Gemalto Survey: “IT Departments face obstacles to user mobility for fear of data breaches”

Organisations are being challenged to meet the demands for greater mobility as 92% of IT Departments worldwide still restrict users from accessing sensitive corporate data and resources from mobile devices. This is according to a recent global survey of 900 IT decision-makers conducted by Gemalto.

Despite almost all organisations surveyed (98%) having users who require mobile or remote access, 95% of IT Departments are facing obstacles to user mobility, the main reason being security concerns.

The 2015 Global Authentication and Identity Access Management Index reveals that almost all respondents (94%) are concerned that their organisation will be breached or hacked as a result of credential theft or compromise. This is exacerbated by the rise in mobile endpoints within companies, with most reported to have – on average – two mobile endpoints per user and managing three sets of credentials per user. Additionally, on average, one out of every five (20%) IT support requests arise due to lost or forgotten usernames and passwords.

In an effort to overcome the security challenges around mobility, the majority of IT Departments (86%) plan to implement two-factor authentication for access to cloud applications. Currently, 38% of users employ two-factor authentication, but this percentage is expected to rise to over half (51%) of users within two years. Over half (57%) already use two-factor authentication to secure external users’ access to resources, indicating the varied use of the technology. Almost all (92%) respondents currently have at least one application protected by two-factor authentication, with cloud applications, web portals and VPNs among the Top Three apps protected.

As IT continues to look towards two-factor authentication to deal with the ‘credentials crunch’, the majority (91%) of respondents are seeking to do this by using cloud-based Authentication-as-a-Service and managing their organisation’s two-factor authentication centrally. By having the ability to implement uniform policies that address security threats in a consistent way, two-factor authentication can, at the same time, streamline access to numerous applications. In addition, cloud efficiencies are a critical factor in being able to deploy two-factor authentication across multiple use cases and implement solutions both quickly and efficiently. Indeed, 90% of respondents view cloud delivery as a key consideration in the purchasing process of a strong authentication solution.

Demand for greater mobility 

“The pressure is on for IT Departments to accommodate demands for greater mobility as employees crave new and flexible approaches to working,” said François Lasnier, senior vice-president for identity protection at Gemalto. “Organisations not open to this change are very likely to be inhibiting business productivity.”

Lasnier continued: “Users are likely to do what it takes to get the job done with or without permission, so when corporate resources are scattered across different sites, the need for strong authentication and ‘as-a-service’ delivery will serve vital functions in making this happen securely. In doing so, organisations will be better placed to protect the identities of their users without sacrificing productivity or data protection.”

He added: “The growing use of cloud applications and mobile devices within businesses, combined with rising threats and the need to reduce costs, requires entirely new considerations for access control. Clearly, there’s an immediate need for authentication and access management solutions that can help companies solve these challenges.”

Garrett Bekker, senior security analyst at 451 Research, told Risk UK: “Organisations recognize the need to scale security to protect as many on-premises and cloud applications as possible, particularly when sourcing a two-factor authentication solution. These survey findings suggest that the choice of two-factor authentication will depend on the solution’s ability to provide centralised management, as well as secure access to the widest range of applications.”

Key findings of the survey 

Some of the additional key findings of the survey include the following:

Importance of mobility

*Almost all (97%) respondents’ organisations recognise that it’s important to offer mobility to employees in their work practices

*The number of users employing tokens for mobility in respondents’ organisations looks likely to increase across the board. On average, 37% of users in respondents’ organisations are currently using them for mobility, with this figure expected to increase to an average of 46% in two years’ time

The role of cloud in the purchasing decision

*Cloud is also a significant factor when it comes to choosing the preferred delivery model of two-factor authentication, with 90% of respondents agreeing that cloud delivery is a key consideration in the purchasing process of a strong authentication solution

*When it comes to the final purchasing decision, over half of the organisations questioned revealed that this decision lies with the CIO, with the CSO, CCO, CEO and CFO all likely to be involved in the process as well

*The total cost of ownership is, according to 20% of respondents, the most significant consideration when deciding which two-factor authentication solution to select

Security threats and compliance

*Almost all (95%) respondents think that it’s important their organisation has the ability to produce a single audit trail of access events taking place throughout different resources

*The majority (95%) of respondents believe two-factor authentication can help their organisation comply with data protection regulations and pass security audits

*Gemalto conducted its research in July, gaining the views of 900 IT decision-makers from across the US (200), the UK (100), France (100), Germany (100), Australia (100), Japan (100), the Benelux region (50), the Middle East (50), South Africa (50) and Hong Kong (50)

**All respondents’ organisations across a variety of sectors have at least 250 employees. Interviews were conducted by Vanson Bourne, an independent specialist in market research for the technology sector

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts