Q&A: Why data protection isn't all about passwords

The end of February saw Data Protection Day come around again, a day where the privacy and security of information is highlighted by industry professionals everywhere.

To mark the occasion, we spoke to Thomas Pedersen, founder and CEO at OneLogin to discuss what organisations need to be doing to ensure their data stays protected in an increasingly security-conscious world.

  1. Give us a quick overview of OneLogin.

OneLogin allows companies to control access to their cloud applications by centralising access control, automating user on/off-boarding, eliminating passwords and providing seamless single sign-on. OneLogin has 200 employees and 2,000 customers, ranging from fast-growing tech start-ups to large multinationals with 100,000+ employees.

  1. How have attitudes towards data protection changed since this time last year?

With the continuing acceleration of cloud computing, enterprises are increasingly aware that they need to take extra steps to secure their corporate data in the cloud. Therefore, everyone is evaluating or implementing Identity & Access Management solutions.

  1. Where are companies still going wrong?

Forcing employees to use stronger passwords and change them more frequently does not solve the problem. Users will simply work around security that has high friction. The right approach is to eliminate passwords and implement single sign-on so users don’t even have to think about passwords.

  1. Employees are often perceived to be the weakest link in data protection. How can businesses solve this issue?

Security needs to be as user friendly as possible, or it will be circumvented by employees. Instead of telling users to have stronger passwords, companies should implement solutions that completely remove the password from the equation.

  1. How has the growth of BYOD and the cloud affected data protection practices?

Before smart phones and cloud computing, most companies’ security efforts were anti-virus and firewalls. With BYOD and cloud, data is scattered all over the place and being accessed from many devices and locations. This forces enterprises to focus much more on access control so they can see who is accessing what, from where and when.

  1. What tips would you offer to business around data protection in the cloud?

Forrester Research estimates that implementing an IAM solution like OneLogin will reduce your threat surface by 70 per cent. No other security solution can accomplish that. Any company with data in the cloud should implement and IAM solution as soon as possible in order to get access under control.

Image source: Shutterstock/Den Rise