According to the 2020 Thales Access Management Index – Europe and Middle East Edition1 –nearly a third (29%) of organisations still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, two years after the inventor of the complex static password admitted they don’t work. In fact, 67% of respondents indicate that their organisations plan to expand its use of usernames and passwords in the future.
Surveying 400 IT decision-makers across Europe and the Middle East, Thales’s new research found that the majority (57%) of IT professionals revealed that unprotected infrastructure is one of the biggest targets for cyber-attacks. Therefore, any organization utilising it, as a result of business pressure driving them to adopt digital transformation technologies, are likely to be putting themselves at a higher level of risk.
With the Covid-19 global pandemic causing many companies to work from home, IT departments are battling to provide employees with both security and convenience. In fact, over two-thirds (67%) of IT leaders say their security teams feel under pressure to provide convenient access to applications and cloud services for users, but still maintain security – an indication they’re struggling to balance their digital transformation and security priorities. To this end, 96% believe that strong authentication and access management solutions can facilitate secure cloud adoption. This view is particularly widely held in Saudi Arabia and the UAE, with just over three-quarters (76%) of respondents from these markets believing that cloud access management for cloud and web applications is definitely conducive to facilitating cloud adoption. Over three-quarters (76%) also revealed employee authentication needs to be able to support secure access to a broad range of services including virtual private networks and cloud applications.
Making small improvements
While some organisations still rely on legacy authentication methods like usernames and passwords, growing awareness of the threats is prompting action with almost all (94%) organizations having changed their security policies around access management in the last 12 months. Staff training on security and access management (47%), increasing spend on access management (43%), and access management becoming a board priority (37%), have all seen an increased focus. This is set to pay off in compliance terms too, with two thirds (66%) of UAE and KSA respondents who think that controlling who has access to specific types of data will help them to meet data regulation requirements like GDPR and pass security audits.
“As more and more businesses move to adopt cloud-based services for CRM, email, employee collaboration and IT infrastructure as part of their digital transformation strategies, the struggle to extend old solutions, designed to protect internal resources, to the outside world becomes very problematic. Often, in an effort to adapt to the new working habits of users connecting from anywhere, which is increasingly pertinent right now and will become standard moving forward, businesses tend to revert back to old password-based logins for cloud services in despair. This is knowingly increasing their security exposure to credential stuffing and phishing attacks,” said Francois Lasnier, Vice President for Access Management solutions at Thales.
Two steps forward, one step back
Looking ahead, some IT leaders are set to potentially use their influence at board level more wisely, with investment in the use of more secure methods such as biometric authentication (75%) and smart SSO (81%) set to increase in the next year.
When it comes to providing more data for a smart SSO, respondents in the Middle East are far more likely to allow any data to be collected and held if it resulted in a secure smart SSO, with 42% of UAE and KSA respondents stating they would be happy for their organisation to collect and hold more data about them if it resulted in a secure smart SSO solution, and only 4% saying that they wouldn’t allow any more data to be used. This was followed by France with 40% of respondents stating they would happy to share more personal data with 10% saying that they would not allow any more data to be used. These numbers are almost twice as high as those seen in UK (21%), Germany (21%), Belgium and Netherlands (20%).
However, a third (67%) still plan to expand their use of usernames and passwords, which is a similar size to those intending to further utilise passwordless authentication methods (70%), and almost half (48%) of organizations in UAE and KSA would allow employees in their organisation to log on to corporate resources using their social media credentials.
“For a long time, the biggest battle IT leaders have faced is increasing board awareness around taking the threat of security seriously,” Lasnier continued. “Now that they have that buy in, the focus should be on highlighting the importance access management plays in implementing a zero trust security policy to their executive management. With this in place, risk management professionals will be able to put in place a ‘Protect Everywhere - Trust Nobody’ approach as they expand in the cloud.”
1The 2020 Access Management Index, is a survey of 400 executives in 7 countries in Europe and the Middle East with responsibility for, or influence over, IT and data security. The survey, reporting and analysis was conducted by Vanson Bourne, commissioned by Thales.
© Press Release 2020