Businesses find identity and access management (IAM) and privileged access management (PAM) security disciplines difficult yet un-concerning.
The results infer that IAM- and PAM-related security tasks may be deprioritized or neglected, potentially exposing organizations to data breaches and other cyber risks. Conducted at RSA Conference in early March 2019, One Identity’s study polled 200 conference attendees on their biggest security challenges and concerns, as well as their workplace behaviors related to network and system access.
Among the survey’s most significant findings are that one-third of respondents say PAM is the most difficult operational task, and only 16-percent of respondents cite implementing adequate IAM practices as a top-three concern when it comes to securing the cloud. Meanwhile, only 14-percent of survey respondents say better employee access control would have a significant impact on their business’s cybersecurity.
These and other findings from the study indicate that businesses are struggling to implement adequate IAM and PAM processes, practices and technologies, and may be overlooking the disciplines’ impact on their security postures altogether.
A significant “identity” crisis
More than one in four respondents cite user password management and more than one in five cite user life cycle management (i.e., user provisioning and deprovisioning) as the most difficult operational task – both well-recognized as basic identity management requirements. Additionally, nearly one in four say Active Directory (AD) is the most difficult system for their business to secure. This is particularly concerning given how prevalent AD is among most organizations.
IAM carelessness in the cloud
When asked to share their top three concerns when it comes to securing the cloud, nearly three in four respondents cited data loss. While 44 percent of respondents selected malicious outsiders and the same percentage selected careless insiders, only 16-percent said implementing adequate IAM practices was a top concern. These results are paradoxical given IAM practices – such as policy-based user access control and multi-factor authentication — can help mitigate both insider and outsider cyber risks.
Have access, will snoop; won’t get caught, will steal
The study also uncovered interesting workplace confessions related to user access and security behaviors. Nearly seven in 10 respondents admit they would look at sensitive files if they had unlimited access to data and systems. More than six in 10 say they would take company data or information if they were leaving and no one would find out. Additionally, more than six in 10 admit to some wrongdoing in their workplace. For example, nearly two in five have shared a password and nearly one in five have sacrificed security guidance in order to get something done quickly.
“Our study results paint a bleak picture of how IAM and PAM are being prioritized and managed within organizations today,” said David Earhart, president and general manager of One Identity. “Looking at the bigger picture, businesses are unnecessarily facing major challenges with IAM- and PAM-related tasks given the technology and tools available today. Our hope is that this study lights a spark for organizations to make a concerted effort to address these challenges and improve their IAM and PAM strategies and practices to avoid cyber pitfalls.”