The findings in the latest Thales’ Access Management Index reveal that 57% have adopted two factor authentication, but major access control gaps remain leaving digital identities at risk - and a “staggering” 82% of Auastralian organisations and 86% of New Zealand organisations are concerned about the security risks / threats of employees working remotely - yet, 41% (AU) and 53% (NZ) of organisations do not have an access management solution deployed.
Thales says that while many organisations viewed security as an important investment during the pandemic, it lagged behind investment into infrastructure and cloud as the number one priority.
And for organisations across the region, the most important investment during COVID-19 has been infrastructure / cloud (51% AU / 45% NZ), followed by security and privacy (27% AU / 39% NZ).
According to Rana Gupta, APAC Regional VP, Authentication & Encryption for Thales,“With the move to remote work and cloud, organisations’ perimeters have extended beyond their physical walls.”
“Most employees today – as well as customers and partners – gain access to the work applications and data from outside of an organisation’s walls, whether those are on the network or in the cloud. Digital identities have become the new perimeter.”
According to Thales, humans remain organisations’ weakest link and this has yet again been demonstrated by the OAIC’s latest January-June 2021 Data Breaches Notification report which shows that data breaches resulting from human error accounted for 30% of notifications - and business and technology leaders need to look at new ways to secure the access to organisations’ expanding digital walls, and much stronger access controls are needed..
Despite a world where digital identities are the new perimeter, traditional security policies and practices are still largely in use according to the report:
- 55% (AU) and 63% (NZ) of employees use a VPN
- 50% (AU) & 55% (NZ) of employees use virtual desktop infrastructure
However the study also reveals that many organisations are planning to move away from VPN, instead replacing it with: Multi-factor authentication (MFA) solutions (49% across the region), Zero Trust network access / SDP (44% AU / 41% NZ), and other Identity and Access Management solutions with different levels of access control.
Only 9% (AU) and 18% (NZ) of organisations are not planning to move away from VPN.
The report also ntes that stronger Identity and Access Management (IAM) tools are on the rise with 59% (AU) and 55% (NZ) of organisations adopting two factor authentication (2FA) - while overall, multi-factor authentication (MFA) has been deployed for 73% (AU) / 71% (NZ) of remote/mobile and non-IT employees and staff. But major gaps still remain:
- 34% (AU) and 29% (NZ) of organisations are deploying three to five different authentication vendor tools, which increases complexity for IT teams and for users
- 41% (AU) and 53% (NZ) of organisations do NOT have an access management solution deployed
- 23% of AU organisations and an alarming 41% of NZ organisations are either somewhat not confident or not at all confident that their current access security solutions can effectively enable employees to work remotely in a secure and easy manner
Third-parties are often not part of organisations’ security strategies or submitted to the same levels of security controls, and the report found:
- Only 43% (AU) and 64% (NZ) of third parties, and 40% (AU) / 50% (NZ) of customers have MFA/2FA in place
- Those numbers drop even lower when it comes to on-premise
“Our report shows the critical need for ANZ organisations to rethink their access control strategies and look at Identity and Access Management (IAM) as an organisation wide strategy and not a siloed security approach,” Gupta said..
“As we move away from perimeter-based security models, managing access to the organisation’s critical resources needs to become THE central function of any security strategy that essentially needs to be based on the new mindset of Zero Trust. You can’t let any user – from within or outside of the organisation – bypass your access management strategy. It takes one single non-secure access to compromise the entire organisation.”
The report also reveals that amongst the technologies ANZ organisations are planning to deploy due to the impact of the pandemic and remote work:
- Zero Trust network access / SDP is the most popular (49% AU / 45% NZ)
- Zero Trust network access / software defined perimeter is now used by 53% (AU) and 49% (NZ) of organisations
“Too many networks and applications currently run on ‘assumed trust’ systems,” said Gupta.
“A Zero Trust model views trust as a vulnerability – any user or device looking to access confidential data cannot and should not be trusted by default. Instead, the idea is to follow a ‘trust no one, verify everyone continuously’ mindset. But to achieve this it is vital business leaders take a more active role in setting the organisations’ access control strategy alongside their technology leaders.
“Again, this is a question of mindset across the entire organisation, before it can be brought to life by investing in the right Identity and Access Management technologies.”