It is a scenario anyone who works in an office can imagine all too easily; You’ve locked yourself out of your email accounts, and the myriad complexity of your own authentication systems leaves you locked out for hours at a time.
This scenario is felt even more keenly from the IT and security departments charged with managing this system of complexity, according to a new survey conducted by Axiad, who today announced the results of their 2022 Authentication Survey, revealing that executives have their hands full managing the underlying complexity of their authentication practices – a foundational element of most cybersecurity strategies around the globe.
The survey was conducted with 252 U.S. Security and IT executives (Director and above) in organizations of 2,500 or more employees across a broad variety of industry sectors. Respondents pointed to several internal challenges that prevent them from addressing authentication in a systematic fashion across the organization, including the variety of identity types to protect, numerous authentication methods used internally, varied operating systems in use, and existing investments in identity and access management that are often not interoperable.
According to the survey, 70% of security and IT professionals are overwhelmed by significant complexity related to authentication, which is underpinned by these key findings:
- 70% of respondents have 3 or more IAM ecosystems in use; 52% have 4 or more
- 83% said they have both Windows and MacOS operating systems in place; almost half (46%) said they must authenticate against Linux as well
- 89% use 3 or more authentication methods – the most popular are software one time passwords (OTP), passwords and mobile push authentication; 60% use more than 5
- 79% of respondents said it’s critical to secure people; 68% said machines are critical
This internal complexity often forces organizations to operate numerous, often disconnected, authentication strategies across the organization, which creates gaps and inconsistencies that can be exploited by bad actors.
In addition, security and IT professionals are challenged by external factors such as regulatory requirements, which impact how an organization must authenticate and vary widely according to vertical markets, international standards and the public sector. More than half of the organizations surveyed (54%) must comply with four or more regulatory requirements, and 38% must comply with 5 or more. The top regulatory and compliance requirements noted by respondents include ISO/IEC 27002, HIPAA, SOX and GDPR.
According to Bassam Al-Khalidi, Co-CEO & Co-Founder, Axiad, “Organizations today are grappling with a complex mix of systems and requirements, resulting in a siloed approach to authentication. We are seeing the negative repercussions of these fragmented strategies play out on the front pages right now, as cyber attackers are exploiting organizations that aren’t systematic in the way they validate a user (or machine) is who they say they are. To enhance your security posture and optimize protection, you need to tame that internal complexity and take a holistic approach to authentication.”
The IAM ecosystem is a typical example of authentication complexity. Companies merge, make acquisitions, grow internationally and typically end up working with at least 3 different IAM vendors, often 5 or more according to the survey, across the organization. It rarely makes sense to replace all of these disparate systems, but that puts pressure on security/IT professionals to manage the risks caused by interoperability issues and authentication inconsistencies. Magnify this complexity by similar challenges across identity types, authentication methods, operating systems and compliance regulations, and it’s clear why so many executives are overwhelmed.
The 2022 Authentication Survey was conducted on behalf of Axiad by Censuswide in August 2022. An executive summary of these results can be found here; the detailed results of the survey can be found here.