Intelligent CISO Issue 9 - Page 42

E R T N P X E INIO OP writing them down on some sort of sheet or post-it note or keeping it on an Excel file on their phone or on their desk, which can easily be infiltrated. We must figure out an easier way. I am a believer that at some point we will find something that’s better than passwords, but that’s not going to be in the near future so we need to be able to help and work better to secure them today. Is there a barrier between the ‘techies’ and end users? I think there’s a lot of friction between the two and I know that IT is really frustrated with that too. They don’t want to be considered the bad guy, they don’t want to be thought of as somebody who is slowing down the business. They want to figure out how they can enable the business. But they’re also responsible for weighing the risks. They’re stuck between a rock and a hard place. But that’s where having a simple solution that people can actually use, both in their professional and personal lives, can help. Not only are you changing behaviour at work, but you can change an employee’s behaviour at home. And this really is a behavioural change. It’s about us as human beings and what we do and how we do it. This remains a challenge for IT, but when that problem can be met and overcome, you have a lot of success. How does LogMeIn’s LastPass password manager help to secure remote workforces and those using BYOD? We have to make it easier for people to manage their passwords rather than using the same one and just changing that last number. they’re everywhere. So as a CISO or Director of IT, you’re thinking ‘now how do I do it?’ Having an enterprise grade password manager in place ensures employees have secure access to their passwords no matter what device they’re on. Plus, they are able to autofill passwords on any device and into mobile apps. Having this consistent experience across devices makes using password managers much easier. And again, it goes back to human behaviour. If the user can have a consistent experience with a password management tool at work, at home and on their device, they will eventually change their behaviour. And for IT, it will at least relieve some of the pressure on employees to remember all this stuff. Will passwords ever be replaced? I think without a doubt both of these are huge trends that are not going to change. I think what will happen first, is that passwords will be remediated, something will take their place. They’ll be made a little bit more invisible to the end user. With these, you have a lack of control again from IT. Before the advent of BYOD, IT only had to worry about protecting the company perimeter. But now, there are the cloud apps, the devices, there are many employees, and Even right now, think about using your face as an ID or using your fingerprint for biometric authentication. In many cases there are still passwords behind that, but this is just putting a much easier user interface in front of it. So, I 42 would expect there to be many more advances in technology, that makes accessing things easier, but actually replacing the password, will take a very long time. And so, until then, let’s just make it as easy as possible to manage passwords. One important thing for the enterprise is, and we talked about this a lot, is consumers or end users – they’re critical, if you don’t have them, you have nothing. But there is also an element of control. It’s what we bristle against with the enterprise. And I think one thing that password management systems like LastPass do give, is a much better sense of control over your organisation’s password polices. You’re able to set a variety of policies and get an organisational security score, Issue 09 | www.intelligentciso.com