Security Concerns are Preventing Cloud and SaaS Adoption, According to Latest Ping Identity Survey
January 23, 2019Ping Identity today released results of the Ping Identity 2018 Survey: The State of Enterprise IT Infrastructure & Security, describing the recent nature of enterprise IT infrastructures and what companies are doing in response to the current data breach climate. MarketCube was commissioned by Ping to survey more than 300 large enterprise IT and security professionals across the United States to determine the most effective security strategies to guard sensitive information, and the price they pay when hackers strike.
The survey reveals that today’s enterprise IT infrastructures are not largely hosted in the public cloud, nor are they SaaS-based, with security being the single largest barrier when it comes to cloud and SaaS adoption. With the recent rise in breaches and privacy incidents, enterprises are prioritizing the protection of their customers’ personally identifiable information.
Key findings include:
- Most Infrastructure is Hybrid: Less than one quarter (21%) of IT and security professionals say that more than one half of their IT infrastructure is hosted in the public cloud, and 15% say more than one half is comprised of SaaS applications. Seventy-five percent say that at least some percentage of their IT infrastructure is hybrid-meaning a mix of cloud, on-premises and SaaS.
- Security Concerns Holding Back Adoption of Cloud & SaaS: Security was cited as the number one barrier to cloud and SaaS adoption. Forty-three percent of respondents said it’s the biggest obstacle to cloud adoption, and 37% claimed it’s the biggest barrier to SaaS adoption.
- Enterprises are Spending More to Protect Customer Identity: More than one quarter (27%) of respondents’ organizations have experienced a breach of customer identity data stored in a public cloud, on-premises or in a SaaS application provider’s cloud. Nearly three-quarters of respondents (71%) say their organizations are spending more on protecting customer identity data in May 2018 as compared with May 2017; just one percent say that spend has decreased.
"With security as the biggest barrier to cloud and SaaS adoption, it’s no wonder we’re seeing enterprises prioritize their security investment-especially following a year that was defined by data breaches," said Richard Bird, chief customer information officer, Ping Identity. "Safeguarding customer, proprietary and partner data is more important than ever for enterprises seeking to build trust and transition to a more hybrid IT infrastructure. It’s imperative that IT professionals understand the value and effectiveness of the right security controls for their organizations before taking a blanket approach to protecting their data."
What’s in Use vs. What’s Working
- Multi-factor Authentication: Ninety percent of respondents say multi-factor authentication (MFA) is an effective security control to protect identity data in public clouds, yet only 60% say their organizations actually utilize it.
- Single Sign-On and Biometric Authentication: IT and security professionals also see identity federation (single sign-on) and biometric authentication as two of the top five most effective security controls, but these technologies have relatively low adoption rates among their organizations. For instance, 80% of respondents say that identity federation, role- or attribute-based policies, and biometric authentication are largely effective to protect access to identity data in public clouds. Despite this, adoption rates are low: only 34%, 38% and 22%, respectively.
While enterprise investment in security has increased in the past year and IT professionals understand what technologies are most effective at protecting data, they are not always implementing more effective security controls.
Bird added, "This is perhaps because identity federation can be complex to implement if the chosen solution is not architected for hybrid IT environments, whereas deploying multi-factor authentication is often a simpler solution. Biometric authentication is still an emerging technology and therefore may not be as commonplace as more established security controls."
For more information on the Ping Identity 2018 Survey: The State of Enterprise IT Infrastructure & Security, click here.