Organizations need better methods of authentication for their users to access corporate applications, systems and data sources during the normal course of their work. To validate this thesis, Osterman Research conducted a survey in early June 2013 with members of its survey panel. The survey found that:
- The typical user accesses a median of 10 different applications or systems during a normal workday.
- 14% of users identify current access methods as “painful” – they would like a better or easier way to access corporate resources; another 68% feel that their access methods are reasonable, but could use improvement.
- 82% of respondents sometimes use the same login credentials for multiple systems, resulting in greater risk for their organizations.
- 33% of respondents need to have login credentials reset more than four times per year simply because they forget their username and/or password for the applications and systems needed to do their work.
- The more applications that users must employ in their work, the less satisfied they are with the methods available to access them.
Authentication carries with it a natural tension between the ease of use that users would like to have when accessing corporate systems and the high degree of security that IT would like to impose in order to mitigate the risk of unauthorized access. However, the growing number of applications, systems and data sources – coupled with the Bring Your Own Device and Bring Your Own Credentials phenomena – is increasing the risk that organizations face because of the reduced level of governance that IT departments have over access to corporate systems.
The bottom line is that corporate authentication needs to be improved – organizations cannot simply rely on usernames and passwords to protect their data assets, access to corporate systems and the like. Moreover, customer-facing authentication must also be improved not only to protect the integrity of sensitive information, but because customers and prospects have more choice about where to shop, bank, etc.
It’s important that the appropriate technologies are deployed so that the best balance between security and risk can be achieved. The decision process should include a review of all available technology solutions, including on-premise, cloud-based and hybrid solutions. Here are three vendors to consider, two of which are sponsors of a white paper on authentication that we will publish next week:
- SecureKey: recently announced that its technology was incorporated into MasterCard’s MasterPass digital commerce platform.
- VASCO: recently announced DIGIPASS 280, a credit card-sized device that provides data signing and authentication capabilities.
- CertiVox: recently announced M-Pin, a combination of a managed service and an authentication server that provides two-factor authentication.