Skip to content

How to Authenticate Remote Workers in a Zero Trust Security Model

March 25, 2020

Where and how employees work has changed drastically in the last decade. Workers used to only be able to access corporate resources while working at the office.

But in today’s working environment, employees have taken work out of the office and into our homes and onto our mobile devices. In the age of this digital transformation—and to support an increasingly mobile and remote workforce—it is crucial for IT and cybersecurity teams to get security right. 

Modern corporate security goes beyond traditional perimeter-based security models and also employs “zero trust” security models. Zero trust security models provide additional layers of security, particularly for remote work and cloud environments. Authentication is a first step in achieving a zero trust security model, and it starts with verifying that the person at the other end of the desktop, laptop, or mobile device is indeed a colleague, not a cybercriminal. 

Identity and access management (IAM) software, also known as “workforce identity” or “employee identity” and access tools, help companies ensure that only permissioned users--such as onsite employees, traveling employees, or remote contractors--can access corporate applications and data. The IAM software authenticates a user’s identity before granting them access to company assets they have specific permissions to use.  For example, a company’s chief financial officer should likely have access to the company’s accounting software, but a person on the sales team should not. Getting employees to adopt these kinds of security tools on a daily basis is critical, which is why IAM solutions are designed to offer intuitive, user-friendly experiences. 

Providing positive, secure authentication and access experiences for remote employees

The best security tools are ones that people actually use. Slow, outdated technology can prevent employees from being productive at work. Therefore, providing remote workers with easy-to-use access to their everyday systems is critical for a company’s productivity and bottom line.

IAM software offers a number of user-friendly tools—including single sign-on functionality—that facilitate a smooth, secure authentication and login process for end users to access all of their business-critical applications by signing in only once. This reduces password fatigue and gets employees up and running with their applications faster.

Our analysts consider best practices for remote work across industries, and its  impact on the market.    Explore Now →

Deploying authentication solutions like IAM software also helps prevent users from implementing shadow IT solutions, where employees utilize their own, unsanctioned (and potentially risky) software or hardware to solve their business needs. Having easy-to-use access processes also helps prevent employees from accessing data via other means, such as downloading personal copies of sensitive business data to use on their own local machines, which introduce security and privacy risks. Data loss prevention tools can also assist with preventing data from being downloaded in this fashion.

To help buyers of IAM software determine which software is best for them, G2 has compiled a Usability Index for Identity and Access Management (IAM) | Winter 2020, which scores software on ease of administration and ease of use based on reviews of current IAM software users. The next iteration of this report will be published in late March 2020, so check back for updates. 

Using IAM software in a zero trust security model  

According to a 2019 study by the Cloud Security Alliance, 69% of organizations are migrating data for business-critical applications to the cloud—which means security needs to adapt. Previously, perimeter security was considered sufficient to protect on-premises assets; however, to secure data that resides offsite, companies have adopted a  zero trust security model to protect their businesses. IAM tools are part of a zero trust security model solution.

Let’s use an analogy to explain perimeter-based security. Imagine a charity is hosting a gala dinner at a hotel ballroom. As attendees enter the hotel lobby, they are greeted by bouncers who ask guests for their names and a secret phrase. Once the attendees’  names are referenced on the list and they provide the correct secret phrase, the bouncers open the red velvet ropes and let the attendees into the party. While the attendees are at the event, they are free to move around, mingle, perhaps stop at the bar, peruse the dessert tray, and generally have a merry time no questions asked. In this analogy, the bouncers represent the company’s perimeter security and the attendees represent corporate users, like employees. Once the attendees provide their names and the correct secret phrases (i.e., usernames and passwords), they are free to wander around the party (i.e., access what they need to on the corporate network).

Zero trust security model for mobile workforces and cloud environments

However, with today’s mobile workforce accessing corporate applications—either on-prem via VPNs or via cloud-based applications—is perimeter security enough? No. This is why, in addition to perimeter security, many companies employ a layered, zero trust security model. In this model, no users are trusted and they must authenticate to access assets, even if they are already in the network.

Let’s get back to the hotel gala event analogy to this time explain how zero-trust security works. Say in addition to attending the event, some attendees are also spending the night in hotel guest rooms. A zero trust security environment operates similarly to how hotel guest rooms are secured, by checking in and being given a keycard to access the elevators and the guest room lock. Just because a guest has access to the hotel’s main lobby and public meeting rooms (i.e, the network) does not mean that the guest should also be able to access the hotel elevators or ultimately the hotel guest rooms (a company’s data or applications) without permission. 

Ultimately, whether a company needs to secure a hotel guest room in the physical environment or a dataset in the cloud, a layered approach to security is key.

IAM software makes user adoption and administration easier

The best security solutions are the ones that are used. Having security tools that are easy to use, and that improve the end-user authentication experience, is critical for solution adoption. The best security tools are ones that are used, and IAM software meets the needs of both security teams and a company’s workforce.

Don’t fall behind.

Subscribe to the latest software news & updates from the expert analysts at G2.

By submitting this form, you are agreeing to receive marketing communications from G2.