Notifications
Clear all
Topic starter
12/06/2026 10:18 pm
TL;DR: Remote work expands the attack surface because identity checks, device trust, and credential recovery often move outside the office perimeter, and Axiad argues that teams must secure those flows from the outset rather than treating remote access as a temporary exception. The real issue is that legacy access processes assume predictable, office-bound behaviour, while dispersed work demands stronger authentication and credential lifecycle control.
NHIMG editorial — based on content published by Axiad: Work from anywhere with security and trust
By the numbers:
- 80% of workers in the U.S. say they’d turn down a job that didn’t offer flexible work.
Questions worth separating out
Q: How should security teams secure remote worker authentication without weakening MFA?
A: Use identity authentication flows that verify the user and the device together, then keep recovery inside the same control plane.
Q: Why do remote work environments increase identity risk for IAM teams?
A: Remote work increases risk because the trust boundary moves from a controlled office network to home networks, personal devices, and support workflows.
Q: What do teams get wrong about credential recovery for remote employees?
A: They often treat recovery as a support convenience rather than an access control.
Practitioner guidance
- Require MFA-protected recovery workflows Eliminate email-based temporary passwords and links for restoring access.
- Verify both user and device before access Treat device assurance as part of the login decision, not a separate endpoint task.
- Centralise credential issuance and renewal Move credential issuance, renewal, and revocation into a single governed workflow so support teams do not manage access through multiple portals and manual exceptions.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- Practical examples of remote authentication and device verification workflows
- The specific recovery and certificate handling steps that reduce help desk exposure
- Axiad's product-oriented explanation of One Click Issuance and Airlock
- Implementation detail for managing credentials across people, machines, servers, and systems
👉 Read Axiad's analysis of identity security for remote workforces →
Remote work identity security: are your controls keeping up?
Explore further
13/06/2026 12:59 am
Remote work exposes an identity boundary problem, not just a connectivity problem. The article treats dispersed work as a security issue because identity verification now has to travel with the user, the device, and the support workflow. That changes the control model from perimeter trust to authenticated access at every edge. IAM teams should read this as a sign that remote access governance is now a core identity discipline, not a temporary accommodation.
A few things that frame the scale:
- 96% of secrets store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How can organisations keep remote access scalable and auditable?
A: By centralising credential issuance, renewal, and revocation into one governed process. That reduces manual work, limits exceptions, and gives security teams a consistent record of who has access and why. It also makes remote support less dependent on ad hoc email or portal-based workarounds.
👉 Read our full editorial: Remote work identity security exposes gaps in authentication and lifecycle
