When it comes to cybercrime, any business that lacks a robust security program makes themselves vulnerable to the cybercriminals who will stop at nothing to gain access to precious personal data and intellectual property. Last year, the ICO issued a record breaking total of monetary penalties – 22 fines totalling over £3million and new research from Accenture found that the average number of security breaches in the last year grew by 11 per cent, which is a 67 per cent increase over the last five years. However, having the resources to implement the necessary high-level security programs can vary significantly from business to business.
As businesses are beginning to face up to this reality, they now have the added challenge of finding a solution to the complication of identity. Today, each person has passwords for more websites and applications than they can remember, and worryingly it only takes one weak or compromised password to give a cybercriminal access to data, that could potentially impact the whole organisation. With the number of entry points expanding exponentially, IT teams are fighting a losing battle as they try to keep track of cloud apps, unsecure Wi-Fi networks and unknown or personal devices.
It’s these challenges that leave businesses desperately seeking a solution that will allow them to have greater control over employee credentials. The implementation of management practices, such as enterprise password management, single-sign-on and multifactor authentication solutions, helps safeguard organisations in today’s digital, mobile workplace that requires frictionless access from anywhere you find yourself working.
- Powerfully personal: the role of fingerprint biometric technology in the digital identity security crisis
Security centres around identity
Security breaches have consistently been making headlines over the past few years, from Equifax who failed to protect the personal information of up to 15 million UK citizens, to Carphone Warehouse who put 18,000 customers and over 1,000 staff’s data at risk. Even charities are being targeted, proving that no organisation is immune to a security breach, as the British and Foreign Bible Society experienced when its network was compromised exposing the personal data of 417,000 supporters.
Large, global, household names who fall victim to security breaches typically receive the most attention, leading to the false assumption that they are the main targets for cybercriminals. However, 43 per cent of smaller businesses have experienced data breaches, according to Verizon’s latest Data Breach Investigations Report.
Passwords are a major contributing factor in many breaches – according to Verizon’s Data Breach Report, 80 per cent of hacking-related breaches used weak or stolen passwords – and the frequent sharing and re-use of passwords by employees is the largest contributor. According to a recent LastPass survey, 50 per cent of people don’t create different passwords for work and personal accounts.
This can be challenging, with IT teams struggling to cope with the mounting pressure to stay on top of the expanding security landscape with limited time, staff and resources. With tight budgets, it can also be difficult to defend investment in security tools that can often be seen as a barrier to flexibility and efficiency. However, with the right solution IT teams can employ a system that is cost-effective, boosts security and enables productivity.
Identity solutions can address many of the concerns encountered on a daily basis. Specifically, identity-as-a-service (IDaaS) brings the flexibility and affordability of the cloud to identity management. An IDaaS solution is hosted and managed by a third-party service provider and provides a consolidated view of the access and authentication activity across the whole organisation. This takes some of the stress off IT teams, allowing them to do their job and protect the whole business ecosystem.
The ideal identity solution is made up of many parts – and just as many acronyms – specifically:
- SSO – Single-sign-on, enables users to have just one set of credentials to login to all of their enterprise accounts. This is enabled across multiple applications, to minimise the number of login stages employees need to go through which decreases the amount of time employees spend logging into applications. This reduces the number of passwords in use, in turn reducing the number of help desk tickets for password resets, providing a seamless process and a more secure organisation.
- MFA – Multifactor authentication provides an extra layer of security which requires users to verify their identity with additional factors such as biometrics. MFA incorporates something you are, something you have and something you know, adding an extra dimension that two factor authentication lacks. Leading MFA solutions offer adaptive authentication, building individual profiles for users and adapting authentication requirements to different login scenarios.
- EPM – Enterprise Password Management eliminates poor password habits by creating, storing, and filling in passwords, reducing the password burden on the IT team and freeing up resources for more value-add activities. This allows IT teams to create, manage and enforce password policies across the organisations. The average employee manages nearly 200 accounts, all of which are not necessarily company sanctioned apps. An EPM solution can create secure credentials for all of the apps within an organisation and help to identify ones that the IT team would otherwise not have known about.
With these combined technologies businesses can bolster perimeter security, significantly mitigate risks and bring management of all critical entry points under one umbrella, in the process, streamlining operations for the IT team.
Capitalising on the benefits
Businesses today are caught between the pressure of safely and securely managing identity, shrinking budgets and employee desire for flexibility in the digital climate. The first step to breaking this mould is having a clear understanding of identity and the role it plays in your organisation. This allows IT to identify the right identity management solution, at the right price, to protect the organisation, whilst also ensuring one less IOC fine.
Barry McMahon, Senior Manager International Marketing, LogMeIn