Security concerns over convergence of personal and workplace identities

Security concerns over convergence of personal and workplace identities

Gemalto has released the findings of its Authentication and Identity Management Index, which revealed that 92% of enterprise IT professionals surveyed in the Middle East are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with over three quarters (78%) of respondents saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations.

Convergence of personal and workplace identities

The enterprise and consumer worlds are merging closer together, with enterprise security teams under increasing pressure to implement the same type of authentication methods typically seen in consumer services, such as fingerprint scanning and iris recognition. Six in ten (62%) global enterprises use the same online authentication for employees and customers revealing that they feel security methods designed for consumers provide sufficient protection for enterprises as well.

Consumer breaches impacting enterprise security

Identity theft accounts for almost two thirds (64%) of all data breaches across the globe[1], and consumer service breaches continue to rise, resulting in almost nine in every ten (89%) enterprises addressing their access management security policies. Nearly half of enterprises have implemented extra training (49%) to dispel their security concerns, 47% increased security spend, and 44% allocated further resources.

Employee expectations around usability and mobility are affecting how enterprises approach authentication and access management.  Nearly half of respondents globally, stated that they are increasing resources and spending on access management. Deployment rates are also increasing:  62% expect to implement strong authentication measures in two years’ time – up from 51% of respondents who said the same thing last year. Nearly 40% of respondents said that they will implement Cloud SSO or IDaaS within the next two years. The Middle East region reflects global trends with an average of 73% of respondents expecting to implement strong authentication in the next two years.

Enterprises in the Middle East region are clearly seeing the benefits, with almost all (98%) using two-factor authentication to protect at least one application and nearly all respondents (96%) expecting to use it at some point in the future.

Mobility security still a challenge

As more enterprises become mobile, the challenges in protecting resources while increasing flexibility for employees working on the move increases. Despite a growing amount of businesses enabling mobile working, 42% of Middle East enterprises surveyed have completely restricted employees from accessing company resources via mobile devices.This is backed up as businesses admit security is one of their biggest concerns to increasing user mobility.

In order to protect themselves against threats from increased mobility, enterprises are still most likely to be using usernames and passwords – two thirds of users at respondents’ organisations globally are using this authentication method, on average. Currently, 37% of users at respondents’ organisations are required to use two-factor authentication to access corporate resources from mobile devices, on average. However, like the rise for access while in the office, on average, respondents believe this will increase to over half (56%) in two years’ time.

“From credential sharing to authentication practices, it’s clear that consumer trends are having a big impact on enterprise security. This is especially true as Middle East enterprises are rapidly adopting mobility by allowing their employees to bring their own devices to work to merge their personal and professional lives into a single mobile experience, ” said Sebastian Pavie, Regional Director, MEA, Identity and Data Protection, Gemalto. “But businesses need to make sure their data isn’t compromised by bad personal habits. It’s encouraging to see deployment of two-factor authentication methods on the rise, and increased awareness for cloud access management, as these are the most effective solutions for businesses to secure cloud resources and protect against internal and external threats. For IT leaders, it’s important that they keep pushing for security to be a priority at the board level, and ensure that it’s front of mind for everyone in an organization,” Pavie concluded.

[1] According to Gemalto’s H1 2016 Breach Level Index

Browse our latest issue

Intelligent CISO

View Magazine Archive