Organizations sacrificing security for the speed of business
Organizations know how to improve security. However, due to pressures caused by the rate of business change, including the adoption of new technologies and applications, organizations are sacrificing security for the speed of business, according to the Ponemon Institute.
Why organizations are at risk
“All enterprise organizations are under pressure to drive business innovation in order to respond to changes in the competitive landscape, and to meet changing customer expectations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “This is fueling a trend toward digitalization as more resources and interaction move online, requiring greater and freer access to online information sources. Yet the survey shows that the security, access management, and governance processes to support this digitalization are not yet in place.”
Survey respondents recognize the need to provide access in a timely manner for business users, unfortunately the processes are difficult to manage, and the resources to support this effort are scarce. Responding to the need to grant access to information more quickly, organizations are prematurely empowering business users to manage access themselves. This leads to increased risk to sensitive information such as customer data and employee information, and further widens existing gaps in controls, such as for mainframe systems.
Key survey findings revealed that:
- 62 percent said they cannot keep up with the rate of change or apply controls that are sufficiently broad to keep information secure.
- 44 percent believe that the process of granting access is burdensome.
- 64 percent say that customer information is at risk because of poor access controls.
- 47 percent say that there is a risk to employee information as a result of poor access controls.
- 49 percent believe IoT is a significant trend affecting identity and access management (IAM).
Room for improvement
To reduce risk, yet still empower the business to make information access decisions, organizations must re-evaluate current security strategies and processes. Survey findings revealed these top trends for reducing risk:
- 48 percent believe that good identity and access management (IAS) technology can be successful in achieving business process goals.
- 69 percent see multifactor authentication as an important technology for enforcing access management.
“Some organizations may be confident they have the right controls in place but they should prepare for significant changes brought about by trends such as continued adoption of cloud services, the accelerating move to mobile, and of course, the Internet of Things,” commented Geoff Webb, VP, Strategy at Micro Focus. “Organizations will continue to adopt more automated, integrated, and secure commercial solutions for managing and governing access to facilitate the rapid and seamless information exchanges that provide the fuel for business innovation on a global scale.”
Perceptions about the current authentication process
Recommendations for the enterprise
To enable the shift towards more automated, integrated, and secure solutions for managing and governing access businesses must:
- Create a more collaborative relationship between the security and IT teams. Companies are looking to move to mobile platforms and the cloud, and will therefore need to bridge the gap between the need of organizational security and the need of the business. Security cannot be an afterthought in this process; both teams need to continually collaborate for secure, best business processes.
- Create a process to verify user identity. Granting access based on privileged identities is a must for the integrated and always-on businesses of today. Businesses will need guidance and guardrails from IT in order to create and maintain best practices for granting access. It’s important that the security and IT team work together to create these processes to ensure risk does not build over time.
- Move away from homegrown systems. These internally built systems will not scale and are not flexible enough to include the use of mobile platforms and the eventual shift to the cloud. Although homegrown solutions may have worked in the past, they are not sustainable as the rate of change within the business will continue to accelerate and process changes, and systems need to be in place to keep up with this change.