The age of Multi-factor
A stronger Authentication/ Identification mechanism is among the most preferred methods of increasing the security of new technologies. When it comes to adopting data security technologies, about half of security professionals support technologies such as Encryption, Multi-factor Authentication and Hardware Security Modules.
Top adopted security controls by implementation status:
Adding a second factor to the authentication process has made it possible for companies to secure critical information and increase their chances of meeting security goals. Multi Factor Authentication is one of the data security developments that have been quietly waiting for their turn in the spotlight. But even though MFA’s time has finally come, making its way through a world filled with passwords is still a challenge.
Challenges and barriers to adoption of MFA
Generally, even though companies are aware of their flawed data security strategy and the increasing threats, there are often barriers that prevent them from adopting new security tools. Businesses are faced with strategic decisions all the time, and data security is nothing less than that.
Top barriers to adoption of data security in companies:
The most prominent barrier to adopting new data security solutions is complexity, as 40% of companies have chosen it as the top obstacle. The second runner up, with more than 35% of the answers, is the concern about impacts on performance and business process. A lack of budget to adoption of increased data security is the third impediment on businesses’ minds, with ~33% of answers.
Multi-factor authentication faces the same obstacles and reluctance as any new security development, despite its obvious superiority to classical authentication mechanisms, and inclusion in recent data Regulations, such as DFARS (Defence Acquisition Regulation Systems).
The top 5 barriers to the implementation of Multi-factor authentication are:
- Implementation Costs: Even though newer MFA solutions are less expensive than earlier generations of solutions, businesses still fear that the cost implementing new technology will exceed their budgets.
- User and customer resistance: People are generally resistant to change, so users and customers make no exception. It is important that they are educated by the company with respect to the importance of implementing MFA and the advantages it will bring for them.
- Implementation resistance: Implementing multi-factor authentication is often just another infrastructure improvement on the list, and may not be regarded as a priority. Companies don’t always realize they have a security flaw and don’t see the need for improvement as long as it’s not broken. Another situation is that they are informed about MFA, but have heard unfortunate stories in which it was evaded.
- Perceived unimportant data: Many businesses, especially SMEs, don’t think of their data as being of interest for hackers, especially if it is publicly available. Therefore, they consider passwords as being sufficient for protecting basic tools, such as employee e-mails.
- Bothersome user experience: Having a seamless user experience is a top priority for any solution, and multi-factor authentication makes no exception. The implementation of a second step in the authentication process could be perceived by users as an unnecessary burden, despite its purpose of protecting their data.
Market drivers
Multi-factor authentication’s road to widespread adoption may be a rocky one, but there definitely is hope. As reports show, the Multi-factor authentication market is increasing, and is expected to spread across all industries, due to security concerns as well as its role in legislation compliance needs.
Multi-factor Authentication Market (2013–2020):
The top 5 market drivers for implementation of Multi-factor authentication are:
- Compliance: Compliance is the primary reason why companies decide to dismiss password-based authentication systems. In order to gain compliance with cyber-security regulations, many businesses have no choice but to adopt MFA.
- Development of mobile technologies: As multi-factor authentication requires at least 2 forms of identity, the widespread use of mobile devices makes it possible for MFA to reach more users, hence improving the overall authentication experience.
- Increase in threats complexity: Even though no technology is 100% bullet-proof, the implementation of multi-factor authentication can drastically raise security ‘walls’ in the face of attackers, making the business less ‘attractive’ to hackers.
- Increase in value of data: Businesses, especially large enterprises are aware of the increase in value and sensitivity of the data they hold, which is a strong reason for implementing multi-factor authentication.
- Declining technology costs: Cloud-based authentication solutions are becoming popular among companies, and they often offer a pay-per-use subscription model which is cost efficient, scalable and requires minimal maintenance costs.
Companies come to realise that they are responsible for the data they hold and that it is vicious for them to keep using the same security strategy. Their business’ boundaries with respect to data storage has become a blurry area, so it is impossible to know for sure where all data lies, and how protected it is.
The adoption of multi-factor authentication depends greatly on companies’ attitude towards risk and security, as well as their status in gaining regulatory compliance.
Any new technology faces barriers to implementation, but also benefits from market drivers who will, in the end, decide its fate.