COVID-19 quickly ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a new Thales study.
Six in 10 respondents said traditional security tools such as VPNs are still the primary vehicle for employees accessing applications remotely — likely the reason why almost half (44%) were not confident that their access security systems could scale effectively to secure remote work, according to a global survey of 2,600 IT decision makers, commissioned by Thales and conducted by 451 Research.
According to the study, respondents have many different systems deployed for remote access. When asked about the technologies that were in place, VPN was the most common, with 60% of IT professionals identifying the capability.
Virtual Desktop Infrastructure, cloud-based access and Zero Trust network access/software defined perimeter (ZTNA/SDP) closely followed.
However, when asked what new access technologies respondents were planning to deploy due to the pandemic, nearly half (44%) indicated ZTNA/SDP was the top technology choice.
Thales also explored respondents’ plans to move beyond traditional VPN environments, and found that nearly 40% expect to replace their VPN with ZTNA/SDP, while 38% expect to move to a Multi-Factor Authentication (MFA) solution. This confirms the need for more modern, sophisticated authentication capabilities is driving change in many organisations and is perceived as a key enabler of Zero Trust security.
The Thales report found that Zero Trust models are the solution of choice for respondents seeking to improve access environments, yet many are still in the early stage of adoption.
According to the research, less than a third (30%) of the respondents claim to have a formal strategy and have actively embraced a Zero Trust policy. Additionally, almost half (45%) are either planning, researching or considering a Zero Trust strategy. Surprisingly, less than a third (32%) of the respondents indicated that Zero Trust shapes their cloud security strategy to a great extent.
Access Security Needs to Adapt to Deal with Dynamic Workplaces
A silver lining of the pandemic-driven rush to remote working is the acceleration of improved approaches to access security. Thales found that 55% of respondents currently have adopted two-factor authentication within their organisations.
Regionally, there was notable variation, with the UK leading (64%), followed by the U.S. (62%), APAC (52%) and LATAM (40%). These varying degrees of adoption may be due to the level at which better access management is prioritised in security investments.
Yet, despite the well-known limitations of passwords, investment in MFA still trails other security tools like firewalls, endpoint security, SIEM and email security. Remote access users are still the main use case for MFA adoption (71%). One-third of respondents that have adopted MFA use more than three different authentication tools, signaling the need for a more unified approach to access management in the future.
“Security tools and approaches need to adapt to better support the era of remote working,” said Eric Hanselman, chief analyst at 451 Research, part of S&P Global Market Intelligence. “The shift towards a Zero Trust model, along with increasing use of modern authentication technologies, like adaptive and multifactor authentication (MFA), will improve organisations’ security posture. This will be an exciting space to watch as businesses continue to deal with dynamic workplace environments.”