Respectively 23% and 41% of surveyed Australian and New Zealand IT professionals say they are not confident in their current access security systems to support today’s hybrid work environment
COVID-19 quickly ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a new Thales study. 55% of Australian (AU) and 63% of New Zealand (NZ) respondents said traditional security tools such as VPNs are still the primary vehicle for employees accessing applications remotely — likely the reason why 23% (AU) and 41% (NZ) were not confident that their access security systems could scale effectively to secure remote work.
These are among the key insights from the 2021 Thales Access Management Index, a global survey including 152 IT decision makers from Australia and New Zealand, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, to better understand the new security risks and challenges caused by the rise of remote working and cloud transformation caused by the COVID-19 pandemic.
Last year saw a surge in cybercrime exploiting the various aspects of the COVID-19 pandemic and the shift to remote work, with ransomware attacks soaring by 150%. The Thales survey found the pandemic’s effects have had a significant impact on security infrastructure, particularly on access management and authentication frameworks, pushing organisations to adopt modern security strategies like Zero Trust to support the demands of a more mobile and remote workforce.
Era of Remote Working – Concerns Catalyse Change
According to the index, respondents have many different systems deployed for remote access. When asked about the technologies that were in place, VPN was the most common, with 55% (AU) and 63% (NZ) of IT professionals identifying the capability. Virtual Desktop Infrastructure, cloud-based access and Zero Trust network access/software defined perimeter (ZTNA/SDP) closely followed. However, when asked what new access technologies respondents were planning to deploy due to the pandemic, nearly half of respondents globally (44%) indicated ZTNA/SDP was the top technology choice.
Thales also explored respondents’ plans to move beyond traditional VPN environments and found that almost half of organisations expect to replace their VPN with ZTNA/SDP (44% AU / 41% NZ), and 47% of NZ organisations also expect to replace VPM with conditional access, while respectively 50% (AU) and 49% (NZ) expect to move to a Multi-Factor Authentication (MFA) solution. This confirms the need for more modern, sophisticated authentication capabilities is driving change in many organisations and is perceived as a key enabler of Zero Trust security.
“Seemingly overnight, remote access went from being an exception to the default working model for a large swath of employees. As a result, businesses are navigating a volatile and complex world, and adopting a Zero Trust model of cybersecurity will enable them to continue to conduct operations safely amidst the uncertainty,” said Francois Lasnier, vice president of Access Management solutions at Thales. “One of the core barriers businesses face when starting their Zero Trust journey is the balance between locking down access without interrupting workflow. People require access to sensitive data in order to work and collaborate and business leaders will need to ensure that a drop in productivity doesn’t become an unwanted side effect. The research shows that IT professionals increasingly see access management and modern authentication capabilities as key components in achieving a Zero Trust model.”
Room to Grow with Zero Trust
The Thales report found that Zero Trust models are the solution of choice for respondents seeking to improve access environments, yet many are still in the early stage of adoption.
According to the research, only a third (34%) Australian respondents and less than a third Kiwi respondents (26%) claim to have a formal strategy and have actively embraced a Zero Trust policy. Additionally, almost half (46% AU / 47% NZ) are either planning, researching or considering a Zero Trust strategy. Surprisingly, less than a third (30% AU / 26% NZ) of the respondents indicated that Zero Trust shapes their cloud security strategy to a great extent.
Access Security Needs to Adapt to Deal with Dynamic Workplaces
A silver lining of the pandemic-driven rush to remote working is the acceleration of improved approaches to access security. Thales found that 55% of respondents currently have adopted two-factor authentication within their organisations. Regionally, there was notable variation, with the UK leading (64%), followed by the U.S. (62%), APAC (52%) – including 59% AU and 55% NZ – and LATAM (40%). These varying degrees of adoption may be due to the level at which better access management is prioritised in security investments.
Yet, despite the well-known limitations of passwords, investment in MFA still trails other security tools like firewalls, endpoint security, SIEM and email security. Remote access users are still the main use case for 2FA adoption (73% AU / 71% NZ). Over one-third of respondents (37% AU / 39% NZ) use more than three different authentication vendor tools, signaling the need for a more unified approach to access
