This image has an empty alt attribute; its file name is cpIyQ5AgpOquJfixKFjsvLF3ySKVi9JYmPVqZodzTAQljU6hZt5xn9p64F74W1AmOUDNfk5LOaIEzRi5as4aaZZf9JLK_9Alb_-OtWNvRlHDxmTovgxkamPnvkXzD9q5JpHJy-fl



Last Updated22 November 2021
Document Idtch-research-how-to-kill-the-password
Authorsimonm@thecyberhut.com
Part of Research ProductHow to Kill The Password – Buyer’s Guide to Passwordless Authentication

Employee Use Cases

Passwordless technology can be applied to both internal and external identities in the form of consumers or customers and citizens.

Employee identity – or workforce enablement as it is also known as – provides capabilities that allows organizations to securely provision staff with the appropriate application access so they can perform their job role.

Employee Use CaseDescription
Replacement of Existing Hardware MFAMany organisations have invested in hardware based MFA products such as one time password generators or proprietary biometric scanning technologies.  They often have a high cost-per-user, are utilised by a small percentage (< 25%) of the user population and are costly to expand and customize.  
Employee Use CaseDescription
Augment Existing TechnologiesMany existing workplace technologies have usernames and passwords at their core and provide no out of the box method for MFA or passwordless authentication.  Existing technologies such as VDI (virtual desktop infrastructure), Windows desktop and server estates and Unix/Linux server infrastructure need augmenting with modular MFA and passwordless technology.
Employee Use CaseDescription
Expand MFA to Remote LoginRemote login technologies such as VPNs (virtual private networks) and RAS (remote access servers) provide the basis for distributed working, which has accelerated since 2019 due to the global Covid-19 pandemic.  Whilst many organisations are phasing out VPN technology due to cost and lack of security, an immediate priority is applying modern MFA and passwordless techniques to the remote access login process.
Employee Use CaseDescription
Migration of Physical AccessWhere physical onsite working is still a priority in sectors such as hi-tech manufacturing, pharmaceuticals, Industry 4.0 and health care, the use of smart cards and proximity cards could be phased out in place of mobile centric authentication – leveraging issued credentials with a biometric confirmation.
Employee Use CaseDescription
Admin and PAM MigrationPrivileged Access Management (PAM) and administrative controls have long been a part of a modern security architecture.  In many cases, the administration team was often the first to receive MFA and contextual access control.  This category is likely to be the first team in any staged migration process to passwordless authentication.
Employee Use CaseDescription
Support for Zero Trust With Zero PasswordsZero trust and continuous security has promoted an identity centric view of control.  The emphasis on continual authentication and post authentication re-validation for high risk events and transactions places a need for a simpler and more transparent user verification process. 
Employee Use CaseDescription
Decoupled SSOMany organisations have invested in complex centralised single sign on services that can integrate with a multitude of application types.  These identity provider services have long lifespans (7+ years) and are often costly and difficult to extend and expand.  A decoupled approach to passwordless technology allows for specialism and agility.
Employee Use CaseDescription
Reduced Help Desk CostsOperational efficiency with regards to employee identity and access management has always been a key focus for CIOs.  Password resets are a major workload for even the most effective help desks and the migration to MFA doesn’t always reduce the burden – especially with regards to initial enrolment and lost device use cases.  The removal of passwords in their entirety and less reliance on hardware based MFA can reduce that burden further.

Categories:

Signup for New Content Updates