Thales Blog

Authentication and access management increasingly perceived as core to Zero Trust Security

September 14, 2021

Haider Iqbal Haider Iqbal | Director Business Development More About This Author >

The changing global environment has brought many changes to all organizations. While many consider that remote access to corporate resources and data as the key disruption, security teams had to face many more challenges. The acceleration of cloud migration and the proliferation of containers, microservices and IoT devices have placed identity in the center of corporate security, making identity and access management (IAM) as important as never before.

The 2021 Thales Access Management Index, based on data from a survey of more than 2,600 respondents in more than 10 countries across the globe, looks to identify the depth of that change, as well as the current state and plans across a range of industries.

Reactive vs. Pro-active Organizations

This shift in business models and supporting technology infrastructure was so sudden that it caught several security teams off guard. Just a fifth of respondents (20%) indicated that their environments were very prepared to deal with the disruption. Since the shift to remote work was a large contributor to that disruption, almost half (44%) were not confident that their access security systems could effectively secure remote employees. The level and speed of disruption and the subsequent accelerated adoption of multiple cloud platforms have pushed security teams to their limits making them feel uncomfortable with the overall security posture.

State of Multi-Factor Authentication

These changes have urged organizations to re-evaluate the state of existing authentication mechanisms, and many are looking to evolve their authentication approaches. Organizations realized that IAM implementations were not adequate to support and secure new business models. Hence, the necessity to evolve remote access solutions was crucial for business continuity and resilience. It is not surprising therefore, that 55% of the survey respondents reported that they have adopted two-factor authentication.

Multi-factor authentication (MFA) was deployed mostly in areas that can be perceived as riskier. Access to corporate data by remote workforce was secured with MFA at 71% of surveyed organizations, while half of these businesses used MFA to secure consultants, partners, and suppliers. In addition, MFA was reported to be used more often by users of cloud applications than those on-premises. Finally, more cloud-based applications were protected by MFA than those that were hosted on-premises.

Realizing the potential for Zero Trust security

The above results are an indication that organizations recognize that most threats will likely come from external sources. Nevertheless, internal threats also pose a big risk. It is therefore not surprising that the majority of respondents rely on solutions such as conditional access and multi factor authentication, alongside ZTNA (Zero Trust Network Access) solutions to shape their cloud security strategy...

Complexity creates more challenges

To respond to an evolving threat landscape and keep up with increasingly sophisticated adversaries, organizations need to evolve their security controls. As they move beyond perimeter-based security models and towards a Zero Trust approach, improving access management is a critical element of that progress. However, those investments should not create more challenges than the ones intended to solve. Simplicity is always an ally of security. Unfortunately, the survey indicates that a third (33%) of respondents use 3 or more different authentication access management tools. Coordinating that many different systems can create operational complexity and could increase the risk that errors or misconfigurations create security gaps.

Concerns for selecting IAM solutions

As organizations evolve their existing access management environments to address the threats, they are facing various challenges. The biggest challenge (67%) that respondents identified was the ability to protect both cloud-based and on-premises services. The complexity introduced by managing a wide array of IAM solutions is a great concern for organizations who are seeking an integrated solution to secure access to all their resources under a single pane of glass. Cost concerns (60%) are always on the minds of information security professionals, and the need for rapid expansion in access control platforms adds to this worry.

Neutral IAM is better

Considering these concerns, what are the precepts that guide the decision making of organizations and their security teams when looking for an IAM solution? According to the survey, 59% of respondents feel that their organizations must maintain control over their access security. In a time where many capabilities are being outsourced to cloud service providers, this is an indication that organizations want to control access to their data, apps and services. The need for effective access management in hybrid and multi-cloud situations lead more than half (51%) to agree that a cloud provider agnostic approach is best. Finally, 45% agree that identity and access management is a key ingredient for Zero Trust security.

The way ahead

In a highly interconnected world, identity has become the new security perimeter. The survey results offer insights into how organizations understand their current environments and capabilities and how they expect to move forward. That will require investment in modern access management and authentication capabilities to support the demands of a more mobile and remote workforce and an infrastructure with increasing amounts of cloud-based data and workloads. To learn more, download the full 2021 Thales Access Management Index.

You can also register to join the 2021 Thales Trusted Access Summit, a virtual summit on the latest technologies and trends for authentication and access management, featuring thought leadership and insights from security evangelists and technologists from Thales, Google, Microsoft and SailPoint and analysts from 451 Research, IDC, and KuppingerCole.