Use of security questions to verify users' identities declined throughout 2015 as SMS authentication grew, according to an audit of cloud-application usage that also revealed small businesses were as likely as large ones to adopt cloud applications.
The latest Businesses@Work survey, conducted by application-authentication provider Okta based on usage statistics collected from its users, suggested businesses had overcome early concerns about cloud security and were enthusiastically adopting managed-authentication tools to secure a growing number of cloud applications.
Businesses' sweet spot for cloud usage sat at between 10 and 16 apps – up 20 percent from a year earlier – but a particularly significant finding was the use of application-authentication tools by partners and customers external to the organisation.
External identities surpassed internal identities for the first time in Okta's latest findings, growing 488 percent over the previous year compared with growth in internal identities of 138 percent. Some 83 percent of customers and partners using at least one off-the-shelf cloud app, and the average customer or partner was accessing 5 total applications using the company's authentication tools.
These figures suggest a rapidly changing security landscape within companies adopting cloud technologies, which have long been fingered as confounding factors to security practitioners' attempts to boost overall security in the face of growing cloud-application adoption.
“Enterprises are more focused than ever on securing corporate data outside the firewall,” the report's authors noted, “but they also don't want to slow their end-users down with cumbersome second factors. While nothing has emerged as an obvious trend [to replace security questions and SMS]... the fastest growing factors are those focused on end user experience.”
Strong demand for cloud-based authentication – which for some time remained a bugbear of security providers who struggled to implement consistent authentication of cloud resources in environments dominated by pre-cloud security tools – has driven growing investment in the authentication tools market, with Okta rival Centrify also reporting strong growth and integrators like cloud-computing consultancy Paradyne jumping on the authentication bandwagon early on.
Strong use of cloud-authentication capabilities was reflected in the widespread use of Okta's tools to roll out a range of online applications – most significantly Microsoft Office 365, which has rapidly grown in popularity and recently passed Salesforce.com to become the most frequently-commissioned cloud application amongst Okta's user base.
Box, the third most-commonly authenticated app, is the most common cloud-storage tool, followed by cloud applications including Google Apps, Amazon Web Services, Concur, Zendesk, LinkedIn, DocuSign, Dropbox, Twitter, and the Slack messaging app – which beat Tableau and New Relic to finish as the fastest-growing cloud app in the second half of 2015.Read more: As cloud rolls in, SunRice plants infrastructure seeds with security refresh
Security Assertions Markup Language (SAML), used in 90 percent of Okta customers, was by far the most popular security policy – well ahead of deprovisioning (43 percent) and multi-factor authentication, used by just 30 percent.
Google Apps, Microsoft Office 365, Ultipro, Concur, and Slack were the five most widely-deployed cloud apps, all being rolled out to 75 percent of employees or more. The least widely assigned apps, suggesting those with a niche purpose within the business, were Microsoft Azure and Amazon Web Services. A cluster of apps with approximately the same low frequency – including Twitter, Facebook, NetSuite, Google Analytics, FedEx US, and New Relic – suggested these tools were typically rolled out together to specific business units.
Google Apps was most popular in Internet, marketing and advertising, and education companies while Office 365 was most dominant in finance, biotechnology, and construction firms.
The survey also identified regional variations in the use of some types of cloud apps, with Asia-Pacific companies trailing North America in adoption of sales & marketing (53.3 percent versus 71.3 percent); HR apps (21.1% vs 55.2%); videoconferencing (24.4% vs 42.6%); and expense management (11.1% vs 42.5%) applications.
Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.
- All I want for Xmas is to hire some Cyber Security Professionals
- 2016 Predictions: Information Technology
- For the first time Samsung’s and Google’s Android security fixes sync up
- Authentication authority. Access security authority. Identity intelligence authority
- Where Is Identity Management Heading?
- Centralised content, granular permissions lead Dropbox Business security play
- Krebs warns of cyber criminal mind shift