Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

03:10 PM
Connect Directly

Cloud Usage, Biometrics Surge As Remote Work Grows Permanent

A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

The rapid, and in some cases permanent, shift to remote work forced organizations to swiftly adopt cloud services and rethink how they protect corporate data. Researchers report spikes in cloud application authentication, devices with biometrics enabled, and device-based policies.

Related Content:

Digital Transformation Means Security Must Also Transform

The Changing Face of Threat Intelligence

New on The Edge: The Double-Edged Sword of Cybersecurity Insurance

Dave Lewis, global advisory CISO for Cisco's Duo Security, elaborates on shifts in organizations' authentication choices. More than 80% of active customer devices have biometrics enabled, and total devices with biometrics rose 64%. At the same time, the number of companies with policies to disallow SMS-based authentication increased by 7.4%, marking an 85% increase in the number of businesses banning SMS as an authentication method between 2019 and 2020.

"It's definitely been a push this year, and I think a lot of that is driven out of the fact that we have so many organizations being remote now and for the foreseeable future – for the next year or so at least – and they're taking time to reassess where they are," Lewis explains. CISOs have shifted away from static passwords, towards multifactor authentication and biometrics.

Some security leaders face groups of employees who push back, he notes, but often these challenges fade once people start using new forms of authentication.

"A lot of the CISOs are saying the big problems are not deploying MFA, but deploying it across the enterprise," Lewis says. "There are multiple aspects to every enterprise that we have to take into consideration, different business units, and navigating that internally and trying to win over allies within the business is where they have to spend more time to win support."

The pandemic also drove a surge in cloud adoption, an initiative most businesses had begun but were forced to accelerate. Researchers found the average number of daily authentications to cloud apps jumped 40%, an increase at least partly driven by the pandemic. Organizations had little time to reach that level of maturity and consolidate and streamline their operations.

Part of this consolidation involves bringing together services across geographies, Lewis says. Many businesses have a global footprint and a support structure broken down by location, so, for example, each country has its own email support system. Now they want to implement a single approach across the board so they don't have "a disparate hodgepodge of systems" cobbled together under one banner, he adds.

Buckling Down on Updating Remote Devices
During the first three weeks of March, authentication failures due to outdated devices grew 90.5%, according to the annual Duo Trusted Access Report. Many users accessed corporate data and applications from their own unmanaged devices during the initial shift to remote work; if their devices hadn't been updated recently, they were more likely to fall outside corporate policy.

The corporate device policies that most commonly led to failed logins were location-restricted (29.7%), invalid device (22.6%), out-of-date device (14.8%), and no screen lock (9.6%). Most often, restricted countries were Russia (70%), China (68%), North Korea (42%), and Iran (37%).

A closer look at the types of devices people used this year revealed interesting trends. At the top was Windows (59%), followed by OS X (23.5%), iOS (11.4%), Android (3.7%), and Linux (1.2%). iOS was the most popular on mobile (69.9%), followed by Android (30%). Researchers note 10% of Windows businesses still use Windows 7, despite its end of life in January 2020.

Windows 7 usage varies by industry. Healthcare has more than 30% of Windows devices using the outdated OS; the transportation sector has 37%. Industries such as telecom, business, technology, and computers and electronics report more than 90% of devices run Windows 10.

The differences are visible on a broader level as well: Industries with the most up-to-date devices include computers and electronics (72.1% updated), technology (67.1%), business services (65.5%), IT services (65.4%), and agriculture and mining (64.1%). Those with the most out-of-date devices include transportation and storage (49.3%), K-12 education (47%), legal services (46.2%), healthcare (45.6%), and higher education (44.5%).

Overall, Lewis points to a "great deal more control" being used across employee devices. CISOs are focused on ensuring device inventory is current, or as close to current as possible, as well as monitoring systems for anomalous behavior. It's not only essential for them to conduct device posture assessments, but to do them with more urgency than they did in the past. Home office security varies from house to house, and most people don't secure home networks, he adds.

"Your perimeter used to be the firewall and the moat and the castle walls. It's really now about anywhere an access decision can be made," Lewis explains. Now, those decisions are being made on networks that aren't as secure as their previous corporate environment, and IT security pros are responding by taking a closer look at device activity, policies, and restrictions.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.