Despite Breaches, Alarming Number of Companies Lack Security Controls for Accessing Enterprise Applications, According to Latest Research 2

Independent Study Respondents Recognize Need for More Stringent Access Controls, Yet 60 Percent of Organizations Do Not Require Multifactor Authentication for Non-Employees Accessing Enterprise Applications

October 27, 2015

5 Min Read


CAMPBELL, Calif. – Oct. 21, 2015 – Vidder Inc., the inventor of precision application access, today announced the results of the Enterprise Application Security Market Research Report, an independent study conducted by King Research to understand the current state of controls for enterprise application access; which stringent access controls are deemed useful; and to what extent these access controls are being implemented. The survey of more than 400 InfoSec professionals reveals that despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall.

Survey respondents also ranked as “highly useful” those solutions that enforce multifactor authentication (MFA) across all users at all times; hide app servers from all devices and unauthenticated users; ensure end-to-end encryption and integrity; and give complete control of who can connect to what, independent of app location, device type and user affiliation. These solution descriptions are all characteristics of the Software Defined Perimeter (SDP) model for secure connectivity. The highest ranked solution is one that does all of the above, according to respondents.

While MFA was indicated as a “highly useful” solution, those surveyed said 60 percent of their organizations do not require MFA for non-employees to access enterprise applications. In addition, while 57 percent of respondents’ organizations allow Bring Your Own Device (BYOD) for access to enterprise applications, 42 percent do not require non-employees to adhere to the corporate BYOD policies.

“This survey is unique in gathering information around enterprise application access, stringent controls, and the usefulness of solutions InfoSec professionals believe would best protect their organizations from becoming tomorrow’s headline,” said Ross King, Principal Analyst of King Research. “For example, we found that more than half of respondents (57 percent) said they have long-term contractors who need access to company information, and these contractors may or may not reside on-premise. But when asked which authentication type is typically used when providing non-employees access to enterprise applications, nearly half (42 percent) responded that simple passwords are used.”

For a copy of the study, see:

Other key findings of the research include:


·         Sixty-three percent of respondents said that 10 percent or more of their enterprise applications are behind the corporate firewall and are accessed by non-employees.

·         When asked to score criteria importance for selecting enterprise security products and services on a scale of 1 to 10, respondents scored “Compliance” the highest with a near 7.6 score. The second most important criterion was “Security Advantage by Using Superior Technology,” with a score of 7.5.

·         One-third of the respondents said they have heard of the new Software Defined Perimeter (SDP) model.

·         The respondents also said their top security concerns, on a scale of 1 to 10, are server vulnerabilities (7.6), phishing (7.3), server misconfigurations (7.3), and denial of service attacks (6.9).


“Executed properly, multifactor authentication is very secure,” said Anna Luo, Senior Director of Marketing at Vidder. “But highly stringent controls have proven to be too complex for users to adopt. This complexity is likely the reason why so many organizations do not have the controls needed in place, and why the research findings reveal that characteristics of software defined perimeter are seen as ’highly useful‘ in these areas. SDP’s built-in transparent multifactor authentication executes for every user, every connection, every time. It has no impact on user experience. The attackers have no ability to simultaneously compromise both the device and user, and it is extremely effective to counter the threats of credential theft.”

This independent research project was underwritten by Vidder, Inc., and the research was wholly and independently conducted by King Research. Administered from June through August, the research consisted of an online survey, with a total of 408 people responding. More than 16 percent of respondents identified themselves as working in the technology industry, followed by financial services at more than 10 percent, and government at more than 8 percent.


About King Research
King Research provides a range of qualitative and quantitative research services that result in clients gaining a clear understanding of what their global customers and prospects need and value. The company’s core competencies are: solid, proven research methodologies; deep expertise with a wide range of technologies; and expertise in conducting research projects in North America, Europe and Asia/Pacific. For more information, visit


About Vidder

Vidder PrecisionAccess stops cyberattacks by “shrinking” the perimeter and creating a new layer of defense around individual applications. The trust-before-connect architecture keeps everyone outside the new perimeter, hiding application servers from all users and devices. Only trust-verified users are allowed connectivity at the application-level, reducing the attack surface to near zero. Combined with transparent multi-factor authentication executed for every user and every connection, PrecisionAccess defeats credential theft, server exploitation, man-in-the-middle, DOS, and lateral movement attacks. Offered as a service, PrecisionAccess delivers OpEx and CapEx savings, and accelerates agility associated with cloud, BYOD and collaboration, while reducing risk for traditional IT. In 2015, Gartner named Vidder a Cool Vendor in Cloud Security Services. The company’s headquarters are in Campbell, Calif. For more information, visit



Vidder is a registered trademark of Vidder in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights