The 2019 Access Management Index report revealed by Thales has provided a quick glimpse of how corporations’ top IT decision makers are coping with cloud-computing push by the industry. 49% of the 1050 IT corporate leaders suggest that they will not embrace cloud computing at this time, due to the issue of becoming a target of cyber criminals. 54% of the respondents also believe that having a crude infrastructure for IoT devices. Securing web portals is also a huge challenge for companies, as highlighted by 50% of the respondents.
Unlike traditional computing with a mature user access management, it is not yet established in the cloud. Many companies are highly dependent on their corporate Windows Domain account for authentication, Active Directory is the very glue that identifies users to the corporate computing system and also supported in Linux-based workstations too. However, fully embracing cloud-computing with its cloud-based apps, that tight user account control and management is abandoned. Corporations will have to rely on the vendor for the authentication system compared to the user of their Windows Domain Controller server to perform such function as they did for many decades.
Ninety-seven percent of those who were surveyed believe that cloud access management maturity is required, in order for their respective companies to be enticed. A third of the respondents claim that their organizations hire CISO (Chief Information Security Officer) in an effort to counter any chance of their companies becoming the next target of cyber attacks. However, they also admitted that only 14% of the CISO hired have actual decision making powers in order to decide for the company’s security arrangements, including the power to make a judgement call for what particular cloud computing platform to sign-up for.
Selecting vendors for specific solutions were delegated to 79% of the CISO, but they have no final say, their decision can be reversed by a higher-ups in their respective firms. In fact, 48% of the companies still rely on their executives when regards to critical IT infrastructure decision, usually done by a CIO (Chief Information Officer). Respondents highlighted that there is a non-visible connection between the implementation arm and decision-making arm in their organizations.
The awareness of cybersecurity risks have increased though, to a point that 94% of the respondents confessed that their security arrangements change due to the news of cyber attacks against other organizations. The turn-over for the change is very quick, in just a matter of 12-months. 52% of the companies in the survey also clarified their IT security policy on access management to all its staff. Spending on user account security has increased for the 45% of the respondents, with 44% of them having escalated the critical concern to the board-of-directors.
The report concludes with the statistics of difficulty of integration, human error and cost as the critical factors when dealing with an IT risk. 40% has cost as the main factor for consideration when establishing a stronger IT security infrastructure, while with the new system, human error (39%) may wipe-out the gains of such a system. Integration with the current applications is 36% of the most concern aspects of change. As businesses depend more on applications, they cannot easily migrate it to another platform.