The most effective security strategies to guard sensitive information

Today’s enterprise IT infrastructures are not largely hosted in the public cloud, nor are they SaaS-based, with security being the single largest barrier when it comes to cloud and SaaS adoption. With the recent rise in breaches and privacy incidents, enterprises are prioritizing the protection of their customers’ personally identifiable information, according to Ping Identity.

Most infrastructure is hybrid

Less than one quarter (21%) of IT and security professionals say that more than one half of their IT infrastructure is hosted in the public cloud, and 15% say more than one half is comprised of SaaS applications. Seventy-five percent say that at least some percentage of their IT infrastructure is hybrid—meaning a mix of cloud, on-premises and SaaS.

Security concerns holding back cloud & SaaS adoption

Security was cited as the number one barrier to cloud and SaaS adoption. Forty-three percent of respondents said it’s the biggest obstacle to cloud adoption, and 37% claimed it’s the biggest barrier to SaaS adoption.

Enterprises are spending more to protect customer identity

More than one quarter (27%) of respondents’ organizations have experienced a breach of customer identity data stored in a public cloud, on-premises or in a SaaS application provider’s cloud. Nearly three-quarters of respondents (71%) say their organizations are spending more on protecting customer identity data in May 2018 as compared with May 2017; just one percent say that spend has decreased.

“With security as the biggest barrier to cloud and SaaS adoption, it’s no wonder we’re seeing enterprises prioritize their security investment—especially following a year that was defined by data breaches,” said Richard Bird, chief customer information officer, Ping Identity. “Safeguarding customer, proprietary and partner data is more important than ever for enterprises seeking to build trust and transition to a more hybrid IT infrastructure. It’s imperative that IT professionals understand the value and effectiveness of the right security controls for their organizations before taking a blanket approach to protecting their data.”

What’s in use vs. what’s working

Multi-factor authentication: Ninety percent of respondents say multi-factor authentication (MFA) is an effective security control to protect identity data in public clouds, yet only 60% say their organizations actually utilize it.

Single Sign-On and biometric authentication: IT and security professionals also see identity federation (single sign-on) and biometric authentication as two of the top five most effective security controls, but these technologies have relatively low adoption rates among their organizations. For instance, 80% of respondents say that identity federation, role- or attribute-based policies, and biometric authentication are largely effective to protect access to identity data in public clouds. Despite this, adoption rates are low: only 34%, 38% and 22%, respectively.

While enterprise investment in security has increased in the past year and IT professionals understand what technologies are most effective at protecting data, they are not always implementing more effective security controls.

Bird added, “This is perhaps because identity federation can be complex to implement if the chosen solution is not architected for hybrid IT environments, whereas deploying multi-factor authentication is often a simpler solution. Biometric authentication is still an emerging technology and therefore may not be as commonplace as more established security controls.”