IT professionals are still struggling to manage the risks brought about by remote work with their existing data security tools. Remote access went from being considered a workplace exception to the default model for large swaths of employees seemingly overnight. However, the considerable strain remote access puts on information security environments continues to be felt.
In a recent survey of more than 2,600 respondents across the globe, my company looked to identify the depth of access management changes and to better understand the new data security risks and challenges caused by the rise of remote work. Ultimately, as remote access becomes the norm rather than the exception, organizations need to evolve their data security approaches in a world where there is no longer a defined perimeter.
A New Era of Risk
Since organizations transitioned to remote and hybrid work, data breaches and security threats have increased in complexity. More than half of our respondents claimed to have experienced a security breach at some point, with 47% of organizations seeing an increase in cyber attacks in the past year alone. While not every breach is the size and scale of those that make national headlines, this rate sets off alarms within organizations. In fact, 40% of IT professionals in the U.S. say they are somewhat to not at all confident with their current access to security systems to support today’s hybrid work environment. The survey also revealed that as a result of the pandemic, IT leaders are transitioning to more modern authentication approaches.
Moving Beyond Perimeter-Based Security
Modern access management tools and technologies form a key part of an enhanced security infrastructure’s foundation. Improving access management is a critical element of an organization’s progress in moving beyond perimeter-based security models and toward a Zero Trust approach. The survey specifically looked at what access management tools organizations have in place. Many organizations have grown their access management organically, deploying different tools at different times – 61% of respondents said they haven’t deployed an integrated access management platform.
The sprawl of management tools within organizations sheds more light on the common issues with access security. A third of survey respondents use three or more authentication access management tools. Coordinating many systems can, at a minimum, create operational complexity, but it can also increase the risk of errors or misconfigurations, widening security gaps.
The new access technologies that IT professionals in the U.S. said they were planning to deploy due to the pandemic include Zero Trust network access/software-defined perimeter (44%), cloud-based access management (42%), and conditional access (40%). There is still pushback when it comes to modernizing. In fact, when asked about plans to move past traditional VPN environments, 19% of respondents said they have no current plans of moving away from this system.
Zero Trust: Great Interest, Low Adoption
A silver lining of the pandemic-driven rush to remote working is the acceleration of improved approaches to access management. Zero Trust proves to be an area of great interest, but it’s still in its infancy, with low levels of reported adoption balanced by high levels of interest and plans for deployment. In the U.S., it was found that nearly half (49%) of IT decision-makers are either planning, researching, or considering a Zero Trust strategy, while 24% have a formal strategy and have actively embraced one. But even with the heightened motivation, the majority (62%) of U.S. respondents said they do not have an access management solution deployed. We have passed a threshold in Zero Trust, as it no longer prompts a conversation about its importance but rather one about necessary implementation. But without modern authentication technologies and granular, policy-based access mechanisms, organizations will never achieve the greater control that Zero Trust promises.
We’re in a new era of risk, as attackers take advantage of dispersed resources. As we move forward from the abrupt changes brought on by the pandemic and settle into new hybrid ways of life, organizations must prioritize modernizing access management capabilities to meet the needs of the undefined workplace perimeter.