SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
1 in 4 organisations relying solely on passwords to secure BYOD
Tue, 7th Nov 2017
FYI, this story is more than a year old

Bitglass has released the findings from its newest research, ‘BYOD and Identity', which are alarming to say the least.

The data was taken from more than 200 IT and security professionals that were surveyed at the recent Gartner Symposium/ITxpo conference.

One in four organisations don't have multi-factor authentication (MFA) methods in place to secure bring your own devices (BYOD) – they simply rely on the vulnerable password.

Despite being a well-known enterprise security gap, BYOD are the bane of almost all IT operators today with the constant drive for flexibility and mobility often overtaking the need for security.

CEO of Bitglass, Rich Campagna says simply using passwords (i.e. single-factor authentication) to control user access to corporate data, has resulted in several high-profile data breaches in recent months, including Zomato, Deloitte and Microsoft.

“Enterprises often misjudge the effectiveness of traditional security solutions, many of which are readily bypassed,” says Campagna.

“The BYOD boom exposes organisations to risks that can only be mitigated with data-centric solutions that secure access.

The report also delved into the top cloud security priorities for organisations, with BYOD security and access taking the top honours. External sharing came out with 45 percent, malware protection on 40 percent, and unmanaged BYO device access on 40 percent.

Bitglass says in order for organisations to meet these needs, new security solutions need to be adopted.

One encouraging statistic was that three quarters of respondents already have encryption and on-premise firewalls in place to protect corporate data, with more starting to deploy Secure Web Gateways and cloud access security brokers.

And in terms of new technologies, many organisations still have concerns with the latest authentication methods.

A whopping 61 percent of the respondents have reservations about Apple's Face ID technology as a viable method of BYOD authentication.

It would seem traditional authentication methods like passcodes, PIN codes, and fingerprint recognition are familiar and trusted by enterprises, while facial recognition technologies remain unproven.

Highlights of the survey include:

  • 28 percent of respondents have no multi-factor authentication methods in place for BYOD access
  • For those using MFA for BYOD, third party applications (42 percent) and SMS tokens (34 percent) are the most popular methods used 
  • External sharing is rated the leading cloud security concern for professionals surveyed (45 percent)
  • Also listed as top security concerns are malware protection (40 percent) and unmanaged device access (40 percent)
  • 61 percent of respondents have reservations about Apple's Face ID technology
  • Top Apple Face ID concerns include accuracy of face detection (40 percent), prevention of unauthorised access (30 percent) and speed of face detection (24 percent)