Consumer-grade authentication technology is overtaking that of the enterprise, suggest the results of a new study from Gemalto.

The company says it surveyed over a thousand IT decision makers around the world for its 2018 Identity and Access Management Index, and found that 64 percent of respondents said their IT security teams were thinking of using consumer-grade authentication for access control for cloud services. Seventy percent said they believe authentication methods from the consumer tech sector are good enough for enterprise security, and 54 percent, remarkably, went so far as to say that the authentication methods their businesses currently use are not as good as those found on Amazon and Facebook.

For many, such findings will come as little surprise given the rapid advances made in recent years in authentication with consumer electronics, particularly in the mobile sector. Touch ID and other fingerprint scanning systems have been widely embraced as a more secure means of authentication than PINs and passwords, and Apple’s introduction of its Face ID infrared facial recognition system with the iPhone X last autumn set a new standard in mobile authentication. Now, Samsung is trying to go a step further by combining facial and iris recognition in its new Galaxy S9’s Intelligent Scan feature, pointing to a kind of arms race in the realm of mobile biometrics.

It’s no wonder that many IT leaders in the enterprise look at such authentication systems with envy, or at least longing. And with the appetite for cloud-based services on the rise among both businesses and government agencies, the matter of securing cloud access is taking on greater importance than ever.

Of course, IT managers can’t just tell employees they need to buy an iPhone X and do all their work from their phone. But they can begin working their way toward more advanced security solutions. Sixty-one percent of Gemalto’s respondents said they aren’t even using two-factor authentication for network access; that would be a good place to start.