Most enterprises are unnecessarily leaving their data and networks open to attack from hackers, primarily because most have failed to embrace advanced security applications and policies needed to safeguard the cloud computing and mobile networks they've invested so heavily in the past few years.

That's the overarching conclusion of a new (PDF format) study released this week by Forrester Consulting and security software vendor Symantec (NASDAQ: SYMC).

Fifty-four percent of the 306 companies with 1,000 to 20,000-plus employees surveyed reported a significant data breach last year. And as companies of all sizes increase their reliance on the cloud and a small army of smartphones and tablet PCs, that figures will almost surely rise unless IT managers start making the expensive and time-consuming commitment to advanced authentication security applications.

Despite the increased complexity of supporting multiple mobile operating systems logging into applications and databases housed either in the cloud or onsite and the growing dependency on dozens of cloud or Software-as-a-Service-based applications, most companies are still allowing these networks to be accessed with only a username and password -- the kind of data that hackers have become extremely effective at stealing from a variety of sources.

"The IT landscape is changing so dramatically and so rapidly that one in four organizations are requiring users to remember six or more passwords to access corporate networks and applications and, as this Forrester study shows, that approach to authentication is collapsing under its own weight," said Atri Chatterjee, Symantec's vice president of authentication.

Symantec and other security software vendors say the key to keeping up with both the hackers and the exponential growth in mobile- and cloud-based apps and devices starts with installing strong, two-factor authentication security apps that have become cheaper and much easier to install via the cloud.

By requiring anyone accessing enterprise data to use two-factor authentication gateways, essentially an application that asks for two simultaneous but independent forms of information to log onto an application, companies could prevent a majority of the serious data breaches that cost millions per incident to resolve and unnecessarily expose proprietary information.

These two pieces of information most often would include a password and a one-time security code generated by a strong authentication credential derived from a security vendor's identity and access management (IAM) application.

In December, a study by security software vendor AdaptiveMobile found that malware specifically targeting mobile devices rose 33 percent in 2010, primarily as a result of new sophisticated phishing campaigns that targeted specific individuals or organizations.

Despite this sobering statistic, 67 percent of the companies surveyed in the Forrester study admitted they don't require advanced authentication policies or apps from partners accessing their corporate networks, creating yet another vulnerability for hackers or disgruntled employees to wreak havoc.

"Today's strong authentication offers a way to easily manage and control access to enterprise applications and networks via both computers and mobile devices," Chatterjee added. "As enterprises continue to open up, strong authentication can help keep the bad guys out."

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.

For related articles, visit's new Cloud Computing site