If you’re a security professional like me, you are likely quite sensitive to the reports around the number of data breaches impacting businesses today. To confirm that we are developing solutions to address the needs of businesses and the concerns of IT professionals, McAfee commissioned a survey with industry analyst Enterprise Strategy Group (ESG). ESG surveyed 307 IT and security professionals throughout North America, Europe, and Asia. The purpose was to uncover concerns, challenges, and strategic plans around a number of cyber security topics, but the majority of questions were focused on security, manageability and operations around authentication technology like passwords, multi-factor authentication, and single sign-on (SSO).
There were three major discoveries that really resonated with me after reading the results of the survey. Honestly, the first part of the survey really just confirmed what we already know in our business: Almost all security professionals remain concerned about a wide variety of security threats – upwards of 86 percent. Additionally, these professionals believe end-users are especially vulnerable to attacks and identity theft – with 59 percent of the respondents reporting that their company has suffered a security breach in the past two years.
1. Passwords represent a serious vulnerability
While these general security concerns seem obvious, here’s what the survey uncovered that’s not so obvious: Security professionals point to weak security and authentication (AKA: passwords) as the underlying issue. Fifty-five percent of the IT professionals surveyed believe that “one of the greatest security weaknesses may be the continued reliance on the use of passwords for user authentication.” No matter what we do to try to create strong passwords, there is always a risk. Like the majority of IT professionals, I too am leaning toward the belief that user name/password authentication should be eliminated for business-critical applications.
2. Password management is a huge IT burden
The survey results make it clear that IT professionals are very concerned about the archaic and insecure nature of the user name/password combination. It also brings to light that with multiple passwords (56 percent of users), the problems get even more complex – more passwords per user equate to more risk – and more involvement by the IT staff when users forget their passwords and need to have them reset. Risks aside, provisioning and managing of user accounts significantly increases operational costs – from defining account access and privileges to terminating accounts to provisioning multiple accounts across applications. It’s a burden and a waste.
3. The Cloud takes the problem to new levels
Then, there’s the growing reliance on the cloud. Legacy authentication solutions do not play well with the advanced nature of cloud computing. Plain and simple. If we want our employees to be able to benefit from time- and money-saving cloud applications, businesses need a better solution. The ESG survey showed that 46 percent of organizations use between one and five cloud applications, and the number of cloud applications deployed will only grow – the number of sites using between 11 and 20 applications is projected to grow from 14 to 40% over the next 2 years. The amount of sensitive or regulated data moving between the organization and the cloud is mind-blowing. And, businesses that do not have adequate access management in place are at increased risk of increased data breaches and intellectual property theft.
These results prove that businesses require strong authentication tools, like single sign-on (which can replace or even eliminate passwords) and multi-factor authentication (which adds an additional layer of secure access for applications). But, the tools must be easy to deploy, simple to integrate and use, and must be scalable. The team at McAfee has been monitoring the trends and analyzing this business need to assemble and integrate essential identity technology into its portfolio and enhance the Security Connected architecture. Not only are our cloud single sign-on and one-time password solutions highly effective, but they are easy to deploy – right down to customers and partners having the ability to chat with the McAfee Identity Center of Expertise staffed with experts in identity and cloud security.