Only a quarter of IT professionals believe that biometrics is the safest way to confirm identity in order to access corporate data, according to new research from IS Decisions.
In fact, no individual technology wins a majority. Biometrics (23%) comes one place behind two-factor authentication (29%), and edged only slightly ahead of the humble old password method, at 19%, physical security keys at 16% and smart threat detection at 10%.
The result adds to the argument that organisations should use multiple layers of protection, and that often no one method of authentication is effective in isolation.
A hazy security future
A lack of consensus continues when IT professionals look further into the future. Only half (49%) expect to see biometric adoption grow in the next five years as a tool to protect against insider threat.
The findings are part of research in IS Decisions’s new report User security in 2015: the future of addressing insider threat, based on a survey of 250 IT professionals in the UK and 250 in the US.
IT professionals are also calling for more help to tackle the issue of insider threat. The research found that an overwhelming 91% want to see industry-wide collaboration on the issue, 78% want clearer guidelines, and only 43% see senior management taking enough responsibility for insider threat.
In terms of IT security budgets, spending has grown by about a third over the last year, but the average amount specifically apportioned to internal security accounts for just 3.6% — despite the increasing potential risks.
Future proofing your internal security
The consensus that we are seeing is a combined approach of better training and technology solutions. Whilst 67% state they plan to look at specific tools, technology and data to help tackle insider threat, they are not likely to be effective in isolation. The research found 57% of insider threat programs will include organization-wide training – demonstrating that a joined-up approach is essential for internal security
François Amigorena, CEO of IS Decisions, commented, “Biometrics is still a relatively young technology as an authentication method, and it’s understandable that organisations don’t want to be security guinea pigs. We’re seeing some consumer use cases but the enterprise often moves more slowly, not least in security where there is natural trepidation.“
“Whether use of biometrics grows in a corporate setting or not, I am a firm believer that organisations should not rely on one security method alone. When biometrics develops, I see it as something companies will add in conjunction with existing authentication methods, rather than replacing them. In addition, user authentication is just a layer in itself; it can be used in conjunction with other restrictions, threat detection and access monitoring.”
“The more layers of protection you have, the better.”
How to better confirm employee identity when accessing corporate data
For Windows networks, UserLock can strengthen access security for all employees to your corporate network.
By applying further restrictions and controls on what all users can do once authenticated, UserLock offers this type of advanced layered protection. When organizations can set and enforce where and how employees access the network, the risk from malicious, exploited and careless users can be significantly decreased.