The sudden shift to remote work environment during the pandemic increased the workloads for the IT personnel and created new priorities
The shift to a remote work environment meant that enterprises needed to ensure seamless productivity and consistent security. Setting up VPNs and shipping of new equipment to employees are all part of the shift. To normalize the situation, IT departments are consistently fine-tuning the WFH processes and different strategies like access control.
CIOs say that some IT decision-makers believe that their budgets will continue to be the same. Around the same number of executives believe that a decrease in the IT budget is certain. Thus, it boils down that IT leaders will be required to focus on the budget, logistics, operational efficiency, and cost control.
To taste success in the new environment, IT departments must identify sections to cut costs and boost user efficiency effectively. They have to also focus on increasing security via high-impact projects and quick successes. The IT service desk is a critical area to be evaluated. Identifying common issues that traditionally drove the service desk calls and mode of address, can be a good initiating step.
Locally cached credentials and expired passwords
CIOs say that pre-COVID, the top service desk call driver requested for password resets. The situation hasn’t changed much in the current scenario. Organizations have seen a gradual increase in calls related to expired passwords and locally cached or stored credentials.
Many enterprises still utilize regular periodic password expiration methods. Security leaders believe that this practice results in poor password practices; however, it remains a compliance need. The users of such enterprises will not receive the password expiry notifications when they are off-network. As a result, the users will not be able to log in when they try to connect to the VPNs, as the system depends on expired passwords for authentication.
Security leaders clarify that even when an organization has deployed password reset solutions that notify users of imminent password expiration, the locally cached credential will go out of sync with the latest password when its reset remotely. This could result in a lockout. IT service desks will need to intervene in both cases, it not only results in increased costs but also results in security gaps as most service desks don’t have secure user verification.
Some security standard bodies like NCSC and NIST suggest complete removal of password expiration services and recommend forced password changes when successful detection of leaked passwords occur. However, this is a counterproductive move, as enterprises will be exposed to threat actors for extended periods. It may take more than two hundred days on average to identify that a breach has occurred.
CIOs suggest that the better move is to deploy stronger and smarter policies that reward users with spaced out password changes depending on their password’s strength and length. Such solutions will also have the capacity to block the utilization of compromised, leaked, or weak passwords.
Implement solutions that can notify users when using the VPN that they have to change the password proactively before it expires. A self-service password reset solution is one such measure that can update locally cached ID and passwords. It is the most optimal solution for reducing the IT service desk’s high-volume calls and freeing up IT personnel.
User lockouts and device encryptions
CIOs believe that the remote working and increased utilization of encrypted devices to ensure secure and remote working were the main reasons for increasing lockout calls. Many solutions that allow authentication of users to decrypt devices are available. Often enterprises rely on other encryption solutions for managing and retrieving the keys. Employing a third-party solution for the self-service key recovery is also a popular solution among the CIOs. It is vital to ensure that it is available remotely and follow secure user verification protocols when providing the recovery key.