By any measure, 2020 was the most tumultuous year in modern history. Front and center was a pandemic of proportions not seen in 100 years. And one of the ways that COVID-19 has disrupted lives and upended businesses the world over has been through its impact on IT infrastructure. A new survey from IDG sponsored by Okta highlights the impact on IT security, in particular, and how IT leaders are adapting.
As employees and customers hunkered down at home away from company networks, the IT executives who responded to the survey in late 2020 addressed the problem of user authentication. On the face of it, the picture wasn’t pretty.
IDG Survey of IT leaders shows the impact of 2020 on security and how they’re responding.
User Authentication Shortcomings
IDG surveyed 300 IT and IT security leaders at director-level and above in the US, the UK, and the Asia-Pacific region in September and October 2020. The objective: to gauge the current state of passwordless authentication in today’s enterprise. In other words, how close are enterprises to the zero- trust state that provides the most security for enterprise IT?
First, the bad news. Respondents reported a range of severe consequences stemming from mismanaged user credentials, indicating they haven’t achieved the kind of security they need to move forward through the pandemic and the work-from-home environment beyond with confidence.
Moving Beyond Passwords
A look at the current state of authentication at most enterprises reveals two factors contributing to failure. Nearly three-quarters (72%) of IT leaders report that passwords are the most common authentication factor used as part of MFA strategies at their organizations. That was closely followed by security questions, another weak authentication method, reported by 68% of respondents.
IT leaders cited reduced security risk via the elimination of credential attacks as the top potential benefit of password-less authentication. More respondents cited that benefit in the US, at 56%, versus 47% in the UK, and 43% in the APAC region.
US-based IT executives called passwordless authentication “critical” for zero trust at the highest rate, with 40% of respondents. Respondents in the APAC region logged the highest percentage of those calling passwordless authentication “very important,” at 68% of respondents.
The good news is that nearly all survey respondents (95%) reported familiarity with passwordless authentication technology, and the majority of their organizations have deployed technology for enabling it.
Along with passwordless authentication, MFA provides critical benefits on the road to achieving zero-trust security. An average of 60% of enterprise users rely on multi-factor authentication, according to IT leaders surveyed. That means that many organizations that use passwords don’t rely on them exclusively. Instead, they back them up with authentication methods such as smartphone codes and biometrics, greatly enhancing security in the process.
Secure single sign-on (SSO) is another top-cited benefit of MFA, suggesting that many organizations see value in an integrated SSO and MFA solution. This perceived benefit just edged out security for remote work in the APAC region, cited by 79% of respondents there. Well over half of respondents in the US (65%) and the UK (62%) named SSO as a critical benefit of MFA.
The challenges to business as usual by the events of 2020 have forced enterprises around the world to make lasting changes to the way they secure their workforces, their customers, and their data—wherever in the world they happen to be, on whatever device or network they use.
Passwords and “what you know” forms of authentication lack the robust, modern security capabilities that organizations need to secure employees and customers on diverse and perimeterless networks. They also put heavy burdens on helpdesks and employees forced to cope with the consequences of mismanaged user credentials, as revealed by the survey.
For more about how passwordless user authentication and MFA benefit global enterprises in the new normal, Download Whitepaper.