52% of UK IT pros say security is an obstacle to expand user mobility

News by Danielle Correa

Nearly all (90 percent) IT professionals are concerned about employees using their personal credentials for work purposes.

Nearly all (90 percent) IT professionals are concerned about employees using their personal credentials for work purposes.

Gemalto's Authentication and Identity Management Index report found that despite increasing fears over the threats posed by employees using personal credentials for work purposes, businesses are continuing to let their employees access their social media accounts while at work.

The global study surveyed 1150 IT professionals.

High profile breaches to consumer services is influencing the access management security policies of 89 percent of organisations.

Even though 60 percent of organisation's customers have provided mostly positive feedback on their organisation's authentication policies, 12 percent have experienced mostly negative feedback.

Nearly all (94 percent) protect at least one application with two-factor authentication and 96 percent expect their organisation to expand their use of two-factor authentication in the future.

Four in 10 respondents' organisations have implemented SSO in their organisation, with cloud SSO being preferred by 59 percent of respondents.

“From credential sharing to authentication practices, it's clear that consumer trends are having a big impact on enterprise security,” said François Lasnier, senior vice president, identity protection at Gemalto. “But businesses need to make sure their data isn't compromised by bad personal habits. It's encouraging to see deployment of two-factor authentication methods on the rise, and increased awareness for cloud access management, as these are the most effective solutions for businesses to secure cloud resources and protect against internal and external threats. For IT leaders, it's important that they keep pushing for security to be a priority at the board level, and ensure that it's front of mind for everyone in an organisation.”

In the UK, only 29 percent of businesses are comfortable with employees using social media credentials to log into their organisation's services.

Compared to the global average (63 percent), fewer UK businesses (56 percent) feel under pressure to bring consumer authentication methods into the workplace.

When it comes to selecting two-factor authentication solutions, the CIO/head of IT is the final decision maker in most UK businesses (62 percent vs 53 percent global).

Twenty-two percent of UK businesses (vs 11 percent globally) revealed their policies around access management have not been influenced by consumer breaches. Meanwhile, 41 percent of UK companies are unaware of what their customers think of their authentication policies (vs 20 percent globally) and 13 percent believe customers have confidence in these policies (vs 42 percent globally).

Only 30 percent of UK businesses are using two-factor authentication (vs 40 percent globally). Only 52 percent expect it to be used in two years' time (vs 62 percent globally).

Fifty-two percent of UK businesses say security concerns are a main obstacle to increase user mobility in their company.

“It's refreshing to see UK businesses are addressing security concerns and are being far more cautious when it comes to allowing employees to use their personal credentials when accessing the company's system. Allowing this is dangerous and can open up the company to attack from a third party through methods like social engineering.

“The UK also seems to be less impacted than the rest of the world and more resilient when it comes to consumer pressures from breaches and authentication methods.

“What's clear is businesses feel their customers are not impressed with the authentication methods they're using. This isn't a surprise given focus is still on boosting perimeter defences and there remains a lack of investment in solutions like two-factor authentication and encryption, which aim to protect the most valuable thing, the data. It's not just up to companies to start this process though, customers need to demand that they have access to these necessary security protocols,” said Jason Hart, CTO, data protection at Gemalto.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews