By John Bennett
Businesses big and small are increasingly targeted by hackers looking to get their hands on personal data and intellectual property. However, many small and medium-sized companies don’t have the resources to implement robust security programs. Many more are still not implementing basic security practices like strong password requirements. Passwords have traditionally been the first line of defense for companies. As more implement BYOD policies and utilize apps to increase efficiency, companies need to have greater control over employee credentials and access to workplace applications. To achieve that control and ensure higher security, SMBs should start by integrating enterprise password management, single-sign-on and multifactor authentication solutions into their organization to help guard themselves in today’s digital workplace environment.
Identity is a small business problem, too
The public has seen countless stories of security breaches at companies of all sizes and sectors, from fitness apps like MyFitnessPal to DNA testing site MyHeritage. Often times, due to the spotlight on larger organizations, it may be perceived that they more often deal with these types of incidents. However, 43 percent of small businesses fall victim to data breaches, according to Verizon’s latest Data Breach Investigations Report. What’s even more troubling, is 60 percent of small and mid-sized businesses that are hacked go out of business within six months.
Passwords are a leading factor in these breaches – according to Verizon’s Data Breach Report, 80 percent of hacking-related breaches used weak or stolen passwords – and the frequent sharing and re-use of passwords by employees create more risks. According to a recent LastPass survey, 50 percent of people don’t create different passwords for work and personal accounts. It only takes one weak or compromised password to help a hacker to break in and steal data, potentially impacting an entire organization. IT teams are tasked with securing all entry points, including cloud apps, unsecure Wi-Fi networks and unknown or personal devices. But it can be challenging given the common obstacles many smaller businesses face.
IT teams are finding themselves between a rock and a hard place as pressure grows to manage the expanding security landscape while dealing with limited time, staff and resources. When budgets are slim, it can be difficult to defend the investment of added security tools. Team members are in need of cost-effective solutions that will boost security without hindering employee productivity.
Understanding Identity and what it offers
An identity solution is necessary to address the concerns IT teams at SMBs are confronted with regularly. Identity-as-a-Service (IDaaS) is a solution that helps companies connect to and access identity management services from the cloud. It comprises of authentication infrastructure managed and hosted by a third-party cloud vendor for access and identity management functions such as single-sign-on. Having a consolidated view of access and authentication across an organization makes it easier for IT teams to do their jobs and protect their business ecosystem.
There are multiple parts (and acronyms) attached to an ideal Identity solution, so let’s break down what each is and what they provide:
- Single Sign-On (SSO) – Similar to a password manager, users have a single set of credentials to log in to any of their enterprise accounts. This enables users to be linked across multiple applications, so they don’t have to conduct a separate login process. The benefit is it decreases the amount of time employees spend logging into applications and reduces the number of passwords in use, providing a seamless process and a more secure organization.
- Multi-Factor Authentication (MFA) – A security system which requires users to verify their identity with additional factors such as biometrics, MFA offers an extra layer of security to protect against hackers looking to penetrate networks. Leading MFA solutions offer adaptive authentication, building individual profiles for users and adapting authentication requirements to different login scenarios.
- Enterprise Password Management (EPM) – A business-grade password management solution eliminates poor password habits by creating, storing, and filling in passwords, reducing the password burden on the IT team and freeing up resources for more value-add activities. IT teams can create, manage and enforce a password policy across the organization. The average employee manages nearly 200 accounts that are not necessarily company sanctioned apps. Having an EPM solution in place allows IT to secure credentials for these apps being used in the organization that they may not have known about otherwise.
Perimeter security is bolstered when these technologies work together under one umbrella. Risks are ultimately mitigated as all parts of the IDaaS solution cover critical entry points, so operations can be streamlined.
Stacking up the benefits
Bundling EPM, SSO, and MFA into a single identity solution addresses the central pain points of both IT teams and employees. IT can quickly deploy tools, enable authentication methods, and set security policies. Administrators and end users don’t have to get bogged down with the complexities of managing and working with these systems. Both groups are enabled to seamlessly carry out their day-to-day work and responsibilities.
Not only does having a full featured, identity solution benefit admins and employees, but it also helps the business as a whole. Since workers can seamlessly log in to accounts without having to manage countless passwords, they can focus on getting work done, which raises output levels and eliminates problems with password reuse. Additionally, IDaaS solutions give companies visibility into user behaviors across apps and devices, so they can manage access properly without having to break the bank. IDaaS solutions offer a cheaper and more consolidated option for SMBs to alleviate current security challenges and constraints.
John Bennett serves as General Manager of LogMeIn’s Identity and Access Management business unit. In this role, he is responsible for the general management and business development of all LogMeIn IAM products including, market-leading password manager, LastPass, and remote access and management solutions, LogMeIn Pro, GoToMyPc and LogMeIn Central. With more than 25 years of experience driving growth and leading change for communications and SaaS companies, he joined the company in 2017. Prior to joining LogMeIn, John held several product leadership roles at GetGo, a once wholly-owned subsidiary of Citrix that merged with LogMeIn in early 2017.