An HID Global survey of 600 respondents revealed enterprise end users’ perceptions about change and the importance of industry best practices, and how well today’s technology and policy best practices are being implemented.
The attitudes uncovered in the survey affect how well organizations can defend against increasingly dangerous and costly security threats, both now and in the future.
- Only 37 percent of users perform annual security assessments, and most users do not contract a third party to test their existing PACS. This means users either conduct their own security audits or penetration exercise internally, or do not test their systems at all.
- More than half of respondents have not upgraded in the last year, and more than 20 percent haven’t upgraded in the last three years.
- 75 percent of end-users said cards with cryptography were important. The majority also believes that magstripe and proximity technologies provide adequate security, despite their vulnerability to cloning.
- 75 percent of respondents state that the highest-security technologies were important or very important, but half said they weren’t implementing them well, or at all. Over 90 percent felt the most secure policies were important or very important, with only 70 percent felt they were implementing them effectively or very effectively.
- Biggest barriers to best-practice implementation were budget-related, and management not seeing value in the investment. Yet the cost of not investing in best practices can be very high – for example, $5.4 million for a data breach, according to Ponemon Institute.
HID Global believes that current perceptions about access control will have an impact on the adoption of future technologies. For instance, mobile access control on smartphones will enable a more hassle-free access control experience for users, who can carry all of their keys and credentials on a device they carefully protect and rarely lose or forget.
However, if the market continues to delay shoring up its best practices now against today’s threats to traditional cards and readers, it will be difficult for enterprise infrastructures to seamlessly move to digital credentials carried on smartphones in a BYOD deployment environment with new and different security threats.