Almost two-thirds of IT leaders are considering allowing their employees to use consumer-grade access to workplace cloud services, according to Gemalto’s Identity and Access Management Index 2018 report.
The digital security firm polled more than 1000 global IT decision makers and whilst 92% expressed concern about employees reusing personal credentials for work, over half admitted that the authentication methods they use in their businesses are not as good compared to those found on popular sites including Amazon and Facebook. What’s more, 61% said they are still not implementing two-factor authentication to allow access to their network, potentially leaving themselves vulnerable to attacks by cyber-criminals.
Almost all (94%) respondents stated that cloud access management is integral to adopting cloud applications, with many keen to make access to them a smoother, easier process for employees. In fact, nine in 10 felt that ineffective cloud access management can result in issues for the business, including security (52%), impacts on IT staff time (39%) and increased operational overheads and IT costs (38%).
Francois Lasnier, SVP identity and access management at Gemalto, said the findings show that IT managers are struggling to balance the need for a simple and easy login experience with security.
“While there is a need to make things easier for employees, there is a fine line to be walked. IT and business line managers would do best to figure out the risks and sensitivities associated with the various applications used in their organizations and then use access management policies to manage risk and apply the appropriate authentication method. In this way, they can ensure a convenient login experience for their users, while still maintaining access security.”
The rapid increase of cloud apps has brought organizations lots of benefits, Lasnier added, but also caused a high degree of fragmentation in their ability to manage access security across numerous cloud and on-premise applications.
“Without effective access management tools in place, this is liable to lead to higher risk of breach, a lack of visibility into access events, regulatory oversite – and hamper organizations’ ability to scale in the cloud.”