Report: Breaches in the cloud illustrate need for stronger authentication
As organizations increase their reliance on cloud-based services, collaboration tools and enabling users to access networks, the number of security breaches is on the rise. A new study by Forrester Research shows that more than half of the 306 companies surveyed (54 percent) reported a data breach in the previous year.
The report, « Enhancing Authentication to Secure the Open Enterprise, » was conducted by Forrester late in 2010 on behalf of Symantec Corp. The vendor wanted to evaluate how enterprises are evolving their authentication and security practices in response to changing business and IT needs as exemplified by cloud and software-as-a-service (SaaS) adoption, the business use of Web 2.0 services, and user mobility trends.
Password issues are the top access problem in the enterprise, according to the study. Policies on password composition, expiration, and lockout that are put in place to mitigate risk have become a major burden to users, impeding their ability to be productive. They also result in help desk costs due to forgotten passwords.
The Forrester study recommends that organizations implement strong authentication throughout the enterprise, not just for select applications.
Yes, some fears about the cloud are real concerns: maturity of the market, security issues, privacy, and so on. But some are over-stated.
For instance, in the study above, the cloud is not responsible for security breaches. The author clearly ride on a buzz word. We are in the era of the entreprise 2.0, connected with its suppliers/ contractors, its clients, with remote desktop, remote servers, VPN, mobile access, internet access, outsourced IT maintenance & support, etc, and finally cloud apps. It is more a question of access management in the entreprise 2.0: create a clear profile & security attributes for each type of user; and it is also a question of authentication management (SSO, policies, process).
So don’t focus on the ‘Cloud buzz word’: a lot of articles title with ‘Cloud’ but wrongly spread anxiety by discussing the issue of something else.