2020 saw a gigantic shift of work occurring outside of traditional corporate offices. The trend toward a mobile, distributed workforce had been underway for some time, but the global pandemic kicked it into overdrive, with work from home transforming from a fringe benefit to a critical component in keeping businesses running successfully.
But for wholesale remote work to be viable, it needs to be secure and convenient. And when enterprises no longer can rely primarily on their network security infrastructure as their main defense against outside attacks, what does the new security ecosystem look like?
To answer this question and others related to security in the wake of the pandemic, Ping Identity surveyed over 1,300 senior executives across five countries. The Ping Identity Executive Survey discovered that despite challenging international economic conditions, executives are significantly increasing their investments in IT and information security, both in staff and technology. They are focusing on advancing identity security capabilities while also working to consolidate and rationalize their workforce identity procedures.
Excerpted highlights of the survey indicate that business leaders expect these combined efforts to help address issues of security and compliance as well as employee productivity, furthering the delivery of a superior experience regardless of where work is being done.
Key finding: A majority of global IT departments are adopting Zero Trust
Zero Trust—the security model where network traffic is untrusted by default until it is verified by leveraging real-time context and risk signals—is a growing organizational strategy that encourages security teams to rely less on the safety of network perimeters and more on identity and access management controls. This identity-centered Zero Trust approach provides the means for security no matter where resources are deployed, where employees are working from, or what devices they are using, making it ideal for handling the security challenges of a remote workforce.
Perhaps not surprisingly, we’re seeing an uptick in Zero Trust adoption across the globe. The majority of executives surveyed (82%) said they have deployed some type of Zero Trust element, including piloting principles of Zero Trust, actively deploying or enhancing principles of Zero Trust, and having established, mature Zero Trust principles. In addition, 7 in 10 executives believe their investment in Zero Trust will increase over the next 12 months.
Key finding: Businesses have increased their focus on identity management security capabilities
The global health crisis spotlighted the need to secure remote access so work can get done anywhere. This makes getting workforce identity security right a key success factor in digital transformation today.
Over one half of the executives surveyed said that as a result of the pandemic, they have invested in new identity security capabilities.
Over two thirds of executives said they would be increasing the IAM capabilities of their workforce—ranging from a high of 79% of IT departments in the U.S. to a low of 63% of IT departments in the UK.
Investments and commitments to identity security capabilities are highest in the U.S., where 64% have invested in new identity security capabilities and 79% of executives expect investments in IAM capabilities to increase in the next 12 months.
Key finding: Eliminating identity silos is a priority for Executives
Authentication silos drag down productivity and operational efficiency, prevent business agility, and increase the attack surface. As executives work to ensure organizations are equipped for workforce adjustments with an increased focus on security and efficiency, breaking down identity silos is critical in achieving their aims.
Executives said that their IT departments are consolidating and centralizing their workforce identity authentication procedures:
Nearly one half (46%) of IT departments are creating a unified profile view that syncs with multiple data sources.
One third (33%) said they plan to eliminate legacy stores and consolidate employee profiles and credentials.
Identity security needs for these enterprises are centered around multi-cloud deployments, while still providing coverage for on-premises applications and delivering superior customer experience.
Key finding: Despite an increased emphasis on modern identity security—particularly MFA—executives still cling to traditional network security measures
Modern identity security tools such as adaptive and risk-aware MFA help businesses balance enterprise security and workforce productivity. Adaptive authentication policies, for example, step up security in high-risk scenarios and streamline access for low-risk users and applications. But while their usage is growing, it is far from ubiquitous.
Prior to the pandemic, over one third (38%) of executives estimate that over one half of their employees were using multi-factor authentication. The pandemic has significantly increased the usage of MFA, with 64% estimating that over one half of their employees are now using MFA.
The survey also asked executives to rate the effectiveness of 12 different elements in the prevention of cyberattacks. Although there was significant variation by country, executives tended to rank VPNs, MFA and next-generation firewalls high in effectiveness. The elements that tended to be ranked lower in effectiveness were micro segmentation, least privileged access and user behavior analytics.
Continued Remote Work, Increased IT Spending and More
Everyone is feeling the impact of remote work. Nearly one half of the leaders surveyed said that they expect one quarter or more of their workforce will be spending three or more days away from the central office in 2022, and a strong majority (85%) of executives agree that identity security technology is critical for their workforce’s mobile and user experience.
Here at Ping, we predict that as virtual and online environments continue to be the norm among the corporate workforce, IT executives and departments will be the champions of identity security in 2021 and beyond. Equipping your end users with the tools and security capabilities to increase productivity while preventing security breaches will be critical to the success of your sizable remote workforce.