- 44% of respondents are not confident that their current access security solutions can effectively enable employees to work remotely in a secure and easy manner
- Nearly half of surveyed IT professionals say they are not confident in their current access security systems to support today’s hybrid work environment
- Traditional security tools such as Virtual Private Network (VPN) continue to reign, despite scalability issues and security risks
COVID-19 quickly ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a new Thales study. Six in 10 UAE respondents said traditional security tools such as VPNs are still the primary vehicle for employees accessing applications remotely — likely the reason why 87% were concerned about the security risks/threats of employees working remotely.
These are among the key insights from the 2021 Thales Access Management Index, a global survey of 2,600 IT decision makers, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, to better understand the new security risks and challenges caused by the rise of remote working and cloud transformation caused by the COVID-19 pandemic.
Last year saw a surge in cybercrime exploiting the various aspects of the COVID-19 pandemic and the shift to remote work, with ransomware attacks soaring by 150%. The Thales survey found the pandemic’s effects have had a significant impact on security infrastructure, particularly on access management and authentication frameworks, pushing organisations to adopt modern security strategies like Zero Trust to support the demands of a more mobile and remote workforce.
Era of Remote Working – Concerns Catalyse Change
According to the index, respondents have many different systems deployed for remote access. When asked about the technologies that were in place, VPN was the most common, with 60% of IT professionals identifying the capability. Virtual Desktop Infrastructure, cloud-based access and Zero Trust network access/software defined perimeter (ZTNA/SDP) closely followed. However, when asked what new access technologies respondents were planning to deploy due to the pandemic, nearly half (44%) indicated ZTNA/SDP was the top technology choice.
Thales also explored respondents’ plans to move beyond traditional VPN environments, and found that nearly 40% expect to replace their VPN with ZTNA/SDP, while 38% expect to move to a Multi-Factor Authentication (MFA) solution. This confirms the need for more modern, sophisticated authentication capabilities is driving change in many organisations and is perceived as a key enabler of Zero Trust security.
“Seemingly overnight, remote access went from being an exception to the default working model for a large swath of employees. As a result, businesses are navigating a volatile and complex world, and adopting a Zero Trust model of cybersecurity will enable them to continue to conduct operations safely amidst the uncertainty,” said John Doley, Director for Access Management at Thales for META region. “One of the core barriers businesses face when starting their Zero Trust journey is the balance between locking down access without interrupting workflow. People require access to sensitive data in order to work and collaborate and business leaders will need to ensure that a drop in productivity doesn’t become an unwanted side effect. The research shows that IT professionals increasingly see access management and modern authentication capabilities as key components in achieving a Zero Trust model.”
Room to Grow with Zero Trust
The Thales report found that Zero Trust models are the solution of choice for respondents seeking to improve access environments, yet many are still in the early stage of adoption.
According to the research, less than a third (30%) of the respondents claim to have a formal strategy and have actively embraced a Zero Trust policy. Additionally, almost half (45%) are either planning, researching or considering a Zero Trust strategy. Surprisingly, less than a third (32%) of the respondents indicated that Zero Trust shapes their cloud security strategy to a great extent.
Access Security Needs to Adapt to Deal with Dynamic Workplaces
A silver lining of the pandemic-driven rush to remote working is the acceleration of improved approaches to access security. Thales found that 55% of respondents currently have adopted two-factor authentication within their organisations. Regionally, there was notable variation, with the UK leading (64%), followed by the U.S. (62%), APAC (52%) and LATAM (40%). These varying degrees of adoption may be due to the level at which better access management is prioritised in security investments.
Yet, despite the well-known limitations of passwords, investment in MFA still trails other security tools like firewalls, endpoint security, SIEM and email security. Remote access users are still the main use case for MFA adoption (71%). One-third of respondents that have adopted MFA use more than three different authentication tools, signaling the need for a more unified approach to access management in the future.
Another crucial element is the awareness of the workforce about the threat landscape that emerges with remote working practice. Human factor is key pillar in cybersecurity and having people well trained paradigm is essential to minimize the risks of the new risks induced by remote working.
“Security tools and approaches need to adapt to better support the era of remote working,” said Eric Hanselman, chief analyst at 451 Research, part of S&P Global Market Intelligence. “The shift towards a Zero Trust model, along with increasing use of modern authentication technologies, like adaptive and multifactor authentication (MFA), will improve organisations’ security posture. This will be an exciting space to watch as businesses continue to deal with dynamic workplace environments.” 
Thales and 451 Research will discuss the global findings in more detail during its upcoming Trusted Access Summit on 5 October 2021. To join, please visit the registration page.