THE TECH SERIES
Khalil Gibran said –
Progress lies not in enhancing what is, but in advancing toward what will be.
Progress – it seems – sets our sights on the sky and more so, helps us get there.
Opportunities are abound with possibility and fortune. It would seem. And those possibilities and fortune are enabled by the advancement of technology.
But, as we have said before, substantial investment in technology is often required in order to be effective. However, one often experiences push-back when investing hard-earned money into something that is not fully understood. Yet.
There is fear of making the wrong decision and by so doing, setting yourself (and your practice) back.
So, to assist you in the decision-making process, we will be going through relevant legal tech elements that are available in the market – right now. We will be exploring and hopefully simplifying each subject, assisting you in identifying what will benefit your firm.
(Perhaps we will even manage to guide you where implementation of the tech into your practice is concerned).
Without further ado, this week we are going to discuss another topic of “high importance” –
Techopedia defines a digital identity as –
“an online or networked identity adopted or claimed in cyberspace by an individual, organization, or electronic device. These users may also project more than one digital identity through multiple communities.”
But these digital identities have become a little bit of a problem over the last few years. Prior to 2020, signing into your local computer (or laptop) only required a single password (which you were advised to change every now and again). A simple – one step – login process.
A major shift happened when more and more law firms (and companies alike) were forced to work remotely (and off site) and therefore started working from the Cloud – where security and privacy have become major concerns.
As set out in the article The Best Identity Management Solutions for 2022 –
“Now that the pandemic has created so many widely distributed workers while simultaneously forcing businesses to depend on a weave of third-party cloud services, securely managing identity and authentication isn’t just more important than ever; it’s also more complex.
With workers toiling from home, many small to midsized businesses (SMBs) and enterprises have begun to rely much more on third-party cloud services to fill their software needs. That’s great for deployment because it gives users access to tools in a software-as-a-service (SaaS) model that’s not only cheaper but has zero local management issues.
The problem is that those apps require individual per-user authentication. Combine that with pre-pandemic back-end services, which could be in the cloud or on-premises and also require user authentication, and you’re looking at a complex, organically growing identity scenario that’ll be rife with security holes if it’s left alone. That’s where identity management (IDM) comes in”.
Digital Identity Management
With employees working from remote locations, each having their own passwords (some with passwords that are relatively weak but easy to remember), companies have struggled with providing secure access to all of its users. And that goes for legal practices too.
And herein lies the major problem – secure access seems to be the weak link in the chain.
With passwords easy to hack and systems easy to infiltrate, the hacking of a company’s systems (and therefore cyber-attacks) has been on the increase.
Why? It’s simple – one of the easiest and most common ways that cybercriminals can attack a company or law firm’s systems is by hacking a user’s credentials. Like we said – the weak link in an otherwise (semi) secure chain.
To give some gravitas to this and according to a report by Mimecast –
· 96% of organisation’s were targeted by an email-related phishing attempt during 2020-2021, and
· 75% of ransomware that was unleashed by cybercriminals attacked three out of four organisations targeted worldwide during 2020-2021.
Those are sobering statistics.
So, for the most part (and especially where cloud solutions are concerned) it is up to management to decide which online resources their teams need and how to ensure that their data remains secure when being accessed from multiple devices.
In other words – Digital Identities and Access to Systems and Serves needs to be Managed.
And this, invariably, is where Identity Access Management (IAM) steps in.
Identity Access Management
In a rapidly growing digital economy where remote working has become the “new norm” coupled with technology advancing at the rate it is (which – by inference means cyberattacks are also advancing at a rapid rate) – IAM has become critical.
IAM according to solid involves –
“the process of giving employees and stakeholders access to the tools and information that they need, without compromising its security.
To help you do this, IAM cybersecurity solutions allow you to define users’ roles, functions, access, and privileges. They outline the scenarios where users can be granted access, and where it should be denied. The main goal is to give the right people access to the right resources, at the right time”.
But one of the big hurdles with IAM (according to pcmag) is –
“managing these new cloud service identities along with existing authentication measures most companies already have in place. These are typically centered around Identity Providers (IDPs), such as Microsoft Active Directory (AD) or human resources (HR) software. IDMs need to incorporate data from all identity repositories and then combine those records to manage authentication across every software touchpoint.
In many cases, identity information may be sourced from multiple repositories. This requires a way to manage identities in different systems, synchronize information among these systems, and provide a single source of truth”.
What do we suggest?
There is – unfortunately – not a one size fits all approach to IAM. There is not only one way to control identity access that will suit every company or every business. Every business has its own requirements, responsibilities, and needs. Which means access to systems and servers, and the management of digital identities will differ.
A law firm is no exception.
When addressing IAM, it is therefore crucial to understand –
· what types of systems (or perhaps even apps) utilised within your company;
· how your teams work together (is it predominantly via Zoom or Teams, how do they gain access to your company’s systems and servers?), and
· how your teams will access your systems and servers going forward.
The above questions can only (really) be answered in close consultation with a suitably qualified company that is able to both understand and advise on the nuances involved. And provide the security you require.
Gartner sets out some of the more highly rated Identity Access Management tools in the link provided here.
But as we said in our previous article – we believe that in addition to utilising a company that is able to provide you with these IAM Tools, it is also best to work together with a reputable data centre, such as Teraco Data Environments as well as a reliable software provider, such as AJS, to ensure a holistic data environment that is secure, protected and working optimally.
With that done and dusted – systems secured and working effortlessly as one synchronistic environment – progress is not only suggested but almost guaranteed.