The State of Enterprise IT Infrastructure and Security
When it comes to cloud adoption, there’s a common misconception that many of today’s enterprises are already operating IT in the cloud. While cloud infrastructure is certainly on the rise, the reality is that it still only represents a small portion of the average enterprise’s overall IT infrastructure. Instead, most companies take a hybrid approach.
Generally speaking, the more complex an IT environment becomes, the greater the risk of hacking becomes – especially breaches of sensitive data. Today, following a year marked by high-profile data breaches, security is top of mind for most enterprise companies. New tools and technologies are being tested in an effort to prevent such attacks. But critical questions still remain – in particular: Are enterprises implementing the right security strategies for increasingly complex hybrid IT environments?
To answer this question, Ping Identity surveyed 300+ enterprise IT and security professionals at large organizations across the United States. Now available here, the report examines the strategies that today’s enterprises commonly deploy, which ones are considered most effective, and the price organizations pay when they find themselves victimized.
Key findings include:
Barriers to Cloud and SaaS Adoption
Contrary to popular belief, enterprise IT infrastructure is not largely hosted in the public cloud, nor is it SaaS based. In fact, the majority of respondents says less than one half of their IT infrastructure is hosted in such environments. Respondents share that security is the biggest adoption barrier for both, suggesting enterprises must first address these challenges before looking to expand into cloud or SaaS environments. As enterprises grow, security becomes an even greater barrier to cloud adoption.
Business Impact of Breach
Security concerns are clearly warranted; more than one quarter of enterprises surveyed have already experienced a data breach. Many suffered lost money and customers, while some faced less obvious repercussions, like lawsuits and legal investigations. This shows the damaging, long-term and sometimes intangible effects of privacy breaches involving customer data.
Enterprises Investing in Security
With the prevalence of recent breaches and privacy incidents, enterprises are prioritizing the protection of their customers’ personally identifiable information (PII). Investment in this area has increased substantially over a 12-month period (May 2017 to May 2018).
What’s in Use vs. What’s Working
Enterprises say that multi-factor authentication is the most effective security control to protect identity data. In addition, IT/security professionals see identity federation (single sign-on) and biometric authentication as two of the top five most effective security controls, but these technologies have a relatively low adoption rate among their organizations (less than 38%).
With security being the biggest barrier to cloud and SaaS adoption, IT leaders know where to focus their agendas if they want to enable a more flexible, hybrid IT infrastructure. While enterprise investment in security has increased in the past year and IT professionals understand what technologies they should employ to protect data, they aren’t relying on these controls as much as others they consider less effective. This is perhaps because identity federation can be complex to implement if the chosen solution is not architected for hybrid IT environments, whereas deploying MFA is often simpler. Biometric authentication is still an emerging technology and therefore may not be as commonplace as more established security controls.
In an increasingly heated regulatory environment with more pressure than ever for companies to protect identity data, enterprises must be strategic in how they prioritize and deploy security controls. Failing to do so puts them at risk of losing the trust of their customers, lawsuits, management shake-ups and costly regulatory penalties.
Ping Identity commissioned MarketCube to conduct a survey of 301 U.S. IT or security professionals at enterprises with 5,000 or more employees. The survey was conducted online between May 17 and May 24, 2018. The margin of error is plus or minus 5.6 percentage points.