LastPass by LogMeIn today announced the results of a new study conducted by Vanson Bourne to offer businesses insights into the state of identity and access management (IAM) and actionable steps to improve their IAM programme. The study, The Guide to Modern Identity, surveyed 700 global IT and security professionals at organisations ranging from 250 to 2,999 employees and found 92 per cent are experiencing at least one challenge when it comes to identity management, with 47 per cent citing ease of use with security as the biggest challenge.
This research comes on the heels of the general availability of the LastPass’ new comprehensive identity suite — a collection of Multi-Factor Authentication (MFA), Single Sign On (SSO) and Password Management solutions aimed at addressing the identity and access challenges in businesses of all sizes – from small start-ups, to large enterprises.
Data from the report reveals IT professionals overwhelmingly (82 per cent) agree that poor identity practices have exposed their business to risks, citing incorrect access controls (41 per cent), loss of employee data (36 per cent) and loss of customer data (33 per cent) as the biggest consequences. Despite this, many have not implemented an adequate identity management solution.
Additional key findings include:
Passwords continue to cause frustration and risk
IT teams continue to spend valuable time and resources dealing with tickets for password-related problems. On average, IT security teams spend 4 hours per week on password management-related issues alone and receive 96 password-related requests per month. Given the ongoing resource drain that passwords pose to organisations, almost all (95 per cent) of IT security professionals surveyed report that their organisation should place more emphasis on the importance of strong password behaviour.
Single Sign-On serves a crucial role – but leaves critical gaps in isolation
Given the risks and resource drain associated with passwords, SSO solutions offer the benefits of eliminating passwords for IT-supported apps and simplifying the login process for employees accessing key apps in the cloud and behind the firewall. However, many apps aren’t integrated into an SSO solution – whether because they don’t support SSO, they’re not high enough priority for IT to configure SSO or IT doesn’t even know they’re being used. Although our research shows that 80 per cent of IT professionals agree that relying on SSO alone is not enough, as it still leaves a variety of cloud apps and privileged accounts unsecured.
Upgrading identity capabilities is a top priority
98 per cent of IT professionals surveyed see room for improvement in the general security behaviour of their employees (creating strong passwords, ensuring secure sharing and collaboration). Due to competing priorities, IT teams are struggling to address their security needs. When asked about next year’s IT security objectives, 65 per cent agree that upgrading their Identity and Access Management capabilities is a priority. When asked for ideal features in an identity solution, respondents noted multi-factor authentication (55 per cent), integration with current infrastructure (52 per cent), a built-in password generator (44 per cent), support for both legacy and cloud apps (44 per cent) and an integrated system for managing, monitoring and setting policies (44 per cent).
Strengthening user authentication with MFA is critical
Among the key priorities for improving identity capabilities, 59 per cent of IT professionals agree that strengthening user authentication with MFA technology is critical. IT security professionals from organisations that have invested in or plan to invest in MFA see the most likely benefits as greater organisational security (60 per cent), fewer instances of incorrect access to confidential information (48 per cent) and decreased risk of credential/ password theft (47 per cent). Additionally, 36 per cent of respondents see implementing biometric MFA as a priority.
Balancing ease of use and security is a challenge when implementing an identity solution
Given that security is a high priority for most businesses, it’s no surprise that many are investing in identity solutions. Less than one per cent of IT professionals believe that managing user access is unimportant to the overall security of the organisation. Unfortunately, 92 per cent of organisations also say they are experiencing at least one challenge when it comes to identity management. The average organisation struggles with three identity-related challenges: 47 per cent of respondents said balancing ease of use with increased security was a hurdle, 40 per cent cite the general security of their solutions and 37 per cent are facing demands from employees for a solution that’s easy to use.
“When used individually, enterprise password management, SSO, and multi-factor authentication, all bring unique security and productivity benefits to a business,” said John Bennett, General Manager, Identity and Access Management Business Unit at LogMeIn. “But when brought together under one solution, businesses have complete security and visibility into every user and access point in their business–something we found almost all of surveyed IT professionals (93 per cent) agreed with. With more limited resources, it’s particularly important for small-to-medium sized organisations to look for all-in-one solutions that combine the key components and maximise their investment in identity technology.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.