Gemalto’s 2018 Identity and Access Management Index Survey indicates that the role of a dedicated Chief Information Security Officer within organizations has increased by a quarter in the last year
The mainstreaming of cloud and the use of a disparate range of devices within businesses has led to nearly two-thirds of IT decision makers admitting that their security teams are considering implementing consumer-grade access to cloud services for employees. Gemalto’s 2018 Identity and Access Management Index Survey interviewed more than 1,000 IT decision makers globally and found that a majority of them believe that the authentication methods they implement in their businesses are not as good compared to those found on popular sites including Amazon and Facebook.
Recent high-profile data breaches are influencing businesses’ security policies, with nine in 10 respondents admitting making changes as a result. In fact, the role of a dedicated Chief Information Security Officer within organizations has increased by a quarter in the last year, while 58% of businesses have implemented access management solutions to account for these concerns.
Nine in ten IT decision maker respondents state that their organization’s security policies around access management have been influenced by breaches of consumer services, which shows how powerful these breaches can be.
Most vulnerable to attacks
Around 50% of respondents highlight web portals as one of the biggest targets, around two in five say the same for cloud applications (SaaS, PaaS, IaaS), 39% mobile applications, 37% local network access and just under three in ten say so for VPN. In addition, two fifths of respondents consider unprotected infrastructure such as IoT to be a big target for cyber-attacks.
Over four in ten respondents see cloud applications as one of the biggest targets for cyber-attacks. Of these respondents, 71% indicate the reason behind this may be the increasing volume of cloud applications in use, and 55% say that the lack of strong cyber security solutions to implement appropriate solutions. Over two fifths also indicate cloud applications may be targeted for cyber attacks because access management solutions are currently in place for the cloud are poor, which is something that organizations could improve.
Two-factor authentication is gaining adoption
The vast majority of respondents’ organizations are now using two-factor authentication for at least one application. For instance, eight in ten respondents report that their organization has at least one application that is currently protected by two-factor authentication for cloud applications (SaaS, PaaS, IaaS), 78% for local network access and web portals, with 77% for VPN and enterprise applications.
Spend more on security
A total of 45% respondents agree that their companies have started spending spending on access management (45%), staff being trained on security and access management (44%), and more resources being allocated to access management (42%). In addition, around two in five say that secure access management is now a priority for the board, rising slightly from 34% in 2016.
The impact of social media
The survey also highlights the extent to which social media platforms play a role in marketing. Interestingly, despite social platforms having been used in the past as an attack route for malicious actors to breach organizations, it seems IT departments fall short in being able to apply cohesive access security for social platforms. For example, over two fifths indicate that employees use a company-approved individual account when using social media for work. According to the survey, 50% of respondents report that their organization secures access to its social media accounts via a relatively simplistic method of username and password, a slight drop from the 65% who reported doing so in 2016. There are of course, those who say that their organizations use native two-factor authentication provided by social media sites.
Compliance and auditing
Nearly all respondents think that two-factor authentication will be able to contribute towards their organization’s ability to comply with data protection regulations and pass security audits, with over half believing that this is definitely the case. Similarly, the majority of respondents believe that it is important that their organization is able to produce a single audit trail of access events taking place throughout different resources used by the organization, with nearly three in ten viewing this as extremely important. The ability to encourage better compliance and easier auditing may not often be the primary reason to implement two-factor authentication, but is certainly an added bonus.