Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

03:10 PM
Connect Directly

Cloud Usage, Biometrics Surge As Remote Work Grows Permanent

A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

The rapid, and in some cases permanent, shift to remote work forced organizations to swiftly adopt cloud services and rethink how they protect corporate data. Researchers report spikes in cloud application authentication, devices with biometrics enabled, and device-based policies.

Related Content:

Digital Transformation Means Security Must Also Transform

The Changing Face of Threat Intelligence

New on The Edge: The Double-Edged Sword of Cybersecurity Insurance

Dave Lewis, global advisory CISO for Cisco's Duo Security, elaborates on shifts in organizations' authentication choices. More than 80% of active customer devices have biometrics enabled, and total devices with biometrics rose 64%. At the same time, the number of companies with policies to disallow SMS-based authentication increased by 7.4%, marking an 85% increase in the number of businesses banning SMS as an authentication method between 2019 and 2020.

"It's definitely been a push this year, and I think a lot of that is driven out of the fact that we have so many organizations being remote now and for the foreseeable future – for the next year or so at least – and they're taking time to reassess where they are," Lewis explains. CISOs have shifted away from static passwords, towards multifactor authentication and biometrics.

Some security leaders face groups of employees who push back, he notes, but often these challenges fade once people start using new forms of authentication.

"A lot of the CISOs are saying the big problems are not deploying MFA, but deploying it across the enterprise," Lewis says. "There are multiple aspects to every enterprise that we have to take into consideration, different business units, and navigating that internally and trying to win over allies within the business is where they have to spend more time to win support."

The pandemic also drove a surge in cloud adoption, an initiative most businesses had begun but were forced to accelerate. Researchers found the average number of daily authentications to cloud apps jumped 40%, an increase at least partly driven by the pandemic. Organizations had little time to reach that level of maturity and consolidate and streamline their operations.

Part of this consolidation involves bringing together services across geographies, Lewis says. Many businesses have a global footprint and a support structure broken down by location, so, for example, each country has its own email support system. Now they want to implement a single approach across the board so they don't have "a disparate hodgepodge of systems" cobbled together under one banner, he adds.

Buckling Down on Updating Remote Devices
During the first three weeks of March, authentication failures due to outdated devices grew 90.5%, according to the annual Duo Trusted Access Report. Many users accessed corporate data and applications from their own unmanaged devices during the initial shift to remote work; if their devices hadn't been updated recently, they were more likely to fall outside corporate policy.

The corporate device policies that most commonly led to failed logins were location-restricted (29.7%), invalid device (22.6%), out-of-date device (14.8%), and no screen lock (9.6%). Most often, restricted countries were Russia (70%), China (68%), North Korea (42%), and Iran (37%).

A closer look at the types of devices people used this year revealed interesting trends. At the top was Windows (59%), followed by OS X (23.5%), iOS (11.4%), Android (3.7%), and Linux (1.2%). iOS was the most popular on mobile (69.9%), followed by Android (30%). Researchers note 10% of Windows businesses still use Windows 7, despite its end of life in January 2020.

Windows 7 usage varies by industry. Healthcare has more than 30% of Windows devices using the outdated OS; the transportation sector has 37%. Industries such as telecom, business, technology, and computers and electronics report more than 90% of devices run Windows 10.

The differences are visible on a broader level as well: Industries with the most up-to-date devices include computers and electronics (72.1% updated), technology (67.1%), business services (65.5%), IT services (65.4%), and agriculture and mining (64.1%). Those with the most out-of-date devices include transportation and storage (49.3%), K-12 education (47%), legal services (46.2%), healthcare (45.6%), and higher education (44.5%).

Overall, Lewis points to a "great deal more control" being used across employee devices. CISOs are focused on ensuring device inventory is current, or as close to current as possible, as well as monitoring systems for anomalous behavior. It's not only essential for them to conduct device posture assessments, but to do them with more urgency than they did in the past. Home office security varies from house to house, and most people don't secure home networks, he adds.

"Your perimeter used to be the firewall and the moat and the castle walls. It's really now about anywhere an access decision can be made," Lewis explains. Now, those decisions are being made on networks that aren't as secure as their previous corporate environment, and IT security pros are responding by taking a closer look at device activity, policies, and restrictions.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-22
This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...