The InfoSecurity Shift to Adaptive Authentication and Cloud-Based Security
There’s a significant shift in how organizations are viewing information security, according to The Global State of Information Security Survey 2017 (PDF) from PricewaterhouseCoopers (PwC).
Here’s a summary of a few of the major trends:
Opting for Cloud-Based Security
Instead of traditional on-premises systems, 62 percent of organizations are opting for cloud-based managed security services to provide:
- Identity and access management
- Real-time monitoring and analytics
- Threat intelligence
PwC calls out real-time monitoring and analytics as key to proactive threat intelligence - 51 percent of respondents monitor data to detect security risks and incidents.
To help you gain insight into the users and devices accessing your applications, Duo provides security logs and comprehensive reports that can be used to make access policy decisions. Learn more about Device Insight.
“Identity has been at the heart of most every breach in the past two years.” — Richard Kneeley, PwC US Managing Director, Cybersecurity and Privacy.
Phishing has emerged as a significant risk across all companies and every industry. Thirty-eight percent of those surveyed reported phishing scams. Criminals will send phishing emails to employees in order to trick them into sharing their legitimate user credentials, gaining access to company systems and data. See how easy it is to launch a phishing assessment campaign with Duo Insight.
Passwords alone aren’t secure enough to protect against phishing attacks. PwC reports that businesses are adopting advanced authentication, or two-factor authentication technology such as hardware and software tokens, biometrics and smartphone tokens.
Duo recommends using the more secure method of push-based notifications sent to your users’ smartphones to verify their identity, a method of two-factor authentication. As PwC stated in their survey, “authentication must be frictionless and intuitive for end users.”
By eliminating the need to carry an extra device and with the use of an authentication mobile app, users can log into applications securely and quickly without significantly disrupting their workflow. As a result, companies can rest easy knowing only Trusted Users can access their applications and data.
Another trend listed by PwC is the use of additional data points to identify suspicious behaviors and patterns - data such as a user’s login time and location, type of device, network, etc. to create risk-based access decisions.
Duo’s Trusted Access solution allows admins to create User Access Policies that restrict access based on these data points; enabling them to create global enrollment policies based on user privileges, as well as authentication method controls to limit how users access sensitive business applications.
By blocking authentication attempts based on user location, network type or their device, you can reduce risks associated with anonymous networks, countries you don’t do business in, or exposure to out-of-date and risky devices.
Duo’s Trusted Access verifies users’ identities with two-factor authentication and checks the security health of their devices before they can access the appropriate applications. Learn more by downloading the 2016 Duo Trusted Access Report.