Majority of companies still restrict end users from accessing sensitive corporate data and resources from mobile devices
While almost all enterprises have staff that need mobile or remote access to company networks, the vast majority of businesses are having problems with ensuring security, a new study shows.
Despite almost all organisations (98%) having users who require mobile or remote access, 95% of IT departments are facing obstacles to increased user mobility in their organisation, the primary being security concerns, according to a recent global survey of 900 IT decision makers by Gemalto, provider of digital security.
Organisations are challenged to meet demands for greater mobility as 92% of IT departments worldwide still restrict users from accessing sensitive corporate data and resources from mobile devices. Yet almost all (97%) of respondents’ organisations recognise it is important to offer mobility to employees in their work practices.
Gemalto’s 2015 Global Authentication and Identity Access Management Index reveals that almost all respondents (94%) are concerned that their organisation will be breached or hacked as a result of credential theft or compromise. This is exacerbated by the rise in mobile endpoints within enterprises, as most reported to have on average two mobile end points per user, and managing three sets of credentials per user.
Additionally, on average, one out of every five (20%) IT support tickets result from lost or forgotten usernames and passwords.
In an effort to overcome the security challenges around mobility, the majority of IT departments (86%) plan to implement two-factor authentication for access to cloud applications. Currently, 38% of users utilise two-factor authentication, this is expected to rise to over half (51%) of users using it in two years, the study shows. Over half (57%) already use two-factor authentication to secure external users’ access to resources, indicating the varied use of the technology. Almost all (92%) respondents currently have at least one application protected by two-factor authentication, with cloud applications, web portals and VPNs among the top three apps protected.
As IT continues to look to two-factor authentication to deal with the credentials crunch, the vast majority (91%) of respondents are seeking to do this by using cloud-based authentication-as-a-service and managing their organisation’s two-factor authentication centrally.
By having the ability to implement uniform policies that address security threats in a consistent way, two-factor authentication can at the same time streamline access to numerous applications, claimed Gemalto.
In addition, cloud efficiencies are a critical factor in being able to deploy two-factor authentication across multiple use cases and implement solutions quickly and efficiently. Indeed, 90% of respondents view cloud delivery as a key consideration in the purchasing process of a strong authentication solution.
The number of users utilising tokens for mobility in respondents’ companies looks likely to increase across the board; on average, 37% of users in respondents’ firms are currently using them for mobility with this figure expected to increase to 46% on average, in two years’ time.
Said François Lasnier, senior VP for identity protection at Gemalto: “The pressure is on for IT departments to accommodate demands for greater mobility as employees crave new and flexible approaches to working. Organisations that are not open to this change are very likely to be inhibiting business productivity. Users are likely to do what it takes to get the job done, with or without permission, so when corporate resources are scattered across different sites, the need for strong authentication and as-a-service delivery will serve vital functions in making this happen securely. In doing so, organisations will be better placed to protect the identities of their users, without sacrificing on productivity or data protection.”
Lasnier added: “The growing use of cloud applications and mobile devices within organisations, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control. Clearly there is an immediate need for authentication and access management solutions that can help organisations solve these challenges.”
Noted Garrett Bekker, senior security analyst at 451 Research: “Organisations recognise the need to scale security to protect as many on-premises and cloud applications as possible, especially when sourcing a two-factor authentication solution. The survey findings suggest that the choice of two-factor authentication will depend on the solution’s ability to provide centralised management, as well as secure access to the widest range of applications.”
Cloud is also significant factor when it comes to choosing the preferred delivery model of two-factor authentication with 90% agreeing that cloud delivery as a key consideration in the purchasing process of a strong authentication solution. When it comes to the final purchasing decision however, over half the companies reveal that this decision lies with the CIO, with the CSO, CCO, CEO and CFO all likely to be involved in the process as well. The total cost of ownership is, according to 20% or respondents, the most significant consideration when deciding which two-factor authentication solution to select.
However, almost all (95%) respondents think that it is important that their organisation has the ability to produce a single audit trail of access events taking place throughout different resources. The vast majority (95%) of respondents think that two-factor authentication can help their business comply with data protection regulations and pass security audits.
The research from Gemalto polled 900 IT decision makers in July 2015, across the US (200), UK (100), France (100), Germany (100), Australia (100), Japan (100), Benelux (50), Middle East (50), South Africa (50) and Hong Kong (50). All respondents’ organizations across a variety of sectors have at least 250 employees. Interviews were conducted by Vanson Bourne, an independent specialist in market research for the technology sector.