LastPass by LogMeIn today announced the results of a new study conducted by Vanson Bourne into the state of identity and access management (IAM). The report provides actionable steps to improve their IAM programme. The Guide to Modern Identity, surveyed 700 global IT and security professionals at organisations ranging from 250 to 2,999 employees. It found 92% are experiencing at least one challenge when it comes to identity management. Furthermore, 47% cite ease of use with security as the biggest challenge.
This research comes on the heels of the general availability of the LastPass’ new identity suite. A collection of Multi-Factor Authentication (MFA), Single Sign On (SSO) and Password Management solutions. The suite is aimed the identity and access challenges in businesses of all sizes – from small start-ups, to large enterprises.
Data from the report reveals IT professionals overwhelmingly (82%) agree that poor identity practices have exposed their business to risks. They cite incorrect access controls (41%), loss of employee data (36%) and loss of customer data (33%) as the consequences. Despite this, many have not implemented an adequate identity management solution. Additional key findings include:
Frustration and risks from password behaviour
IT teams continue to spend valuable time and resources dealing with tickets for password-related problems. On average, IT security spends 4 hours per week on password management-related issues and receives 96 password-related requests per month. Given the ongoing resource drain that passwords pose to organisations, almost all (95%) of IT security professionals surveyed report that their organisation should place more emphasis on the importance of strong password behaviour.
Importance of single sign-on
Single Sign-On serves a crucial role – but leaves critical gaps in isolation. Given the risks and resource drain associated with passwords, SSO solutions offer the benefits of eliminating passwords for IT-supported apps. They also simplify the login process for employees accessing key apps in the cloud and behind the firewall.
However, many apps aren’t integrated into an SSO solution partly because they don’t support SSO. Alternatively, they’re not high enough priority for IT to configure SSO or IT doesn’t even know they’re being used. The research shows that 80% of IT professionals agree that relying on SSO alone is not enough. This leaves a variety of cloud apps and privileged accounts unsecured.
Upgrading identity capabilities is a top priority
Ninety-eight percent of IT professionals surveyed see room for improvement in the general security behaviour of their employees. This includes creating strong passwords, ensuring secure sharing and collaboration. Due to competing priorities, IT teams are struggling to address their security needs.
When asked about next year’s IT security objectives, 65% agree that upgrading IAM capabilities is a priority. When asked for ideal features in an identity solution, respondents noted MFA (55%) and integration with current infrastructure (52%). Other features mentioned include built-in password generator (44%) and support for both legacy and cloud apps (44%). An integrated system for managing, monitoring and setting policies (44%) was also cited in the report.
Strengthening user authentication with MFA is critical
Among the key priorities for improving identity capabilities, 59 per cent of IT professionals agree that strengthening user authentication with MFA technology is critical. Security professionals from organisations that invested or plan to invest in MFA, see likely benefits as greater organisational security (60%). Fewer instances of incorrect access to confidential information (48%) and decreased risk of credential/ password theft (47%). Additionally, 36% of respondents see implementing biometric MFA as a priority.
Security – a balancing act
Balancing ease of use and security is a challenge when implementing an identity solution.
Given that security is a high priority for most businesses, it’s no surprise that many are investing in identity solutions. One per cent of IT professionals believe that managing user access is unimportant to the overall security of the organisation.
Unfortunately, 92% of organisations say they are experiencing at least one challenge when it comes to identity management. The average organisation struggles with three identity-related challenges:
- Balancing ease of use with increased security (47%).
- The general security of their solutions (40%).
- Demands from employees for easy-to-use solutions (37%).
John Bennett, General Manager, Identity and Access Management Business Unit at LogMeIn said: “When used individually, enterprise password management, SSO, and multi-factor authentication, all bring unique security and productivity benefits to a business.
“When brought together under one solution, businesses have complete security and visibility into every business user and access point. We found almost all of surveyed IT professionals (93%) agreed with this approach. With more limited resources, it’s particularly important for small-to-medium sized organisations to look for all-in-one solutions. A solution that combine the key components of security and maximise their investment in identity technology.”
Enterprise Times: What this means for business?
IT practitioners in small and medium sized businesses (SMB) have to juggle a number of competing priorities and challenges. This ranges from supporting infrastructure, network maintenance, a helpdesk to managing users access and identifying a security employee. Maintaining the importance of security within the workplace is the major challenge for businesses, irrespective of size or sector.
Getting the workforce to understand the importance of IAM solutions is part of this challenge, especially, when your business may not have the resources of a large enterprise. The is why LastPass’ new identity suite specifically aimed at SMB makes total sense for LastPass. It’s also a sensible step for SMBs to consolidate identity and access management into a single solution.
As an IT and security professional at an SMB, you likely manage more responsibilities than ever. You may be juggling many competing priorities, from the helpdesk to network maintenance to managing user access and securing employee identities. But what exactly is an identity? What do you need to know to maximize security and productivity with IAM solutions? Especially when your organization may not have resources of a large enterprise.