Self-service identity management requires a new layer of human security


As part of Solutions Review’s Premium Content Series, a collection of columns written by industry experts in maturing software categories, Nelson Cicchitto, President and CEO of Avatier Corporation, shares insights from experts on self-service identity management, why it’s valuable, and how businesses can improve how they use it in the future.

Identity Access Management (IAM) has become a significant concern for organizations working from home. Although more and more employees are returning to the office after the initial COVID-19 crisis, it’s clear that working from home is here to stay. According to Gallup, 45% of employees are working remotely and nine in 10 workers plan to continue working from home at least part-time. IT departments struggling to give remote workers secure access when the pandemic hit in 2020 are now upgrading IAM procedures to support a remote workforce. Preventing data breaches and implementing more secure self-service identity management requires a new layer of human-assisted authentication.

While self-service identity management has been around for a while, the pandemic has shown it can be improved. It must be more efficient, safer and more convenient. During the pandemic, the number of help desk calls has increased. Trouble ticket volume increased by 35% and ticket backlogs fell from an average of 7.2 days before the pandemic to 12.1 days. Gartner estimates that between 20% and 50% of help desk calls are for password resets. Implementing self-service identity management reduces the volume of help desk calls. It also reduces downtime for remote workers since they don’t have to wait for the help desk to respond.

Many organizations allow employees to reset their passwords. However, many organizations still have limited self-service IAM capabilities. Even organizations with sophisticated IAM technology are still susceptible to hackers. The challenge is to give remote workers more autonomy when it comes to credential authentication without compromising data security. There needs to be a new approach to self-service identity management that includes human security to provide insight that AI and machine learning cannot.

Continued reliance on self-service

Self-service online access is booming. Seventy-nine percent of consumers say they expect organizations to provide self-service options, and 81% of enterprise users say they prefer self-service. Using self-service to resolve business issues has always been preferred because it saves IT and support teams time and money.

However, there are good reasons to be skeptical about implementing self-service authentication for sensitive data assets. Human error continues to be the biggest factor in data breaches. CEOs report that human error as a cause of data loss rose to 53% in 2021 from 28% in 2018, and SMBs say it rose from 17% to 28%.

To eliminate human error from identity management, organizations continue to rely on automated authentication and authorization tools such as:

  • Workflow Approval: Application owners, line of business, IT/security, or others who need to approve access.
  • Two-factor authentication: This is one of the most common identity verification tools, as it assumes that the person requesting access controls their email or smartphone.
  • Single sign-on: Single sign-on is becoming an increasingly popular tool for enterprise access. After being authenticated once, the system uses the same secure credentials to grant access to multiple applications, increasing productivity and reducing help desk calls.
  • Public key certificates: These digital certificates store information about the certificate holder and are used to verify the holder’s identity.

What makes self-service identity management so appealing is its convenience. Users can log in from anywhere to change their passwords, request access to new data assets, create new groups, update profiles, extend account expirations, verify access to users, check direct reports, everything an IT administrator would usually do. Using a self-service approach eases the burden on IT while simplifying access management for users.

The challenge with any self-service is that it requires the business to self-manage access to the entire workforce through a rule-driven workflow. Automating provisioning with self-service lifecycle management tools allows users to control account information and enterprise access without compromising security. The idea is to take a zero touch/zero trust approach to enterprise security by promoting self-service access through secure workflows.

With today’s wireless technology, business decision makers are available at all times. When users submit a request to access software, data, or corporate assets, managers can authenticate users with the push of a button. User privileges can then be stored in active directories that follow the user through the organization, using additional automations and workflows to keep credentials up to date based on their role and responsibilities professionals.

Autonomy should not be an additional burden for IT staff. With the right authentication workflows, access remains secure while providing self-service, with hierarchical approvals and an audit trail.

Make self-service safer

Successful self-service identity access management relies on automation. Self-service support continues to grow in popularity because it’s simple, fast, and eliminates the need for human intervention. As a result, other business processes have become self-service, leading to potential weaknesses in business security. Automating user identities means relying on machine learning and computer algorithms to validate identities. Humans can still usurp machines.

Your first line of defense should be Multi-factor authentication (MFA). The best way to validate users and maintain secure remote access is to require a second form of authentication, whether by email, phone, answering security questions, or some other means.

As part of self-governance and to maximize your MFA investment, organizations should complement automated MFA with a human element. There will be times when the automation cannot correctly identify a user request. Just as secure lifecycle management workflows require managers to authenticate users, there should be a workflow that requires human intervention to support MFA authentication when needed. Rather than locking out a user after three attempts or forgetting a security question, the MFA workflow can alert a manager or the help desk to intervene and validate their identity.

Authentication policies can be structured into hierarchical workflows with appropriate security controls at each level, from core self-service login to sensitive data requests. Applying an omnichannel approach ensures that users can log in and make access requests when needed from any device. Managers also have 24/7 access to quickly process requests, verify legitimate requests, and block unauthorized access.

Self-service identity management will continue to thrive, but it’s important to remember that one approach doesn’t fit all situations. Providing layers of authentication and authorization, including some level of human assistance, will complement self-service processes, enabling touchless administration with zero-trust security.

Nelson Cicchitto
Last posts by Nelson Cicchitto (see everything)


Comments are closed.