The rising use of personal identities in the workplace
90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with 68% saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations.
The enterprise and consumer worlds are merging closer together, with enterprise security teams under increasing pressure to implement the same type of authentication methods typically seen in consumer services, such as fingerprint scanning and iris recognition. 62% believed this was the case, with 63% revealing they feel security methods designed for consumers provide sufficient protection for enterprises. In fact, 52% believe it will be just three years before these methods merge completely.
Consumer breaches impacting enterprise security
Identity theft accounts for 64% of all data breaches across the globe, and consumer service breaches continue to rise, resulting in 89% enterprises addressing their access management security policies. 49% of enterprises have implemented extra training to allay their security concerns, 47% increased security spend, and 44% allocated further resources.
Employee expectations around usability and mobility are affecting how enterprises approach authentication and access management. Nearly half of respondents stated that they are increasing resources and spending on access management. Deployment rates are also increasing: 62% expect to implement strong authentication in two years’ time – up from 51% of respondents who said the same thing last year, and nearly 40% responded they will implement Cloud SSO or IDaaS within the next two years.
Enterprises are clearly seeing the benefits, with 94% using two-factor authentication to protect at least one application and 96% of respondents expecting to use it at some point in the future.
The challenge of mobile security
As more enterprises become mobile, the challenges in protecting resources while increasing flexibility for employees working on the move increases. Despite an increasing amount of businesses enabling mobile working, 35% completely restricted employees from accessing company resources via mobile devices and 91% are at least part-restricting access to resources. This is backed up as half of businesses admit security is one of their biggest concerns to increasing user mobility.
In order to protect themselves against threats from increased mobility, enterprises are still most likely to be using usernames and passwords – two thirds of users at respondents’ organisations are using this authentication method, on average.
Currently, 37% of users at respondents’ organisations are required to use two-factor authentication to access corporate resources from mobile devices, on average. However, like the rise for access while in the office, on average, respondents believe this will increase to 56% in two years’ time.
“What’s clear is businesses feel their customers are not impressed with the authentication methods they’re using. This isn’t a surprise given focus is still on boosting perimeter defences and there remains a lack of investment in solutions like two-factor authentication and encryption, which aim to protect the most valuable thing, the data. It’s not just up to companies to start this process though, customers need to demand that they have access to these necessary security protocols,” said Jason Hart, CTO, Data Protection at Gemalto.