Creating a business-oriented, financially defensible program will make it difficult for business leaders to question the CISO’s approach or redirect resources. Forward-looking CISOs need to reassess their risks – identifying threats, vulnerabilities and potential impacts in financial terms. They should quantify and prioritize implementation and/or operation of controls based on the value they deliver in managing that risk, and orient the project road map to addressing the worst first.

The shift to remote working during the COVID-19 pandemic brought the importance of robust identity and access management (IAM) practices firmly into the spotlight. It has become an integral pillar of an organization’s security infrastructure as the business demands better access controls in a less controlled network environment with shared platforms.

The increased use of personal devices and remote access to core business systems increases the threat landscape of businesses. However, adoption of new IAM controls and processes will mitigate the cyber risks and threats for organizations.

What can security leaders do now, next and beyond?

1. Now – solve the current crisis
   Perform an impact assessment of remote working, IAM processes, and secure access to critical and non-critical applications. Support contingency programs including IAM process simplification and work-arounds, and re-organize IAM operations to accelerate execution and monitoring of remote and privileged access.
2. Next – steps for year-round
   Assess the appropriateness of remote access by critical/non-critical application, and review the revised access controls with your compliance teams. Also gain buy-in from your compliance team for simplified procedures, including access to business applications.
3. Beyond – resiliency and risk management
   Enhance your IAM capability through improved contingency processes, awareness, reporting, technology and collaboration.