How access management is playing a key role in enhancing cyber security
Having attended my first Infosecurity Europe event this month, my eyes have well and truly been opened as to how much protection companies and individuals need from ongoing cyber threats. Cyber security issues are becoming a day to day struggle for businesses. Research from the Varonis Global Data Risk Report shows that most companies have unprotected data and poor cyber security practises in place.
Average expenses on cyber crime are also increasing dramatically and costs associated with these crimes can be crippling to companies who haven’t made cyber security part of their budget.
At the event, I met with OneLogin’s Global Director of Solution Engineering, Stuart Sharp, to learn more about the company and what it has been up to lately.
OneLogin is a cloud-based identity and access management provider that designs, develops, and sells a unified access management system platform to enterprise-level businesses and organisations. Both OneLogin founders, Thomas and Christian Pedersen, were involved in the success of the on-demand help desk application: Zendesk.
Through their interactions with Zendesk customers, it became apparent to the founders that companies were moving into the cloud in droves. While cloud computing offers numerous benefits, managing dozens of cloud applications poses significant challenges in terms of security and productivity. The idea was born to create an identity and access management solution that was as easy to use as the cloud applications businesses depend upon. OneLogin launched in Spring 2010 and received backing from CRV.
How modern access management can accelerate digital transformation
Sharp held a presentation entitled ‘How modern access management can accelerate digital transformation’ at the ‘Talking Tactics’ stage.
The talk explored how trends are going to be changing in the workforce over the next few years.
There are rising digital expectations. Sharp shared how 77 million millennials, which is over half the workforce, expect a mobile-first work environment. This is fuelling the freelance economy, and actually means that millennials change employees every 16 months on average.
Sharp said: “We recognise that the workplace is changing, you no longer have the concept of the network perimeter, which is disappearing and along with that BYOD (Bring Your Own Device) means the concept of managed devices is far less and has actually almost disintegrated.”
The presentation also shared how 43% of US workers report working remotely at least part of the time, with 69% of workers citing workplace flexibility as a critical issue when evaluating potential employment.
And then comes technology - the critical digital backbone. According to Sharp, the average enterprise uses 2,500 apps, this is up from 750 two years ago, with 450 being custom apps.
We are now in the always on era. For 81% of businesses, down-time costs over $300,000, while 33% of those enterprises report one hour of down-time costs between $1m and $5m.
UK business password management is out of control
UK IT leaders are putting business data at risk by not effectively managing employees’ passwords, according to OneLogin. Despite 98% of IT decision makers having company guidelines in place around password complexity, and 95% feeling their current password protection measures and guidelines provide adequate protection for their business, there is still a lot of work to be done.
Two-thirds (66%) don’t check passwords against common password lists and more than three-quarters (78%) don’t check employee passwords against password complexity algorithms. This poor password hygiene is leaving UK businesses vulnerable to cyber attacks.
OneLogin surveyed 300 IT decision makers across the UK to uncover their attitudes towards password hygiene and the emphasis placed upon internal policies to protect business networks. This unveiled stark differences between the policies in place to protect business networks and how the attitudes translated through to employee password requirements.
“This report should be a reminder to every business leader in the UK to carefully review their password management,” said Thomas Pedersen, OneLogin’s Chief Technology Officer and Founder.
“Cyber criminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords.”
Companies lack consistent password fundamentals
While the majority of respondents practice good password hygiene, many respondents indicated that basic fundamentals are often lacking:
- Fewer than 19% (18.7%) check passwords against rainbow tables
- Over half (51%) don’t require special characters
- Just under half don’t require numbers (47%) and upper and lower case (37%)
Poor password hygiene leaves corporate applications vulnerable
Mandatory requirements for internal corporate applications are also concerning:
- Only 53% require single sign-on (SSO) integration
- Only 35% have implemented password complexity policies
- 70% have not implemented password rotation policies
“Companies need to adopt a security-first approach with simple identity and access management features, such as OneLogin, to streamline their password resets and implement SSO and MFA tools and best practices,” concluded Pedersen.