Vulnerabilities / Threats
04:31 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

45% Of Enterprises Believe Employees Are Prepared To Sell Company Data

SailPoint's "2013 Market Pulse Survey" also showed 57% had experienced the loss of company-owned devices containing sensitive information

AUSTIN, December 11, 2013 – According to SailPoint's annual Market Pulse Survey, cloud applications and mobile devices are increasing security and compliance risk at many US and UK enterprises. Alarmingly, the survey reveals that while global enterprises are embracing – and in some instances mandating – these new technologies, they do not have IT controls in place to properly manage them, putting themselves at an increased risk of fraud, theft, and privacy breaches. For example, in the last year, more than 50% of the respondents have experienced situations where terminated workers tried to access company data or applications after they left the organization. The 2013 Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at large companies in the US and UK.

According to the 2013 Market Pulse Survey, enterprise adoption of cloud and "bring your own device" (BYOD) is pervasive: 84% of enterprises use cloud-based applications to support major business processes, and 82% of respondents allow employees to use their personal devices to access company data or applications at work. Cloud technologies are considered so advantageous that 63% of enterprises now require IT decision makers to evaluate cloud applications as part of every software procurement process. However, these new technologies are glaringly absent from most companies' security programs, with as many as 41% of respondents admitted to an inability to manage them as part of their identity and access management (IAM) strategy. And, exacerbating the problem, only 41% have a process in place to automatically remove mission-critical data from mobile devices.

"There's no denying it, cloud and mobile technologies are becoming mainstream. But, as our survey indicates, enterprises are still 'catching up' to the required levels of oversight and control they need. With our survey finding that as many as 59% of mission-critical applications will be stored in the cloud by 2016, the need for better management of cloud and mobile access is only going to rise," said Jackie Gilbert, CMO and founder of SailPoint. "Organizations need to have automated policy and controls in place to monitor and manage user access across the entire enterprise – including mobile and cloud applications - in order to minimize security and compliance risk."

The 2013 Market Pulse Survey shows the stress IT organizations face as global enterprises attempt the difficult task of proactively managing and monitoring user access across the incredibly dynamic IT environments of today's business world. While more than half of businesses say they are 'very successful' in meeting their initial IAM objectives, the widespread adoption of cloud and BYOD are creating cracks in that foundation. In this year's survey, respondents revealed that:

57% had experienced the loss of company-owned devices containing sensitive information;

81% are concerned about business users sharing passwords across personal cloud and corporate apps to sensitive data;

46% are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure;

51% believe that its 'just a matter of time' before another security breach occurs;

52% admit that employees have read or seen company documents that they should not have had access to; and

45% believe that employees within their organization would be prepared to sell company data if offered the right price.

"Many organizations are struggling to manage 'who has access to what?' across the enterprise. And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It's pretty clear that if you're not proactively managing cloud and mobile access today, you're at increased risk of fraud, data theft, and security breaches," continued Gilbert.

The 2013 SailPoint Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at companies with at least 5,000 employees. Respondents were spread evenly across the US and UK, and owned budgets of $606 million and £665 million respectively. To download the 2013 SailPoint Market Pulse Survey results, please visit:

About SailPoint

As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of the world's largest organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud. The company's innovative product portfolio offers customers an integrated set of core services including identity governance, provisioning, and access management delivered on-premises or from the cloud (IAM-as-a-service). For more information about SailPoint, please visit

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web