Notifications
Clear all
Topic starter
12/06/2026 10:15 pm
TL;DR: Remote work pushed identity to the centre of enterprise security, while Axiad cites Gartner, The Economist, and its own survey data showing 71% phishing, 61% malware, and 52% of tech leaders seeing policy workarounds. The lesson is that user-friendly authentication and credential governance now determine whether remote productivity increases or security exceptions spread.
NHIMG editorial — based on content published by Axiad: What you need to know about ‘Identity-first Security’: The rise of remote
By the numbers:
- The Axiad Remote Work Survey found that phishing threats (71%) and malware (61%) emerged as the most significant new threat vectors in remote work environments.
- The Axiad Remote Work Survey found that more than half (52%) of tech leaders said their remote employees had found workarounds to company security policies.
Questions worth separating out
Q: How should organisations govern remote access without creating unsafe workarounds?
A: They should simplify authentication to a small, supportable set of approved methods, then monitor where users still bypass policy.
Q: Why does remote work increase identity risk even when MFA is in place?
A: Remote work increases identity risk because MFA does not remove the pressure created by more devices, more apps, and more credentials.
Q: How do security teams know whether identity-first security is actually working?
A: Look for fewer approved credential types, lower support friction, and a drop in policy workarounds.
Practitioner guidance
- Inventory every remote authentication path Document which credentials, devices, and applications are used for remote access, then identify any route that is outside the normal lifecycle process for issuance, review, and revocation.
- Reduce authentication choice to a governable set Offer only the authentication methods IT can support consistently, and remove duplicate or informal paths that encourage users to bypass policy when access feels slow.
- Treat workaround behaviour as a security control signal Investigate where users are finding alternatives to approved authentication methods, because those patterns usually point to friction, poor usability, or broken policy design.
What's in the full article
Axiad's full blog covers the operational detail this post intentionally leaves for the source:
- The survey-backed breakdown of remote-work threat perceptions and credential adoption patterns.
- The practical explanation of why employee workarounds emerge when authentication methods create friction.
- The product-level description of how a single pane of glass is intended to simplify credential support across multiple authentication methods.
- The article's broader identity-first security framing for remote and hybrid work environments.
👉 Read Axiad's analysis of identity-first security and remote work →
Identity-first security for remote work: are controls keeping up?
Explore further
13/06/2026 12:53 am
Identity-first security is an access governance model, not a branding exercise. The article is really describing a shift in where trust is established. Once work is distributed, access control has to follow identity wherever it appears, not just where the office network used to end. That makes authentication design, lifecycle control, and credential usability part of the same governance problem.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: What is the difference between identity-first security and location-based trust?
A: Identity-first security makes access depend on verified identity and governed authentication methods, while location-based trust assumes safety because a user is inside the office network or on a managed perimeter. In hybrid work, location is too weak to carry trust on its own, so identity has to do the heavy lifting.
👉 Read our full editorial: Identity-first security is becoming the baseline for remote work
