Gemalto study reveals security concerns over employee reuse of personal credentials

December 15, 2016 - 

Gemalto released the results of its ‘Authentication and Identity Management Index’, which revealed that 90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security.

Meanwhile, 68% said they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organizations.

The report explores the growing trend of the enterprise and consumer realms merging closer together, with mounting pressure on enterprise security teams to implement similar forms of authentication methods introduced in consumer services, such as fingerprint scanning and iris recognition.

Sixty-two percent of enterprise IT professionals believed this was the case, while 63% said they feel security methods designed for consumers provide sufficient protection for enterprises. In addition, 52% feel that it will be only three years before these methods merge completely.

The findings show that identity theft accounts for 64% of all global data breaches, while consumer service breaches continue to increase, resulting in 89% of enterprise IT professionals addressing their access management security policies.

The research found that 49% of respondents have implemented additional training to alleviate their security concerns, 47% increased security spend, and 44% allocated further resources.

Employee expectations regarding usability and mobility are impacting how enterprises approach authentication and access management, with nearly half of enterprises stating that they are increasing resources and spending on access management.

Deployment rates continue to increase, with 62% of respondents stating they they expect to implement strong authentication in two years’ time – up from 51% of respondents who said the same thing last year, and nearly 40% responded they will implement Cloud SSO or IDaaS within the next two years.

The report finds that 94% of respondents are using two-factor authentication to protect at least one application and 96% are expecting to use it at some point in the future.

As more enterprises make the shift to mobile, the obstacles in protecting resources while increasing flexibility for employees working on the move increases.

Despite an increasing number of businesses enabling mobile working, 35% entirely restricted employees from accessing company resources via mobile devices and 91% are at least partially restricting access to resources.

Ini addition, 50% of businesses admit that security is one of their biggest concerns to increasing user mobility.

In order to protect themselves against threats from increased mobility, enterprise IT professionals are still most likely to be using usernames and passwords, with two thirds of users at respondents’ organizations stating that they use this authentication method.

Currently, 37% of users at enterprises are required to use two-factor authentication to access corporate resources from mobile devices, on average. However, respondents believe this will increase to 56% in two years’ time.

“From credential sharing to authentication practices, it’s clear that consumer trends are having a big impact on enterprise security,” said François Lasnier, senior vice president of identity protection at Gemalto. “But businesses need to make sure their data isn’t compromised by bad personal habits.

“It’s encouraging to see deployment of two-factor authentication methods on the rise, and increased awareness for cloud access management, as these are the most effective solutions for businesses to secure cloud resources and protect against internal and external threats. For IT leaders, it’s important that they keep pushing for security to be a priority at the board level, and ensure that it’s front of mind for everyone in an organization.”

Gemalto recently entered into agreements to acquire 3M’s Identity Management Business for US$850 million.

Leave a Comment

comments

About Justin Lee

Justin Lee has been a contributor with Biometric Update since 2014. Previously, he was a staff writer for web hosting magazine and website, theWHIR. For more than a decade, Justin has written for various publications on issues relating to technology, arts and culture, and entertainment. Follow him on Twitter @BiometricJustin.