The Gemalto 2018 Identity and Access Management Index, which is a survey of than 1,000 IT decision makers globally, "found increased use of the cloud is increasing vulnerabilities and driving the need for consumer-type logins to guarantee security".
We're told that "not only did half of Australian respondents identify web portals as the biggest target for cyber-attacks, almost half (49%) of Australians think organisations have poor visibility over their applications in the cloud and that this is putting them at risk of being a target for cyber-attacks."
With NDB legislation recently coming into effect, Gemalto notes "organisations are increasingly aware of the risks of poorly managed employee authentication. Australians are particularly concerned, with 46% thinking the impact/potential outcome of ineffective cloud access management is larger scale breaches due to a lack of visibility over cloud, compared to just 37% globally."
- 70% believe that authentication methods applied in the consumer world can be applied to secure access to enterprise resources
- (94%) respondents believe that cloud access management is integral to adopting cloud applications
- Almost half of Australian respondents (48%) agreed that consumer sites are doing a better job of authentication.
- One-quarter (25%) of Australians said mobility is viewed as a luxury for users, compared to just 17% globally and only 4% of Belgians, as an obstacle to mobility
- Almost half (47%) say security concerns are the main obstacles to increased user mobility in their organisations
- 40% of Australians reported cost as a main obstacle to increased user mobility in their organisation, compared with 31% global average
- 89% of Australians are concerned about employees at their organisation reusing personal credentials for work purposes
- Almost one-third (29%) of Australian employees use their own personal account when using social media for work purposes
Gemalto's research also "found that the proliferation of cloud applications and use of a disparate range of devices within businesses has led to nearly two-thirds (64%) of IT leaders admitting that their security teams are considering implementing consumer-grade access to cloud services for employees".
The index also revealed that "the majority (54%) believe that the authentication methods they implement in their businesses are not as good compared to those found on popular sites including Amazon and Facebook."
With a growing number of cloud apps in use, "more employees working remotely and pressure mounting to make authentication stronger while ensuring ease of use, IT decision makers are keen to ‘consumerise’ the login process.
"Despite this, 92% of IT leaders express concern about employees reusing personal credentials for work. This comes as 61% admit that they are still not implementing two-factor authentication to allow access to their network, potentially leaving themselves vulnerable to cyber criminals.
"At the same time, there seems to be increasing recognition that new approaches to cloud access can contribute to alleviating these issues. 62% of respondents believe that cloud access management tools can help simplify the login process for users, while 72% stated that a strong consideration for implementing a cloud access solution is the desire to reduce the threat of large scale breaches.
"The fact that 61% of respondents also stated that inefficient cloud identity management would be a key factor in adopting a cloud access management solution, shows that scalability and management overheads are also of high concern to IT professionals."
Francois Lasnier, SVP Identity and Access Management at Gemalto said: "These findings clearly show that IT managers are struggling to balance the need for a simple and easy login experience with security.
“While there is a need to make things easier for employees, there is a fine line to be walked. IT and business line managers would do best to figure out the risks and sensitivities associated with the various applications used in their organisations and then use access management policies to manage risk and apply the appropriate authentication method. In this way, they can ensure a convenient login experience for their users, while still maintaining access security.”
With the growth in remote working, Gemalto says "the cloud and secure access to applications have become important for organisations. As a result, almost all (94%) respondents believe that cloud access management is integral to adopting cloud applications.
"In fact, nine in 10 also feel that ineffective cloud access management can lead to issues for their company, such as security (52%), IT staff’s time being used less efficiently (39%) and increased operational overheads and IT costs (38%). Despite this focus on protecting cloud applications, just three of the 27 used on average by organisations are protected with two-factor authentication."
Lasnier continued: “The rapid increase of cloud apps has brought organisations lots of benefits, but also caused a high degree of fragmentation in their ability to manage access security across numerous cloud and on-premises applications.
"Without effective access management tools in place, this is liable to lead to higher risk of breach, a lack of visibility into access events, regulatory oversite - and hamper organisations’ ability to scale in the cloud.”
Gemalto will host a webinar on March 8th on Identity and Access Management trends: The Consumerisation of Enterprise Security. More info here.
Gemalto also has more info on its Identity as a Service "Access Management" offerings here.