The domino effect of technology has always fascinated me – especially when it comes to what prompts the evolution of cyber security solutions and how quick enterprises embrace security best practices. For example, it’s not news that the increasing capabilities of mobile devices and the networks supporting them means employees are able to get more done from wherever they might be. As a result, how much or little an enterprise embraces mobility with its policies will have a direct impact on productivity. But the increase in mobile endpoints creates greater security risk, and thus cyber security measures must likewise quickly evolve to keep up.
The findings from the 2015 Authentication and Identity Management Index, a recent global survey of 900 IT decision makers by Gemalto, highlights just how critical it is for enterprises to balance embracing new methods to remain competitive and empower employees and avoiding potentially disastrous security risks. The adoption of authentication seems to be trending upward, which is great as – according to the respondents – this is something enterprises need to do in order to truly remain secure while giving employees remote access.
Here are some of the results from the new study:
Digital Identity Management and Mobility Challenges
Many of the questions on the Authentication and Identity Management Index revealed how daunting a task it is for IT to try to scale authentication and identity management capabilities to cover the workforce’s growing mobility demands.
- On average, respondents’ organizations are managing three sets of credentials per user
- Each user in respondents’ organizations has access to, on average, two mobile end points
- Almost all (97%) respondents recognize the importance of mobility in their organization’s work practices
- However, 95% of respondents agree that there are obstacles to increased user mobility within their organization, with security concerns (46%) and IT management overhead (46%) being the most common obstacles
- The vast majority (92%) of respondents say that their organization restricts users from accessing corporate resources from mobile devices to some extent, with 37% saying that this is completely restricted
- Software tokens (90%) and hardware tokens (90%) are anticipated as being the most commonly used token types for mobility in two years’ time. On average, they are anticipated to be used by 46% and 44% of users respectively in the next two years.
Two-Factor Authenticaton Today
While IT is certainly facing an uphill battle, one of the more positive takeaways from the Authentication and Identity Management Index is how prevalent two-factor authentication (2FA) is among the respondents’ organizations already, the areas in which it is being applied, and the expectations for 2FA adoption in the future.
- Currently 38% of users in respondents’ organizations use two-factor authentication, this is expected to increase to over half (51%) in two years
- On average, 35% of users are currently required to use two-factor authentication to access corporate resources from mobile devices within respondents’ organizations. This number is expected to increase to just under half (49%) in two years’ time, on average
- Over nine in ten (92%) respondents are using two-factor authentication within their organization for at least one application.
- The applications more commonly protected by two-factor authentication within respondents’ organizations are VPNs (86%), web portals (84%) and cloud applications (83%).
- The vast majority (93%) of respondents expect that their organization will expand the use of two-factor authentication to protect applications in the future, with around half (48%) expecting that this will be done within the next year.
Factors Driving Authentication Trends
As mentioned above, it’s expected that in two years 51% of users in the respondents’ organizations will utilize two-factor authentication. Compliance with security regulations, breach preparedness, and trying to reduce the occurrence of shadow IT were among the reasons IT decision makers cited as potentially leading enterprises to increase two-factor authentication and to adopt a central 2FA management platform.
- Over nine in ten (94%) respondents are concerned that their organization will be breached or hacked as a result of credential theft or compromise
- The most common event that would increase stakeholder buy-in of an authentication solution that supports increased user mobility within respondents’ organizations would be a high profile breach involving cloud-hosted resources (53%).
- The vast majority (95%) of respondents think that two-factor authentication can help their organization comply with data protection regulations and pass security audits
- When sourcing a two-factor authentication solution, 94% of respondents’ organizations consider software authentication and tokenless authentication methods for end users, and the cost per user as factors
- Nine in ten (90%) respondents say that managing two-factor authentication centrally can help reduce shadow IT in their organization
Check out our new infographic to learn more about secure mobile access challenges highlighted by the 2015 Authentication and Identity Management Index. You can also visit our report page for all the questions and findings from the new survey. I hope you enjoy reviewing the findings, and I encourage you to share your opinion on the authentication trends you’re seeing within your organization with us via @GemaltoSecurity.