Companies still lack security controls for accessing enterprise applications

Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall, according to a new study by Vidder and King Research.

Survey respondents ranked as “highly useful” those solutions that:

• Enforce multifactor authentication (MFA) across all users at all times
• Hide app servers from all devices and unauthenticated users
• Ensure end-to-end encryption and integrity
• Give complete control of who can connect to what, independent of app location, device type and user affiliation.

These solution descriptions are all characteristics of the Software Defined Perimeter (SDP) model for secure connectivity. The highest ranked solution is one that does all of the above, according to respondents.

While MFA was indicated as a “highly useful” solution, those surveyed said 60 percent of their organizations do not require MFA for non-employees to access enterprise applications. In addition, while 57 percent of respondents’ organizations allow BYOD for access to enterprise applications, 42 percent do not require non-employees to adhere to the corporate BYOD policies.

“We found that more than half of respondents (57 percent) said they have long-term contractors who need access to company information, and these contractors may or may not reside on-premise. But when asked which authentication type is typically used when providing non-employees access to enterprise applications, nearly half (42 percent) responded that simple passwords are used,” said Ross King, Principal Analyst of King Research.

Other key findings of the research include:

• Sixty-three percent of respondents said that 10 percent or more of their enterprise applications are behind the corporate firewall and are accessed by non-employees.
• When asked to score criteria importance for selecting enterprise security products and services on a scale of 1 to 10, respondents scored “Compliance” the highest with a near 7.6 score. The second most important criterion was “Security Advantage by Using Superior Technology,” with a score of 7.5.
• One-third of the respondents said they have heard of the new SDP model.
• The respondents also said their top security concerns, on a scale of 1 to 10, are server vulnerabilities (7.6), phishing (7.3), server misconfigurations (7.3), and denial of service attacks (6.9).

Administered from June through August, the research consisted of an online survey, with a total of 408 people responding. More than 16 percent of respondents identified themselves as working in the technology industry, followed by financial services at more than 10 percent, and government at more than 8 percent.