Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
February 23, 2018
Security pros may be finally winning the fight to get users to value security over convenience.
Users' willingness to sacrifice security for convenience has been a long-time frustration for security professionals, but that seems to be changing. Users now rate security as more important than convenience, according to a recent IBM Corp. (NYSE: IBM) study: IBM Security: Future of Identity Study.
Security was particularly important for financial applications, while convenience was still a little bit more important for users of social media applications, according to the report.
Biometric and two-factor authentication are increasingly becoming more popular than traditional passwords, particularly among millennials. These younger ones were more likely to use those types of authentication technology, while older adults practiced better password hygiene, IBM says.
IBM surveyed nearly 4,000 adults worldwide. The study found that biometrics are becoming mainstream, with 67% of respondents comfortable using biometric authentication today. Further, 87% say they'll be comfortable with these technologies in the near future.
Figure 1: IBM Bangalore
You're invited to attend Light Reading's Big Communications Event – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!
Millennials, in particular, are comfortable with biometrics; 75% of respondents between the ages of 20 and 36 are comfortable with biometrics. And they're more likely to be careless about passwords: Fewer than half are using complex passwords, and 41% reuse passwords. Older users are more careful about passwords, but they are less likely to use biometrics and multifactor authentication, IBM says.
"Generational differences that emerged from the survey results showed that younger adults are putting less care into traditional password hygiene but are more likely to layer access with multifactor authentication, use biometrics for speed and convenience, and use password managers to secure their accounts," according to a report signed by Limor Kessem, IBM executive security advisor. "This could be an indication that younger generations have less confidence in passwords to begin with, thus looking to alternative methods to secure their accounts."
Companies that fail to secure data will pay a penalty with millennials, who are more likely to delete an account held by a breached service provider and move to a competing provider, IBM says.
Security beats convenience in all categories of apps, but particularly those where money is at stake: Banking, investing, budgeting, online marketplace and workplace, as well as email. The one exception in the IBM study was social media, where convenience still had a narrow edge over security and privacy. Users are still not awake to the vast and potentially dangerous amount of information about them held by social media platforms, IBM says.
Figure 2: How do users prioritize security, privacy and convenience for different types of applications? Source: IBM.
IBM has advice for companies looking to do business with the new generation of more security-conscious users: adopt flexible identity platforms that let users choose between multiple authentication options. And businesses should also take risk-based approaches that balance security and convenience appropriate to the critical nature of the data being accessed.
The shift to security over convenience is a big change from a 2008 Gartner study, which found just the opposite. At that time, respondents said they used the same one or two passwords across online services, and they weren't interested in changing their methods to achieve greater security, Gartner said.
Security vs. convenience is a false choice, notes Cory Doctorow, blogger, technology activist and science fiction writer. It's "extremely inconvenient" to have "your identity stolen or your email published on the web or your baby monitor turned into a spycam," Doctorow writes. It's easier in the long run to exercise good security at the outset "than remediating the damage done from a security breach down the line."
User security is particularly important for cloud applications, which are frequently connected to one another and to on-premises applications, meaning that an attacker breaking into a single account on a single application can leverage that access to attack an entire enterprise. Also, while traditional applications require access to the enterprise's physical premises or WAN, pubic cloud applications are available all over the world, vastly increasing the attack surface. (See Cisco: Attackers 'Weaponize' Cloud Services.
Companies are lagging behind users in prioritizing security; businesses still prioritize expedience over security, at least in mobile, according to a recent Verizon study. (See Verizon Mobility Security Index Shows Enterprises Not Doing Enough.)
IBM published an infographic summing up its findings: The Future of Identity.
— Mitch Wagner Editor, Enterprise Cloud News
Executive Editor, Light Reading
San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.
He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.
Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.
Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').
You May Also Like
Rethinking AIOPs — It's All About the DataMar 12, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Fiddling with Fixed WirelessMar 21, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Cable and 5G: The Odd Couple?Apr 18, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Delivering the DAA DifferenceMay 16, 2024