Takeaways from a Recent Identity Survey by IDG
It's the infamous joke we've all used at one point or another - "Knock, knock. Who's there?" When it comes to identity management, knowing the answer to this question is mission critical. Whether your employees, contractors, customers and partners are accessing your data, applications and systems in the cloud, web, or on-premises, you need to be 100% confident that your users are who they say they are.
Why? Because weak, default, and stolen user credentials have been used in 63% of confirmed data breaches.
Not surprisingly, in a recent IDG survey, sponsored by RSA, conducted with IT professionals, 68% of respondents cite a high-level of concern regarding the risk of a cybersecurity attack resulting from compromised identities.
The emergence of identity as a major threat vector places a premium on delivering convenient and secure access across your mobile endpoints. Today, those endpoints are expanding, along with an increase in cloud applications. Islands of identity that have been created as a result are a concern for 47% of respondents. With the loss of central IT control and visibility over user credentials and authentication for disparate mobile, social, and cloud applications, these users - and their identities - are vulnerable, potentially exposing your organization to unauthorized users.
Human endpoints are growing too, and 51% of respondents say that expansion of the user base is a top security concern. New users include external partners, vendors, suppliers, audit teams, consultants, and customers. Only 24% of respondents felt confident that they could enforce access control policies for these new users. In addition, third-party users whose companies have weak data safeguards and security controls offer a "backdoor" for attackers into your organization.
The prevalence of mobile devices today has fueled a culture of users who are accustomed to convenient access. Touch ID for the iPhone and biometrics for Android have set expectations for consumer-level convenience in the workplace, particularly with BYOD. A large majority (85%) of respondents, though, say that user convenience has been compromised to some extent in their organizations in order to enforce access control policies. The problem for 26% of respondents is that inconvenient authentication controls often are ignored or subverted by their users, which ultimately puts the organization at risk.
It is not surprising, given these concerns, that 51% of respondents look for strong authentication that passes audits and meets regulatory compliance (PCI, PII data, HIPAA, etc.) as the top most important identity management feature when evaluating identity management solutions. Other essential features include the ability to address authentication anywhere, any time, and from any user or device (49%), context-aware and step-up authentication (49%), as well as the ability to integrate with applications up and down the stack - on-premises, legacy, web, and SaaS (47%).
If you're having difficulty authenticating the answer to "who's there?" when users are knocking at your entry points, you are not alone. Nearly half of the respondents are evaluating or plan to invest in a new identity management solution in the near future.
Rethink your approach to multi-factor authentication. Gain unwavering confidence that your users are who they say they are with RSA SecurID® Access, a more intelligent, frictionless, convenient, and secure way to provide users access to your valuable on-premises or cloud applications and data. RSA SecurID Access employs multi-factor authentication through a variety of advanced mobile authenticator options including push authentication, biometrics, as well as hardware and software tokens and leverages contextually-relevant data and risk-based analytics to help IT automate key access decisions while managing the islands of identity, and ultimately, enabling the business to accelerate while mitigating identity risk.
Author: Chris Wraight
Category: RSA Point of View, Blog Post
Keywords: Authentication, Compromised Identities, Identity Management, Multi-Factor Authentication, RSA SecurID, RSA SecurID Access