Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Remote work identity security: what IAM teams need to do now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Remote work has pushed identity digital security from a login problem into a continuous trust problem, with the article highlighting Zero Trust, MFA, UBA, IAM, SSO, and SASE as the main response patterns, according to GlobalSign. The practical takeaway is that access, context, and user behaviour now have to be governed together rather than as separate controls.

NHIMG editorial — based on content published by GlobalSign: remote work and the evolution of digital identity security

By the numbers:

Questions worth separating out

Q: How should security teams govern remote access when users are outside the office perimeter?

A: Security teams should govern remote access with identity, device, and session context instead of trusting location.

Q: Why does remote work increase identity risk for IAM programmes?

A: Remote work increases identity risk because users connect from more places, more devices, and more applications, which expands the number of trust decisions IAM must make.

Q: How can organisations know whether behavioural analytics is actually helping?

A: Behavioural analytics is working when it surfaces meaningful anomalies that correlate with risky access, not when it simply generates alerts.

Practitioner guidance

What's in the full article

GlobalSign's full article covers the operational detail this post intentionally leaves for the source:

  • The article expands on practical remote-work identity patterns, including how MFA, SSO, and IAM are framed together for distributed teams.
  • It discusses user behaviour analysis and SASE in a way that helps practitioners connect access policy with session-level monitoring.
  • It touches on legal and compliance considerations such as GDPR and CCPA that shape remote identity governance decisions.
  • It includes broader commentary on blockchain, quantum readiness, and future identity models that go beyond this post's governance focus.

👉 Read GlobalSign's analysis of remote work and digital identity security →

Remote work identity security: what IAM teams need to do now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Remote work has converted human identity into a continuously exposed control surface. The article is not really about remote work itself; it is about the collapse of office-based trust assumptions in IAM. When users authenticate from unmanaged locations, identity, device, and session context have to do the work that the network perimeter once did. Practitioners should treat remote access as an identity governance problem, not just an endpoint or VPN problem.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

A question worth separating out:

Q: What is the difference between SSO and Zero Trust for remote identity security?

A: SSO simplifies how users authenticate across applications, while Zero Trust governs whether each access request should be allowed in the first place. SSO reduces password sprawl and user friction, but Zero Trust adds the continuous verification and contextual policy needed when users operate outside the corporate office.

👉 Read our full editorial: Remote work identity security is forcing stronger IAM controls



   
ReplyQuote
Share: