Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

7/28/2014
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Business and IT Emerge as Essential Allies in the Move to Social IDs and 'Bring Your Own Identity'

New Research from the Ponemon Institute and CA Technologies Shows Value of BYOID, Focus on Mobile and Web Users with Desire for Increased Security

NEW YORK and TRAVERSE CITY, MI — July 28, 2014 — New research shows that both the lines of business and IT departments see value in “Bring Your Own Identity” (BYOID) initiatives, where social networking or digital IDs are used for application login. The groups also agree that more security is needed to increase BYOID adoption. The report, “The Identity Imperative for the Open Enterprise 2014,” conducted by the Ponemon Institute and CA Technologies (NASDAQ: CA), examines business user and IT department attitudes toward BYOID.

“In today’s application-driven economy, access to applications has to be simple and secure. BYOID is an increasingly popular option for simplifying access. It can reduce the need to create new accounts for every site, which leads to registration fatigue and abandoned shopping carts,” said Mike Denning, senior vice president and general manager, Security, CA Technologies. “We are working to make sure we enhance BYOID security without adding friction or complexity.”

The report provided several key insights into BYOID, including the current state of adoption, its perceived value and views toward the identity providers and how BYOID could be enhanced.

Current State

BYOID deployment using social IDs is still in its infancy, but interest is high, especially for mobile and web customer populations. There is a high level of interest in BYOID and using social identities such as Facebook, LinkedIn or Yahoo, with 50 percent of IT and 63 percent of business users expressing high or very high interest. Customers engaging with the business via the Web and mobile device were highest rated for targeted digital identity engagement, eclipsing other populations such as job recruits, employees, contractors and retirees.

Perceived Value

Identity is now viewed as a contributing growth asset as well as a security component. Both IT and business users agreed that an important reason for BYOID adoption in their organization was to achieve a stronger identity credential and get a higher level of confidence that a user is who he says he is (69 percent and 65 percent respectively). But business users cited capturing attributes about users as the biggest benefit (95 percent). This indicates an evolving view of identity. No longer viewed as simply a component for protecting data, identity is now seen as a value asset that can provide data which could drive incremental revenue and help maintain customers.

Enhancing BYOID

Additional security developments could drive increased BYOID adoption. The majority of IT and Business users said “identity validation processes” would help increase BYOID adoption (72 percent and 70 percent respectively). Implementing fraud risk engines also rated among the top three across both groups. Interestingly only 27 percent of business respondents believed formal accreditation of the identity provider was very important / essential, while 59 percent of IT users believe formal accreditation is very important / essential.

Perception of Identity Providers

Respondents’ preferred identity provider varied based on the situation and region. When asked what social ID was of most interest to their organization, IT users ranked PayPal as the preferred identity provider across all regions. Business user responses varied with Amazon edging out PayPal and Microsoft. When asked what social ID respondents preferred as a consumer, Google was highest ranked among both IT users and business users.  

“A holistic examination of the attitudes uncovered in the research show two clear views of identity,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “IT continues to take a traditional risk-based, security view of dealing with identities, while the business side takes a more value-based, customer-centric view of identity. In order to gain the most value from any BYOID initiative, these two groups must collaborate and become allies for secure business growth.”

Resources

 

·         “The Identity Imperative for the Open Enterprise 2014: Examining IT and Business Attitudes Toward Bring Your Own Identity.”

·         Infographic: Are Business and IT Getting Off on the Wrong Foot with BYOID?

·         Webcast: BYOID: New Ponemon Institute Study on Key Digital Identity Trends.

·         Blog: Get Ready for the BYOID Balancing Act, by Bob Scheier.

 

About the Study

The study was commissioned by CA Technologies and conducted by the Ponemon Institute, an independent research firm specializing in privacy, data protection and information security policy. It surveyed 3,115 IT and business professionals located in the North America, Brazil, United Kingdom, France, Germany, Italy, India and Australia. One hundred percent of the respondents were from organizations with more than 1,000 people; 75 percent were from organizations with $500 million or more in annual revenue. The study was completed at the end of June 2014.

About CA Technologies

CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. Learn more about CA Technologies at: www.ca.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12441
PUBLISHED: 2020-08-06
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.
CVE-2020-13793
PUBLISHED: 2020-08-06
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
CVE-2020-16207
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the appli...
CVE-2020-16211
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2020-16213
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or ...