As we enter into 2022, there is still a level of uncertainty in place. It’s unclear what the future holds, as companies around the world still contend with the COVID-19 pandemic. Remote working has been encouraged by most organisations and the move to a hybrid working system has become ‘business as usual’, for the majority of businesses. Some have reduced their office space or done away with their locations altogether.

Following best security practices

With all this change in place, there are problems to deal with. According to research, 32.7% of IT admins say they are concerned about employees using unsecured networks to carry out that work. Alongside this, 74% of IT admins thought that remote work makes it harder for employees to follow best security practices.

This need to manage security around remote work is no longer temporary. Instead, companies have to build permanent strategies around remote work and security. The coming year will also create a different landscape for small and mid-sized businesses (SMBs).

Here are some key predictions for next year and what to start preparing for in 2022:

  • The reality of SMB spending around security will hit home

SMBs had to undertake significant investments to adapt to remote working

SMBs had to undertake significant investments to adapt to remote working, especially in comparison to their size. They had to undertake significant digital transformation projects that made it possible to deliver services remotely, during the COVID-19 pandemic. We’ve seen a shift in mindset for these companies, which are now more tech-focused in their approach to problem solving.

According to our research, 45% of SMBs plan to increase their spending towards IT services in 2022. Around half of all organisations think their IT budgets are adequate for their needs, while 14.5% of those surveyed believe they will need more, to cover all that needs to be done.

Identity management spending to support remote work

For others, the COVID-19 pandemic led to over-spending, just to get ahead of things and they will spend in 2022, looking at what they should keep and what they can reduce their spending on.

Areas like identity management will stay in place, as companies struggle to support remote work and security, without this in place. However, on-premise IT spending will be reduced or cut, as those solutions are not relevant for the new work model. Services that rely on on-premise IT will be cut or replaced.

  • The device will lead the way for security

We rely on our phones to work and to communicate. In 2022, they will become central to how we manage access, to all our assets and locations, IT and physical. When employees can use company devices and their own phones for work, security is more difficult. IT teams have to ensure that they’re prepared for this, by making sure that these devices can be trusted.

Wide use of digital certificates and strong MFA factors

Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication

There are multiple ways that companies can achieve this, for example - By using digital certificates to identify company devices as trusted, an agent, or strong MFA factors, like a FIDO security key or mobile push authentication.

Whichever approach you choose, this can prevent unauthorised access to IT assets and applications, and these same devices can be used for authentication into physical locations too. Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication.

Understanding human behaviour

Alongside this, it is important to understand human behaviour. Anything that introduces an extra step for authentication can lead to employees taking workarounds. To stop this, it is important to put an employee education process in place, in order to emphasize on the importance of security. The next step is to think about adopting passwordless security, to further reduce friction and increase adoption.

Lastly, as devices become the starting point for security and trust, remote device management will be needed too. More companies will need to manage devices remotely, from wiping an asset remotely if it gets lost or stolen, through to de-provisioning users easily and removing their access rights, when they leave the company.

  • Identity will be a layer cake

Zero Trust approaches to security

Identity management relies on being able to trust that someone is who they say they are. Zero Trust approaches to security can support this effectively, particularly when aligned with least privilege access models.

In order to turn theory into practical easy-to-deploy steps, companies need to use contextual access, as part of their identity management strategy. This involves looking at the context that employees will work in and putting together the right management approach for those circumstances. For typical employee behaviour, using two factor authentication might be enough to help them work, without security getting in the way.

How enterprises manage, access and store identity data

There will also be a shift in how enterprises manage, access, and store that identity data over time

For areas where security is more important, additional security policies can be put over the top, to ensure that only the right people have access. A step-up in authentication can be added, based on the sensitivity of resources or risk-based adaptive authentication policies might be needed.

There will also be a shift in how enterprises manage, access, and store that identity data over time, so that it aligns more closely with those use cases.

Identity management critical to secure assets in 2022

There are bigger conversations taking place around digital identity for citizenship, as more services move online as well. Any moves that take place in this arena will affect how businesses think about their identity management processes too, encouraging them to look at their requirements in more detail.

Overall, 2022 will be the year when identity will be critical to how companies keep their assets secure and their employees productive. With employees working remotely and businesses becoming decentralised, identity strategies will have to take the same approach. This will put the emphasis on strong identity management as the starting point for all security planning.

Download PDF version Download PDF version

Author profile

Neil Riva Principal Product Manager, JumpCloud

Neil Riva is a Principal Product Manager at JumpCloud focusing on identity & authentication. Award-winning product leader with extensive experience creating a diverse portfolio of identity & access management, authentication, & cybersecurity products. Former Director of Product Management at HID Global IAM, Crossmatch Inc & DigitalPersona. With 20+ years of experience, Neil has led & developed products in the authentication, biometric, network management, security & artificial intelligence areas. He was the CTO of noHold Inc. designing & developing a patented Artificial Intelligence cloud-based technology to improve enterprise services. Neil’s graduate school practicum project was conducted at IBM Scientific Research Laboratory focusing on artificial intelligence and expert systems used for Information Management.

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?