Last updated: 14 December 2016
With 2017 quickly approaching, Gemalto’sannual Authentication and Identity Management Index uncovers the latest trends and concerns over the convergence of personal and work identities, employee mobility and access management. Conducted by independent research firm Vanson Bourne, the survey questioned 1,150 IT decision makers from around the globe on a variety of identity protection and strong authentication policies—implemented today, and those planned for the future.
Below are some key takeaways to bear in mind for the Year of the Rooster and beyond.
Personal and workplace identities are converging
Though you can’t log in to the corporate VPN with your Facebook account—just yet—six in ten IT decision makers (63%) believe that authentication methods used in the consumer world can be applied to ensure secure access to enterprise applications. Moreover, a similar proportion say their security team is feeling the heat to provide as intuitive a login method as these services, with just over half (52%) estimating that in three years’ time, employees and consumers will be using the same credentials to access both corporate and consumer online services.
This may come as little surprise with a slew of consumer websites offering free OTP apps, SMS-delivered OTPs, and some even rolling out push authentication. We’re all familiar with the “Remember me on this device” option—a basic form of context-based authentication, which requires a step-up second factor only when logging in from an unknown browser-device pair, and which most IT leaders (63%) view as the future of two-factor authentication.
More employee mobility? It depends…
The good news is that only 35% of organizations completely restrict access to work resources from mobile devices, such as smartphones and tablets, with the majority (56%) enabling access—albeit restricted. This could mean that IT directors who restrict access from mobile are not confident enough in their access control methods to allow their employees more mobile usage. At the same time, these same decision makers plan to expand the use of 2FA from mobile devices significantly over the next two years (from 37% today to 56% in 2 years’ time). It has yet to be seen whether this stronger security will also enable increased enterprise mobility. In any event, innovations based on Bluetooth Smart, biometrics and push technology may facilitate this intended expansion.
While the vast majority of IT decision makers surveyed admit there are obstacles to increasing mobility in their organizations, the exact nature of these challenges vary widely, from security concerns (50%), IT management overhead (48%) and costs (43%), to other challenges such as IT visibility (30%) and restrictive compliance mandates (31%).
Cloud – Explosion, SSO and access management
The explosion of cloud applications in the enterprise is bringing home the need to rid users once and for all from ‘password fatigue’—the never-ending chore of maintaining 10-25 disparate username and password sets used by employees for their day-to-day work. To this end, almost half of respondents’ organizations (49%) are planning to implement a solution that provides single-sign on (SSO) to cloud applications, and a similar proportion (47%) agreeing that their organization is under pressure to enable SSO.
Today, password vaulting is the most pervasive method for managing access to cloud applications deployed by 53% of respondents’ organizations. Other methods include IDaaS (28%), Cloud SSO solutions (28%) and on-prem IAM (23%).
Happily, almost all IT decision makers (95%) see SSO for cloud applications as being conduce to mobility and productivity in their organization.
To see how these trends slice and dice per region and globally, visit the Authentication and Identity Management Index website. You can also download the infographic and the full Authentication and Identity Management Index.