Your motto should be “Never trust, always re-verify and re-authenticate.”
Factors to consider when selecting an authentication solution
When looking at authentication solutions, there are multiple obvious considerations that must be carefully examined:
- User experience
- Security
- Performance
- Compliance
- Uptime
But there is another consideration that is oftentimes neglected: how future-proof is the solution? IT teams must always have one eye to the future and adopt solutions that will remain good for many years. That is especially true for security solutions – as an underlying infrastructure that serves a myriad of current and future platforms within a company. And when it comes to employee identity management and authentication the board effects across the enterprise and into the future are even clearer.
How can companies leverage new technology appropriately and efficiently?
Enterprises should not be afraid of cloud services or adopting new technologies. But they need a carefully thought vetting system to choose the right products and services. And every vetting process must start with careful consideration of three factors: cost, usability, and security.
Probably the most important technology for any enterprise in terms of data security is it’s authentication solution, as it controls the door to all networks and assets. So when selecting an authentication solution, make sure to take your time to find the best option that balances out the usability, security and cost.
Passwordless authentication, when done right, is a solution that ticks all the boxes: zero-trust paradigm, high-assurance security, easy scalability and user–friendly experience. With no passwords at all, we leave human behavior out of the equation, providing easy access anytime and anywhere, without giving up security.
