3 Recommendations for a Human-Centric Approach to IAM, According to Gartner
If you’re like most security leaders, you’ve heard or perhaps even said some version of “humans are the weakest link in cybersecurity” many times before—in security training, in IT budget meetings, and in breach response conversations.
However, a recent Gartner report titled “Take a Human-Centric Approach to IAM Controls” states, “This builds a counterproductive narrative, resulting in an adversarial relationship between the security team and the users, which decreases the overall effectiveness of security controls.”
Dashlane believes that security and risk management (SRM) leaders, as they’re called in the report, can minimize risk through practical security controls designed with their employees’ workloads and technical literacy in mind. Of course, we understand this is easier said than done.
“The perception of cybersecurity guidance is largely negative,” the report found. Half of surveyed employees believe guidance is too long and 36% believe it’s unreasonable for their role.
Fortunately, the report guides SRM leaders on how to enhance security through a human-centric approach to identity, with some specific recommendations.
How leaders can take a more human-centric approach
Gartner has 3 main recommendations for SRM leaders:
- Reform the security function’s relationship with the user community by partnering with your users via continuous feedback loops and meaningful communication to motivate safe behaviors.
- Simplify user journeys and improve UX by enabling users, rather than fighting against their desired or established workflows.
- Achieve minimum effective friction for IAM controls by factoring in lifestyle or workstyle considerations based on user personas.
The report provides examples of how to enact these recommendations as well, such as, “Partner with someone who has expertise in communications from outside IT. Too often, those from an IT background are conditioned to use language that sends the wrong message.”
Dashlane believes that this focus on communication and relationship building is the key to establishing a strong culture of security. Security teams, executives, and employees all need to have buy-in and fully understand the reason behind the security controls.
As the report states, “Security control design must account for human factors across all IAM initiatives such as access management, passwordless authentication, and identity threat detection and response (ITDR).”
The human-centric approach to credential security
With the use of stolen credentials still the most common initial action in a breach, we at Dashlane believe the real weakest link is employee credentials.
Dashlane’s human-centric approach to proactive credential security helps organizations build a strong culture of security. IT admins get seamless security visibility and control and employees get an intuitive credential management platform.
With Dashlane, your organization can:
- Proactively protect against breaches: Credential Risk Detection monitors for threats (even if employees aren’t using Dashlane), while Nudges automate risk response by alerting plan members of the weak, reused, and compromised credentials they should secure.
- Empower admins: Dashlane provides maximum visibility into credential threats and equips IT admins with powerful tools they can set and forget for continuous breach protection.
- Secure every point of access: SSO is no longer enough to protect every login. Secure non-SSO accounts and simplify user management by integrating Dashlane with your IdP.
- Deliver security you can track: Dashlane scans billions of breach records, providing Password Health scores, security and phishing alerts, and Dark Web Monitoring.
Between AI-enabled cyberattacks and tightening security budgets, SRMs are facing a lot of challenges. A human-centric approach that sees employees as partners in security rather than its weakest link is the key to effective IAM controls and positive security outcomes.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Sign up to receive news and updates about Dashlane
