Thales Blog

Security Must Be Driven by Better Access Control – Not Antiquated Password Use and Breaches

June 16, 2020

Poupak Modirassari-Enbom Poupak Modirassari-Enbom | Global VP Marketing CPL More About This Author >

It’s hard to imagine how organizations might have fared during the global pandemic if cloud transformation hadn’t already been well underway and increasing for years. Thankfully, the ability to quickly shift to a remote workforce meant many organizations could adapt and continue to operate. New benefits and necessities employees and organizations discovered over the past few months has reshaped the future of where and how we work. In fact, a recent Gartner survey shows 74% of companies will permanently shift to more remote work post COVID-19. Now is the time to take the lessons learned and get positioned for success.

Balancing security and convenience

Thrust into managing and protecting data for unprecedented numbers of remote workers, many IT security professionals suddenly found themselves cast as arbiter between security and convenience at a time when business continuity was paramount. To enable workers to connect from anywhere, some organizations felt forced to revert to old password-based logins for cloud access, knowingly increasing their security exposure to credential stuffing and phishing attacks.

As more businesses move to adopt cloud-based services to facilitate email, employee collaboration and IT infrastructure, the future of work will depend heavily on whether organizations equip themselves to handle new demand, internal and external risks, and unknowns.

Strong awareness for better access control

In a new research survey, the 2020 Thales Access Management Index – U.S/Brazil Edition, nearly all (98%) of 300 IT executives said they believe strong authentication and access management is key to secure cloud adoption, and nearly that same number (97%) said they anticipate problems if cloud applications aren’t properly secured. The majority (68%) of U.S. respondents are also aware that unprotected infrastructure and devices present the biggest target for cyberattacks, with more than half identifying cloud applications and web portals as top targets.

Clearly already aware that better access control is needed, the new remote work environment only accelerates this imperative.

Overreliance on passwords and breach-driven policies continues to compromise data security

The new research reveals a startling reality: 41% of IT executives still believe usernames and passwords are one of the most effective access management tools, despite the inherent vulnerabilities. Unfortunately, passwords still proliferate because they’ve been around a very long time, and are a relatively easy – yet very weak – authentication solution that should never be the only means of authenticating users. And not only are passwords risky, they’re inconvenient and frustrating to use. Overreliance on passwords will continue to threaten data security unless organizations retire this antiquated security tool.

Additionally, the vast majority (94%) of survey respondents admitted that data breaches over the last 12 months are the biggest influence on their organization’s security and access management policies. Right now, organizations must seize this valuable proactive opportunity to re-assess security policies to better enable and support secure cloud access that new models of remote working require.

Access management is essential for cloud transformation and the future of work

Passwordless and multi-factor authentication (MFA), smart single sign-on (SSO) and other modern versions of authentication lay the groundwork for the future of access management. Fortunately, the 2020 Thales Access Management Index – U.S./Brazil Edition shows that MFA is slowly becoming the new security norm around the world because it is significantly more effective for protecting data. While it’s still far too low, 15% of IT professionals say they now use a dedicated MFA solution.

Just over half (59%) surveyed have already adopted single sign-on technology with 86% planning to further expand their use in the next year. This, with the elimination of username and passwords as a sole method of authentication, will result in a greater level of security and convenience as more applications are delivered from outside the security perimeter.

The timeline of the pandemic and its full impact on the workforce is still unknown, but IT leaders now have more buy-in from the board than ever before. The focus should be on highlighting the importance access management plays in implementing a Zero Trust security policy of ‘Protect Everywhere - Trust Nobody’ as cloud expansion continues. Organizations that make the necessary investment to replace outdated technologies have the best chance to succeed for whatever the future holds.

For more information and other key findings about, please download the 2020 Thales Access Management Index- U.S./Brazil Edition and listen to our webcast, "Covid-19's Impact on How CISOs View Cloud Access Management and Remote Working".