Just weeks ago, Gemalto released results of its annual Authentication and Identity Management Index. The survey, conducted by independent research firm Vanson Bourne, questioned 1,150 IT decision-makers from around the globe on a variety of identity protection and authentication policies that were either already implemented or planned for the future.
For starters, results showed 90 percent are concerned employee reuse of personal credentials for work purposes could compromise security. However, with two thirds (68 percent) saying they would be comfortable allowing employees to use social media credentials on company resources, the research suggests personal applications (such as email) are the biggest worry.
This year’s findings shed light on issues related to the convergence of personal and work identities, employee mobility, and access management. Below are some key takeaways to bear in mind for the Year of the Rooster and beyond.
Personal and workplace identities are converging
Though you can’t log in to the corporate VPN with your Facebook account (yet), six in ten IT decision-makers (63 percent) believe authentication methods used in the consumer world can be applied to ensure secure access to enterprise applications. Moreover, a similar proportion say their security team is feeling the heat to provide as intuitive a login method, with just over half (52 percent) estimating in three years’ time, employees and consumers will be using the same credentials to access both corporate and consumer online services.
This may come as little surprise with a slew of consumer websites offering free one time password (OTP) apps, SMS-delivered OTPs, and some even rolling out push authentication. We’re all familiar with the “remember me on this device” option. This basic form of context-based authentication requires a step-up second factor only when logging in from an unknown browser-device pair, which most IT leaders (63 percent) view as the future of two-factor authentication (2FA).
More employee mobility?
The good news is only 35 percent of organizations completely restrict access to work resources from mobile devices, with the majority (56 percent) enabling access—albeit restricted. This could mean that IT directors who limit access from mobile are not confident enough in their control methods to allow employees more mobile usage.
At the same time, these same decision-makers plan to expand the use of 2FA from mobile devices significantly over the next two years (37 percent today to 56 percent in two years). It has yet to be seen whether this stronger security will also enable increased enterprise mobility. In any event, innovations based on Bluetooth Smart, biometrics, and push technology may facilitate this intended expansion.
While the vast majority of IT decision-makers admit there are obstacles to increasing mobility in their organizations, the exact nature of these challenges vary widely. These range from security concerns (50 percent), IT management overhead (48 percent) and costs (43 percent) to issues such as IT visibility (30 percent) and restrictive compliance mandates (31 percent).
The cloud, SSO, and access management
The explosion of cloud applications in the enterprise is bringing home the need to rid users of “password fatigue” — the never-ending chore of maintaining 10-25 disparate username and password sets used for their day-to-day work. To this end, roughly half of respondent’s organizations (49 percent) are planning to implement a solution providing single-sign on (SSO) to cloud applications, with a similar proportion (47 percent) agreeing their organization is under pressure to enable SSO.
Today, password vaulting is the most pervasive method for managing access to cloud applications deployed by 53 percent of respondent’s organizations. Other methods include IDaaS (28 percent), Cloud SSO solutions (28 percent) and on-prem IAM (23 percent).
Happily, almost all IT decision makers (95 percent) see SSO for cloud applications as being conducive to mobility and productivity in their organization.
To see how these trends slice and dice per region and globally, visit the Authentication and Identity Management Index website here. You can also download the full Authentication and Identity Management Index here.