Third-Party Governance:Digital Identity

By Jim Routh

Fellow, Institute for Critical Infrastructure Technology

The transition to hybrid work models has significantly increased security challenges for organizations, as employees and third parties access company resources from various remote locations. This expanded attack surface has made it difficult for enterprises to maintain consistent cybersecurity controls, leading to a rise in cyber incidents and supply chain disruptions. The shift, accelerated by the COVID-19 pandemic, has resulted in a persistent trend towards remote and hybrid work, necessitating new strategies for effective risk management. Organizations are struggling to enforce security policies outside of traditional office environments, particularly concerning identity and access management, which is further complicated by the use of unsecured home networks and personal devices.

To address these challenges, there is a pressing need for the evolution of third-party governance practices and cybersecurity controls. Traditional methods, such as annual vendor risk assessments, are increasingly inadequate in managing the dynamic risks associated with modern technology use. Instead, a real-time, data-driven approach that leverages continuous authentication and identity validation is recommended. This includes utilizing biometric measures and behavioral analysis to enhance security while improving user experience. By adopting these advanced controls, organizations can better manage their cyber risks and protect sensitive data in an environment where remote work is likely to remain a staple.

Read the full paper.