What do you trust more and are implementing today - Multi-factor authentication or single-sign on ?

Identity & Access Management (IAM)

Multi-factor authentication65%

Single-sign on20%

Both13%

716 PARTICIPANTS

4.1k views3 Upvotes5 Comments

VP of Cyber & IT Infrastructures in Finance (non-banking), 201 - 500 employees

I do both not only from security perspective, but also for the ease of access for users (SSO).

Chief Techical Officer in Software, 11 - 50 employees

SSO as long as there are multiple options.
MFA as long as it is real MFA, SMS is not MFA,

Chief Technology Officer in Finance (non-banking), 1,001 - 5,000 employees

I trust MFA

1

VP of IT in Software, 1,001 - 5,000 employees

SSO is a security concern if it is used in third party websites. There has been a recent spate of breached including Flipboard where social media SSO application tokens eg Google, used for authentication were leaked.

4 1 Reply

Assistant Director IT Auditor in Education, 10,001+ employees

I agree, it is a big concern.

1

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

Read More Comments

41.6k views131 Upvotes319 Comments

What is the most difficult stage of IoT security?

Device Management Risk Management Threat & Vulnerability Management +10 more

Hardware-based security (TPM)19%

Public key infrastructure (PKI) for cert-based identity56%

Identity onboarding at manufacturer16%

Integration with the cloud7%

612 PARTICIPANTS

2.6k views1 Upvote

What are some common mistakes orgs make when implementing AAA frameworks? What can you do to avoid them?

Security & GRC Identity & Access Management (IAM)Security Strategy & Roadmap +1 more

President in Software, 51 - 200 employees

Multiple disconnected AAA systems, some systems with local auth only, hardcoded local auth backdoors, not having a way to centrally revoke access on zero notice, poor or nonexistent syslog event collection and processing, ...read more

186 views1 Comment

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Security & GRC Threat & Vulnerability Management Identity & Access Management (IAM)+8 more

Patch management: to reduce attack surface and avoid system misconfigurations40%

Malware and ransomware prevention: to protect endpoints from social engineering attacks59%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%

186 PARTICIPANTS

431 views

How do you foresee the data security and privacy landscape changing over the course of 2023?

Data Privacy Data Protection & Encryption Governance, Risk & Compliance +9 more

Director, Security Operations in Telecommunication, 501 - 1,000 employees

IMO, there will be continued focus and expansion. We'll see more/broader laws and regulations being enacted both at a state level (US) and country level (international). Some analyst believe that exiting 2023, 75% of ...read more

Read More Comments

2.3k views5 Comments