A new survey of IT professionals offers some useful pointers for small businesses.
Security company Gemalto recently surveyed enterprise IT professionals about authentication and identity management issues – and the results could be useful for small businesses interested in understanding what’s happening at the coalface of enterprise security.
A majority – just under two-thirds – of survey respondents reported being under pressure to implement measures found on consumer products (such as fingerprint or iris recognition) and a similar number said such methods provide sufficient protection for enterprises. So if the iPhone's Touch ID, Windows 10's Hello and the like are good enough for enterprises, they are probably good enough for your business.
Two-factor authentication (2FA) – using biometrics, security codes sent to or generated by mobile devices and other methods – is used by 94 percent of enterprises to protect at least one application, with 96 percent expecting to use it at some point in the future. Requiring the use of 2FA wherever possible with business applications will help protect your data.
The biggest worry for organisations seems to be the use of personal applications such as email. The mixing of business and personal emails can be an issue. For example, there's not much point using a data loss prevention system with your email system if employees can bypass it by using their personal webmail accounts to send data that would otherwise be blocked. (See ‘Ten steps to securing your business systems’ for a way of dealing with this problem.)
Mobile security is also seen as a challenge. Thirty-five percent of respondents said their organisation completely restricted employees from accessing company resources via mobile devices and 91 percent impose some restrictions. 2FA is seen as a way to help restrict such access to bona fide mobile users: on average, 37 percent of users at respondents’ organisations are required to use 2FA to access corporate resources from mobile devices, and this is expected to increase to 56 percent in two years.
Gemalto senior vice president of identity protection François Lasnier said: “Businesses need to make sure their data isn’t compromised by bad personal habits. It’s encouraging to see deployment of two-factor authentication methods on the rise, and increased awareness for cloud access management, as these are the most effective solutions for businesses to secure cloud resources and protect against internal and external threats.”