infoTECH Feature

October 22, 2015

Study: Enterprise Applications Face Major Security Lapses

The security threat landscape in the connected world is getting more dangerous for consumers and enterprises alike. An independent study conducted by King Research revealed 60 percent of organizations don’t require non-employee multifactor authentication to access enterprise applications.

Considering enterprise networks can be accessed via applications, not requiring multifactor authentication leaves many organizations vulnerable to possible security breaches. This is especially alarming since most enterprises now deploy mobility solutions with access to these very same applications.

The result of the study was announced by Vidder, inventor of precision application access. King Research conducted the survey with more than 400 InfoSec professionals, who are keenly aware of the threat landscape that currently exists in the digital world. But most organizations don’t have the necessary protocols in place for accessing enterprise applications, this includes those that are behind the corporate firewall.

Another sobering data point from the survey: 57 percent of the organizations had BYOD access to enterprise applications, but 42 percent don’t require non-employees to observe the corporate BYOD policy, creating another vulnerability in the network.

One of the solutions InfoSec professionals found useful was the enforcement of multifactor authentication (MFA (News - Alert)) across the board. According to Vidder, this includes all users at all times; hiding app servers from all devices and unauthenticated users; ensure end-to-end encryption and integrity; and give complete control of who can connect to what, independent of app location, device type and user affiliation.

Bearing in mind the damage a security breach can cause, both monetary and consumer perception, these measures are essential. A solution capable of carrying out these tasks was ranked the highest by these professionals. And the Vidder Software Defined Perimeter (SDP) model for secure connectivity is a platform that delivers on these points.

The SDP platform, which is promoted by the Cloud Security Alliance, provides total control for IT so they can see all clients that are connecting to applications across the enterprise. This lets them grant or deny access.

"This survey is unique in gathering information around enterprise application access, stringent controls, and the usefulness of solutions InfoSec professionals believe would best protect their organizations from becoming tomorrow's headline," said Ross King, Principal Analyst of King Research.

King highlighted another point from the survey that illustrates just how much security is not being taken as seriously as it should.  Fifty seven percent of the respondents stated they have long-term contractors who may or may not reside on-premises, but need access to company information. Forty-two percent of them said these non-employees are given access to enterprise applications with a simple password.

Edited by Kyle Piscioniere

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers