BIO-key International, Inc., an innovative provider of Identity and Access Management (IAM) and Identity-Bound Biometric (IBB) solutions, announced research findings from IT decision-maker surveys conducted with Osterman Research, a leading cybersecurity, data protection and information governance market research firm. The two research programs surveyed over 290 security and IT professionals across a variety of mid to large organizations to determine the factors influencing their application and investment in multi-factor authentication (MFA) and Zero Trust cybersecurity. Zero trust is a more secure paradigm providing ongoing verification of trustworthiness. The survey research is available on the BIO-key website via these links: The State of MFA and Why Zero Trust is Important.
The research revealed a wide gap between what IT and security decision makers understand to be highly secure MFA methods and the methods currently implemented within their organizations. As a result, most organizations (63%) plan to increase future investments in MFA for employees over the next five years, particularly with a focus on passwordless security features (40%).
Top iTechnology AIOps News: SnapLogic Raises $165 Million at a $1 Billion Valuation to Lead the Surging Enterprise Automation Market
While earlier security approaches assumed people and devices within a network were trustworthy, Zero Trust approaches reject this assumption and require ongoing verification of trustworthiness. Broad awareness of security threats to organizations and enterprises is proving to be a key driver of Zero Trust adoption. For example, 53% of IT and security decision makers said that they were influenced to adopt more secure solutions by high profile ransomware incidents such as SolarWinds, Colonial Pipeline and JBS. Furthermore, 38% of respondents said the pandemic era digital transformation influenced their adoption of Zero Trust.
MFA Awareness and Current Adoption at Odds
Single-Factor Authentication (SFA) is a method where users access resources by having them present only one way of verifying their identity, such as the use of a password. While most organizations surveyed still rely on password-based authentication for employee security, many have plans to move to passwordless solutions. Companies are using passwordless authentication even less with their customers, and most companies surveyed have no current plans to move customer access to passwordless MFA solutions.
While decision makers were found to have a good understanding of the need and value of multi-factor authentication and its applications, the research demonstrated a serious disconnect between what decision makers perceive to be highly secure MFA methods and what they have implemented for authentication. For example, although 60% of respondents perceived biometrics to be one of the most secure MFA methods, only 27% of organizations use them for employees and only 13% do so for customers. The majority of decision makers plan to address this disconnect with increased investment in MFA solutions, especially around biometric authentication.
Additional insights include:
- An average of 70% of employees and 40% of customers are required to use MFA to access corporate applications and data.
- Only 26% of those surveyed believe p******** as an authentication method are highly secure, yet 85% of organizations still use them for employee access and 78% continue to use p******** for access by customers.
- 40% of organizations plan to implement passwordless authentication workflows for employees.
- When working with customers, only 9% of organizations have implemented passwordless authentication workflows for customers, while 23% are planning to do so.
Top iTechnology Analytics News: Evolv Technology Utilized at World Premiere of 1883 at Wynn Las Vegas
The Driver for Implementing Zero Trust
A second research program focused on the trends which have impacted respondents’ decisions to embrace a Zero Trust architecture. Key drivers for deploying this architecture noted as “extremely impactful” or “highly impactful” by respondents include:
- High profile ransomware incidents (53%)
- Work-from-home workforce (51%)
- General ransomware attacks (51%)
- Credential theft (45%)
- Pandemic-accelerated digital transformation (38%)
Most respondents were looking to external factors and other risk awareness as key drivers to adoption. Organizations see Zero Trust approaches as enabling stronger cybersecurity protections primarily focused on internal matters. Key deployment drivers include:
- 78% of respondents view confidential files — secret, sensitive, and other protected information held within the organization — as the most important data source to include in Zero Trust initiatives.
- 73% of respondents who make decisions on IAM for employees consider Zero Trust solutions as a key design modification.
Top iTechnology Security News: Transmit Security Expands C-Suite, Appoints Chris Kaddaras as Chief Revenue Officer
[To share your insights with us, please write to sghosh@martechseries.com]
