Cloud applications and mobile devices are increasing security and compliance risk at many US and UK enterprises.
Alarmingly, the SailPoint survey reveals that while global enterprises are embracing – and in some instances mandating – these new technologies, they do not have IT controls in place to properly manage them, putting themselves at an increased risk of fraud, theft, and privacy breaches. For example, in the last year, more than 50% of the respondents have experienced situations where terminated workers tried to access company data or applications after they left the organization.
Enterprise adoption of cloud and BYOD is pervasive: 84% of enterprises use cloud-based applications to support major business processes, and 82% of respondents allow employees to use their personal devices to access company data or applications at work.
Cloud technologies are considered so advantageous that 63% of enterprises now require IT decision makers to evaluate cloud applications as part of every software procurement process. However, these new technologies are glaringly absent from most companies’ security programs, with as many as 41% of respondents admitted to an inability to manage them as part of their identity and access management (IAM) strategy. And, exacerbating the problem, only 41% have a process in place to automatically remove mission-critical data from mobile devices.
The stress IT organizations face as global enterprises attempt the difficult task of proactively managing and monitoring user access across the incredibly dynamic IT environments of today’s business world. While more than half of businesses say they are ‘very successful’ in meeting their initial IAM objectives, the widespread adoption of cloud and BYOD are creating cracks in that foundation.
In this year’s survey, respondents revealed that:
- 57% had experienced the loss of company-owned devices containing sensitive information;
- 81% are concerned about business users sharing passwords across personal cloud and corporate apps to sensitive data;
- 46% are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure;
- 51% believe that its ‘just a matter of time’ before another security breach occurs; 52% admit that employees have read or seen company documents that they should not have had access to; and
- 45% believe that employees within their organization would be prepared to sell company data if offered the right price. “Many organizations are struggling to manage ‘who has access to what’ across the enterprise.
The 2013 SailPoint Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at companies with at least 5,000 employees. Respondents were spread evenly across the US and UK, and owned budgets of $606 million and £665 million respectively.