Article posted: Jan 23, 2017
By Joakim Thoren, CEO
More than nine out of 10 organizations are using two-factor authentication to protect at least one application, according to a recent Gemalto survey on Authentication and Identity Management. Gemalto polled 1,150 IT decision makers from around the globe in late 2016 to gain insights into organizations' identity and access management practices.
The poll results are welcome fodder for security companies who have been saying all along that multiple-factor user authentication is among the easiest and most effective means for protecting an organization's most valuable assets.
Here are additional highlights from the survey:
Personal and Work Credentials Don't Mix
Ninety percent of the respondents in the Gemalto survey have concerns about employees in their organizations reusing personal credentials for work purposes. This is a growing concern for organizations that are still relying heavily on password protection. Employee passwords are not generally provided to employees, so employees take the easy way out by reusing passwords that are easy to remember - often the same ones they use for their personal accounts. Personal passwords are easily hacked as is evidenced by the recent and very public hijacking of Hillary Clinton campaign manager John Podesta's personal email account. Not only was the hack embarrassing, some believe it may have swayed votes in the recent US presidential election.
Lessons from Consumer-Facing Organizations
More than three in five (63%) respondents agree that authentication methods used in the consumer world can be applied to ensuring secure access to enterprise resources. A similar proportion (62%) agree that their organization's security team feels pressure to provide the same type of authentication for employees as consumer services (such as text, call back or social account). Around half (47%) of respondents also believe that their organization's level of employee authentication is not as good as those offered by consumer websites such as Facebook or Amazon.
Cloud Services Pressures
Around nine in ten (88%) respondents' organizations have either already implemented or are planning to implement cloud single-sign-on (SSO) as an access management capability, with around four in ten (39%) having implemented this already.
Around half (47%) of respondents agree that their organization is under pressure to enable SSO. Around six in ten (59%) respondents' organizations secure users' (such as partners, consumers and contractors) access to online corporate resources with two-factor authentication. When sourcing a two-factor authentication solution, one in three (33%) respondents state that the most significant consideration is the ability of a solution to protect as many enterprise and cloud applications as possible.
It's encouraging to see that organizations are more open to implementing multi-factor authentication to protect their corporate and data assets. As more companies work with external contractors and the reliance on cloud services increases, the need to implement and manage cloud identity and access management is growing as well.
The challenge is creating IAM solutions that are affordable for small- and medium-sized organizations. In Versasec's 2017 Annual Security Survey of SMBs, the respondents identified the need for affordable IAM solutions. These are all good signs for a more secure 2017.