Story image

1 in 4 organisations relying solely on passwords to secure BYOD

07 Nov 17

Bitglass has released the findings from its newest research, ‘BYOD and Identity’, which are alarming to say the least.

The data was taken from more than 200 IT and security professionals that were surveyed at the recent Gartner Symposium/ITxpo conference.

One in four organisations don’t have multi-factor authentication (MFA) methods in place to secure bring your own devices (BYOD) – they simply rely on the vulnerable password.

Despite being a well-known enterprise security gap, BYOD are the bane of almost all IT operators today with the constant drive for flexibility and mobility often overtaking the need for security.

CEO of Bitglass, Rich Campagna says simply using passwords (i.e. single-factor authentication) to control user access to corporate data, has resulted in several high-profile data breaches in recent months, including Zomato, Deloitte and Microsoft.

“Enterprises often misjudge the effectiveness of traditional security solutions, many of which are readily bypassed,” says Campagna.

“The BYOD boom exposes organisations to risks that can only be mitigated with data-centric solutions that secure access.”

The report also delved into the top cloud security priorities for organisations, with BYOD security and access taking the top honours. External sharing came out with 45 percent, malware protection on 40 percent, and unmanaged BYO device access on 40 percent.

Bitglass says in order for organisations to meet these needs, new security solutions need to be adopted.

One encouraging statistic was that three quarters of respondents already have encryption and on-premise firewalls in place to protect corporate data, with more starting to deploy Secure Web Gateways and cloud access security brokers.

And in terms of new technologies, many organisations still have concerns with the latest authentication methods.

A whopping 61 percent of the respondents have reservations about Apple’s Face ID technology as a viable method of BYOD authentication.

It would seem traditional authentication methods like passcodes, PIN codes, and fingerprint recognition are familiar and trusted by enterprises, while facial recognition technologies remain unproven.

Highlights of the survey include:

  • 28 percent of respondents have no multi-factor authentication methods in place for BYOD access
  • For those using MFA for BYOD, third party applications (42 percent) and SMS tokens (34 percent) are the most popular methods used 
  • External sharing is rated the leading cloud security concern for professionals surveyed (45 percent)
  • Also listed as top security concerns are malware protection (40 percent) and unmanaged device access (40 percent)
  • 61 percent of respondents have reservations about Apple’s Face ID technology
  • Top Apple Face ID concerns include accuracy of face detection (40 percent), prevention of unauthorised access (30 percent) and speed of face detection (24 percent)
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.