Enterprises are realising the importance of increasing their security capabilities to provide an extra layer of protection. Here, LastPass explores why password managers remain a valuable addition for organisations requiring extra layers of protection for their employees.
LastPass, a global leader in password management, has released the findings of an IDC Global Survey on Identity and Access Management by LastPass. The survey revealed that ‘balancing company security requirements and the employee user experience’ is the number one identity challenge, followed by ’employees struggling with too many passwords’.
As organisations continue to face the challenges of managing a higher volume of remote employees who need to access different tools and systems outside of a traditional office, leaders can no longer rely on pre-pandemic protocols, policies and infrastructures to keep online data secure. According to the survey, 83% of the organisations who have suffered a security breach believe the breach resulted from a compromised password or identity compromise such as phishing, highlighting a greater need for organisations to adopt Identity and Access Management solutions that work with all employees, are capable of securing every credential in the company and promote the right security behaviours.
With employees continuing to struggle with having to remember upwards of 50-120 passwords, enabling a password manager creates a universal and user-friendly solution to allow employees to securely access the tools they need to effectively do their job. Adopting a password management solution puts the employee in control, helping to drive security awareness and transforming users into one of the strongest defences against potential security threats.
“Identity and access controls are core components for addressing many future-of-work imperatives,” said Mark Child, Research Manager at IDC. “As the number of daily login events rises, the user experience increases in importance. Enterprise password management (EPM) addresses security requirements while providing a consistent and comfortable user experience. It’s imperative that organisations put in place a universal and user-friendly solution to enable all their employees to securely access the tools they need to do their jobs, regardless of where that may be. Security controls need to be transparent and manageable for all users.”
Additional key findings from the IDC InfoBrief, Enabling the Future of Work with EPM, Identity and Access Controls, include:
- Password managers remain a valuable addition for organisations wanting extra layers of protection and user convenience. With deployment at 45% of respondent organisations, Password Managers are the most widely used Identity and Access Management solutions.
- Organisations looking for budget friendly, low complexity solutions that deliver robust security for the hybrid work environment are leveraging Enterprise Password Management. With 45% of companies saying that more complex identity solutions such as SSO and MFA are nice to have, they share that they do not currently have the budget or resources for these types of solutions.
- 98% of respondents said that remote work has impacted their security operations. The top reasons for this include inadequate security on home networks, remote workers being targeted specifically by cybercriminals, employees accessing corporate data/applications on inadequately protected devices, and poor password hygiene.
“Long gone are the days of workers being tied to their desks and this new environment is bringing even newer security challenges for companies,” said Katie Petrillo, Director of Product Marketing for LastPass. “This latest survey explores the future of work and how businesses can expand their security amid rising identity attacks in the industry. As we look to the future of the workplace, employers who embrace deploying a single, user-friendly solution will help ease the employee experience, which is why password managers are fundamental to securing identity and access within an organisation.”
We caught up with Katie Petrillo, Director of Product Marketing for LastPass, to find out more about the criticality of enterprises using a password manager for increased protection.
Can you talk us through the current state of password security and how the use of passwords has changed in recent years?
Passwords – one of the oldest aspects of the Internet – continue to be a pain point for organisations. They appear as mundane and antiquated, yet so many companies have still yet to solve them. And while these are not new challenges, they have very much been heightened by the pandemic, remote work and the rise of cyberattacks in the past few years. The reason for this is the increased time employees are spending online to get their work done (collaborating, sharing work, communicating) and the new accounts that are needed to do so, and in turn passwords.
One of the challenges revealed in the report is that employees are struggling with too many passwords. How would you offer a solution?
I’d approach this in three ways. First; you must start with education on the risks associated with poor password behaviour. Never reuse passwords, always change compromised passwords, use complex ones where you can. Explain to them why these things are dangerous and what could be at stake. Of course, we are all human, so this brings me to the second piece. Two; you must give your employees a solution or technology that allows them to use the education you’re preaching in the first part. Give them a password manager that makes it extremely easy to use unique, complex passwords because you never actually have to remember those passwords. Integrate key business apps with SAML for a single click sign on experience. And layer on MFA wherever possible for that extra step of authentication. Finally; the third approach is to think longer term about passwords in your business. What is the path to removing passwords from the workflow entirely? Consider this path and what will be required for your business to get there.
How should CISOs be guiding their teams when it comes to understanding the importance of password protection?
As security leaders, we are obviously all focused on the security narrative – long, complex and unique is the best way. However, at a surface level, that can be seen as a hurdle for employees – it will create more hoops before making it easier to log in. In addition to educating on the best password and cyber hygiene that I mentioned above, a critical piece to communicate to your end-users is how simple it is to take password security seriously when you have the right tools in place – a password manager makes it easy to log in to your accounts; single sign on gets you in with just one click. Yes, these tools give security leaders peace of mind and check boxes for compliance, but for your teams, the message is that it will make their lives much easier in the process as well.
How fundamental are password managers to securing identity and access within an organisation?
No organisation’s identity tech stack is complete without password management. Single sign on typically covers the big apps – the one that multiple teams are using, and the company is willing to invest the resources and time to integrate with SAML. Multi-Factor Authentication gets put in front of those applications for a second layer of security. But what about the applications that don’t have SAML enabled – your company’s social media accounts, the corporate credit card, the apps your HR team is using but IT doesn’t know about – those accounts all have company data in them and need to be secured. That’s where a password manager comes in to fill the gaps that inevitably are left by SSO and MFA.
What does the future hold for password protection and how will this affect enterprises?
Based on the inherent human element within passwords (we set our own passwords, we resort to weak or reused passwords, we find workarounds wherever we can) and the increasing frequency of cyberattacks, the importance of password security will only continue to rise. Until passwords are completely removed from the online experience – which is a massive, long-term endeavour – the need to educate our employees on best practices and provide them with solutions to turn that advice into action will be a priority for companies. Hackers will get savvier and businesses will only have more to lose; now is the time to instil the priority of password security into our employees because at the end of the day, each company is only as strong as their employees’ weakest password.