It is a fact of life for IT security professionals that authentication/identity is the new perimeter for protection enterprises from being compromised by those with malicious intent. This goes not just for those posing external threats that grab headlines, but as importantly for those by internal malcontents who remain responsible for a significant portion of problems. As a result, multi-factor authentication (MFA (News - Alert)) has become a top priority for helping IT mitigate risks. The goal is to provide seamless and secure access across any device, anytime.
Just how important multi-factor authentication, specifically cloud-based authentication, has become is illustrated in new research from leading data protection company SafeNet (News - Alert), Inc. The recently released study by SafeNet, 2014 Global Annual Authentication Survey, found that over one-third of organizations now use multi-factor authentication to provide seamless and secure access across a multitude of devices and locations – an increase from 2013.
The survey highlights the growth in businesses that are adopting multi-factor authentication and distributing it across the wider workforce. In fact, as SafeNet points out, the findings support a recent 451 Research (News - Alert) report, which found that access control and authentication are the top ‘pain points’ and priorities for IT departments. With 57 percent of all data breaches in 2013 the result of malicious outsiders, multi-factor authentication reduces the risk of unauthorized users accessing sensitive information, while still ensuring staff can access corporate resources when and how they need them.
If you are not multi-factor you are engaging in risky business
The research from SafeNet polled more than 350 senior IT decision-makers from around the world—about 29 percent from the Asia Pacific region; 42 percent from Europe, Middle East and Africa; and 29 percent from North America. The report compares data with a corresponding report from 2013.
Key findings include:
Jason Hart, Vice President of Cloud Solutions at SafeNet commenting on the report stated: “It’s clear that some IT departments are struggling to keep up with the rapid pace of change caused by new technologies. The danger is that companies are unable to offer staff the full system access they require to perform their job because they don’t have the secure authentication in place to allow access. Then there’s the fact that almost every other week we hear about a new enterprise being hacked and data potentially leaked. So there is a perpetual battle to keep up with fast-paced advances in technology, and attempts to protect the company and curb security risks.”
Addressing issues and concerns
The report is worth spending some time evaluating based on the insights it provides as to both the reasons for the uptake in adoption of MFA as well as what is seen as holding back an even faster rate of acceptance in the face of clear need.
For example, SafeNet explains that the 451 Research report revealed that authentication and identity access management are a top priority for security projects. Yet, interestingly, in the SafeNet Authentication Survey, almost 40 percent did not know how much their authentication solution costs per user per year. This shines a light on the surprising lack of awareness over what is most cost-effective for the organization.
SafeNet contends that, “The perception that, by not spending extra on multi-factor authentication, the organization is cost saving could be misleading to those in charge of IT budgeting. In fact, a multi-factor authentication solution aims to reduce authentication costs and improve ease of use.”
In the all important area of cloud vs. on-premises-based authentication, it was found that IT understands that driven by the BYOD trend and the need for employees to have everywhere, every time and all the time secure access to corporate resources, cloud-based MFA solutions are becoming attractive with 33 percent of respondents indicating they preferred cloud-based authentication, up from 20 percent last year.
“Ultimately, enterprises must accept that their staff will find ways to use mobile devices to access corporate data – with or without permission. Instead of preventing access, IT decision-makers need to deploy multi-factor authentication, which can offer the protection of corporate resources, while allowing staff access and maintaining productivity and performance,” Hart added.
And, as IT security professionals know, risk mitigation is not just about authenticating people but also involves authenticating the devices, now more than ever their mobile ones, and the applications that run on those devices. On this front the responses are certainly food for thought with the majority of responses grouped at either end of the scale, showing polarized practices:
SafeNet also pointed out that the drive towards mobile authentication is fuelling a move from hardware to software-based authentication tokens. The survey found software-based authentication rose from 27 percent in 2013 to 40 percent in 2014. Plus, based on the responses the expectation is that this will rise again to 50 percent in 2016. Conversely, the use of hardware-based authentication dropped from 60 percent in 2013 to 41 percent in 2014.
“IT companies are certainly responding to the rise in mobility with increased software-based authentication; however, there appears to be a ‘disconnect’ between the desire to embrace mobility, and the struggle to keep up with it and protect resources and data from external threats. Furthermore, as adoption of cloud computing grows, better security becomes crucial. Indeed, the cloud offers various benefits for authentication and applications, but without the security to support them, it only increases the threat.” Hart concluded.
Keeping up with the bad guys as we all know has become one, if not the #1, challenge for IT. As the workplace becomes more mobile thereby increasing the vectors of vulnerability, and cyber threats have become more sophisticated and frequent, the challenges for securing the enterprise have only increased exponentially. What the SafeNet authentication survey shows is that IT is increasingly looking to multi-factor authentication to mitigate risks and to the cloud as a preferred solution.