According to the 2020 Thales Access Management Index – U.S. and Brazil Edition1– four out of ten IT security professionals still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, even though most hacking-related breaches are a result of weak, stolen or reused user credentials. In fact, the vast majority of respondents indicate that their organization plans to expand the use of usernames and passwords, even though the limitations could pose strong security challenges. This is particularly interesting given the increased remote worker environment. This continued reliance on outdated security comes despite half of IT leaders revealing secure access management is now a priority for boards of directors.  

Surveying 300 IT decision-makers across the U.S. and Brazil, Thales’s new research found that the majority (68%) of U.S. IT professionals revealed that unprotected infrastructure is one of the biggest targets for cyberattacks, ahead of cloud apps (58%) and web portals (52%). Pressure to implement digitally transformative technologies also is driving businesses to adopt solutions that are likely increasing their level of risk.

Solving the Security vs. Convenience Challenge in a Time of Crisis

The recent explosion of the remote work environment brought on by the COVID-19 global pandemic has forced IT departments into a tug-of-war between security and convenience at a time when risks are at their highest. Even amidst the rapidly evolving landscape of access management, the vast majority (94%) of respondents in the report that their organization’s security policies around access management have been influenced by breaches over the past year. Despite that, more than half (58%) say they still allow employees of their organization to log on to corporate resources using social media credentials – a risky practice. In fact, less than a third (28%) view social media credentials as one of the best tools for protecting cloud and web-based authentication.

According to the report, security concerns (88%), and / or the threat of a large-scale breach (84%) are the factors most likely to drive organizations to have implemented, or plan to implement, an access management solution. This highlights the reactive approach that many organizations are taking rather than a more effective, proactive one.

Accelerated Cloud Adoption adds Further Complexity

As organizations move more and more applications to the cloud, it is essential that each application is properly secured and nearly all (97%) surveyed anticipate problems for their organization if this is not done effectively. Almost all (98%) of the respondents indicate that cloud access management is conducive to facilitating overall cloud adoption, and they want to manage access centrally. According to the report, two-factor (66%), smart single sign on (43%) and biometric authentication (39%) are viewed as the best tools for protecting cloud and web-based applications by U.S. respondents.

Strong Awareness for Better Access Control 

Despite continued overreliance on authentication methods like usernames and passwords, multi-factor authentication use is increasing with nearly all (95%) of respondents reporting that they have implemented it. However, only 15% say they use a dedicated multi-factor solution. Smart single sign-on (SSO) may be the least widely (59%) adopted access management capability, but more than a quarter (26%) plan to implement this technology within the next year. In addition, a strong majority (86%) of respondents plan to expand their use of SSO, an indication of its growing importance. 

“Innovation in access security allows us to overcome the reliance on passwords, which are proven to be insufficient in protecting data,” said Francois Lasnier, vice president for Access Management solutions at Thales. “Organizations that utilize cloud-based access and passwordless authentication to scale secure cloud adoption will be able to meet the increased need for improved security, especially at a time when access control is critical for today’s remote workforce. The elimination of username and passwords as a sole method of authentication and broader use of smart single sign on will result in a greater level of security and convenience as more and more applications are delivered from outside the security perimeter.”