COVID-19 ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a new Thales study.
Six in 10 respondents said traditional security tools such as VPNs are still the primary vehicle for employees accessing applications remotely, likely the reason why almost half (44%) were not confident that their access security systems could scale effectively to secure remote work.
These are among the key insights from the 2021 Thales Access Management Index, a global survey of 2,600 Information Technology (IT) decision makers, commissioned by Thales.
The survey aims to better understand the new security risks and challenges caused by the rise of remote working and cloud transformation caused by the COVID-19 pandemic.
Last year saw a surge in cyber crime exploiting the various aspects of the global COVID-19 pandemic and the shift to remote work, with ransomware attacks soaring by 150%.
The Thales survey found the pandemic’s effects have had a significant impact on security infrastructure, particularly on access management and authentication frameworks.
This has therefore pushed organisations to adopt modern and advanced security strategies like Zero Trust to support the demands of a more mobile and remote workforce.
Era of remote working concerns catalyse change
According to the index, respondents have many different systems deployed for remote access.
When asked about the technologies that were in place, Virtual Private Network was the most common, with 60% of Information Technology professionals identifying the capability.
Virtual Desktop Infrastructure, cloud-based access and Zero Trust network access/software defined perimeter (ZTNA/SDP) closely followed.
However, when asked what new access technologies respondents were planning to deploy due to the pandemic, nearly half (44%) indicated ZTNA/SDP was the top technology choice.
Thales also explored respondents’ plans to move beyond traditional VPN environments, and found that nearly 40% expect to replace their VPN with ZTNA/SDP, while 38% expect to move to a Multi-Factor Authentication (MFA) solution.
This confirms the need for more modern, sophisticated authentication capabilities is driving change in many organisations and is perceived as a key enabler of Zero Trust security.
“Remote access went from an exception to the default for a large swath of employees.”
“As a result, businesses are navigating a volatile and complex world, and adopting a Zero Trust model of cybersecurity will enable them to continue to conduct operations safely amidst the uncertainty,” said Francois Lasnier, VP of Access Management solutions at Thales.
“One of the core barriers businesses face when starting their Zero Trust journey is the balance between locking down access without interrupting workflow.”
“People require access to sensitive data in order to work and collaborate and business leaders will need to ensure that a drop in productivity doesn’t become an unwanted side effect.”
“The research shows that IT professionals increasingly see access management and modern authentication capabilities as key components in achieving a Zero Trust model.”
Room to grow with Zero Trust
The Thales report found that Zero Trust models are the solution of choice for respondents seeking to improve access environments, yet many are still in the early stage of adoption.
According to the research, less than a third (30%) of the respondents claim to have a formal strategy and have actively embraced a Zero Trust policy.
Additionally, 45% are either planning, researching or considering a Zero Trust strategy. 32% respondents indicated that Zero Trust shapes their cloud security strategy to a great extent.
Access security needs to adapt to dynamic workplaces
The pandemic rush to remote working led to acceleration in approaches to access security.
Thales found that 55% of respondents have adopted two-factor authentication in companies with variation in the UK (64%), followed by the U.S. (62%), APAC (52%) and LATAM (40%).
These varying degrees of adoption may be due to the level at which better access management is prioritised in security investments.
Yet, despite the well-known limitations of passwords, investment in MFA still trails other security tools like firewalls, endpoint security, SIEM and email security.
Remote access users are still the main use case for MFA adoption (71%).
One-third of respondents that have adopted MFA use more than three different authentication tools, signaling the need for a more unified approach to access management in the future.
“Security tools and approaches need to adapt to better support the era of remote work,” said Eric Hanselman, chief analyst at 451 Research, part of S&P Global Market Intelligence.
“The shift to a Zero Trust model, with increasing use of modern authentication technologies, like adaptive and multifactor authentication (MFA), will improve company’s security posture.”
“This is an exciting space to watch as businesses continue to deal with dynamic workplaces.”