July 14, 2015
As the winds of the cloud scatter corporate data across the globe and beyond any IT boundaries, identity management continues to grow in importance. But a new survey out from Centrify shows that even those that should know better do not engage in secure account management practices.
In its State of the Corporate Perimeter survey out today, the firm found that nearly 60 percent of US IT decision-makers share access credentials with other employees at least somewhat often. Conducted among 200 of these decision-makers, the survey also found that 52 percent of US-based IT employees also shared credentials with contractors.
This is a scary prospect, given that many of these IT employees are entrusted with credentials for privileged accounts, with account sharing essentially spreading the proverbial "keys to the kingdom" across an organization with little accountability. According to the survey, about three-quarters of respondents estimate that more than 10 percent of employees have access to these kinds of privileged accounts, whether legitimately or through sharing. And over half of respondents in the US reported that it would be easy for a former employee to log in to access systems or data with old passwords.
Unsurprisingly, 74 percent of those surveyed in the US reported that their organization needed to do a better job monitoring who is accessing data and 62 percent believe their organization has too many privileged users. The concern grows as new models in cloud and mobile computing have obliterated the corporate perimeter.
“And there’s the rub: today’s corporate perimeter has nothing to do with physical headquarters and contains data that resides in the cloud and on the numerous devices employees and contractors use in the field," said Tom Kemp CEO and co-founder of Centrify.
As things stand, 92 percent of organizations in the US currently have some form of user monitoring in place. However, only a 56 percent have some sort of privileged identity management. Of those, nearly a third companies do not have someone formally analyzing or auditing how and when employees or contractors are performing privileged access to systems in the organization on at least a weekly basis. Even something as simple as updating passwords on a regular basis is only performed by about 58 percent of US organizations.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Get the Gartner Report: SOC Model Guide
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage