Vulnerabilities / Threats
12/11/2013
04:31 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

45% Of Enterprises Believe Employees Are Prepared To Sell Company Data

SailPoint's "2013 Market Pulse Survey" also showed 57% had experienced the loss of company-owned devices containing sensitive information

AUSTIN, December 11, 2013 – According to SailPoint's annual Market Pulse Survey, cloud applications and mobile devices are increasing security and compliance risk at many US and UK enterprises. Alarmingly, the survey reveals that while global enterprises are embracing – and in some instances mandating – these new technologies, they do not have IT controls in place to properly manage them, putting themselves at an increased risk of fraud, theft, and privacy breaches. For example, in the last year, more than 50% of the respondents have experienced situations where terminated workers tried to access company data or applications after they left the organization. The 2013 Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at large companies in the US and UK.

According to the 2013 Market Pulse Survey, enterprise adoption of cloud and "bring your own device" (BYOD) is pervasive: 84% of enterprises use cloud-based applications to support major business processes, and 82% of respondents allow employees to use their personal devices to access company data or applications at work. Cloud technologies are considered so advantageous that 63% of enterprises now require IT decision makers to evaluate cloud applications as part of every software procurement process. However, these new technologies are glaringly absent from most companies' security programs, with as many as 41% of respondents admitted to an inability to manage them as part of their identity and access management (IAM) strategy. And, exacerbating the problem, only 41% have a process in place to automatically remove mission-critical data from mobile devices.

"There's no denying it, cloud and mobile technologies are becoming mainstream. But, as our survey indicates, enterprises are still 'catching up' to the required levels of oversight and control they need. With our survey finding that as many as 59% of mission-critical applications will be stored in the cloud by 2016, the need for better management of cloud and mobile access is only going to rise," said Jackie Gilbert, CMO and founder of SailPoint. "Organizations need to have automated policy and controls in place to monitor and manage user access across the entire enterprise – including mobile and cloud applications - in order to minimize security and compliance risk."

The 2013 Market Pulse Survey shows the stress IT organizations face as global enterprises attempt the difficult task of proactively managing and monitoring user access across the incredibly dynamic IT environments of today's business world. While more than half of businesses say they are 'very successful' in meeting their initial IAM objectives, the widespread adoption of cloud and BYOD are creating cracks in that foundation. In this year's survey, respondents revealed that:

57% had experienced the loss of company-owned devices containing sensitive information;

81% are concerned about business users sharing passwords across personal cloud and corporate apps to sensitive data;

46% are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure;

51% believe that its 'just a matter of time' before another security breach occurs;

52% admit that employees have read or seen company documents that they should not have had access to; and

45% believe that employees within their organization would be prepared to sell company data if offered the right price.

"Many organizations are struggling to manage 'who has access to what?' across the enterprise. And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It's pretty clear that if you're not proactively managing cloud and mobile access today, you're at increased risk of fraud, data theft, and security breaches," continued Gilbert.

The 2013 SailPoint Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at companies with at least 5,000 employees. Respondents were spread evenly across the US and UK, and owned budgets of $606 million and £665 million respectively. To download the 2013 SailPoint Market Pulse Survey results, please visit: www.sailpoint.com/2013MarketPulseSurvey.

About SailPoint

As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of the world's largest organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud. The company's innovative product portfolio offers customers an integrated set of core services including identity governance, provisioning, and access management delivered on-premises or from the cloud (IAM-as-a-service). For more information about SailPoint, please visit www.sailpoint.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web