As the winds of the cloud scatter corporate data across the globe and beyond any IT boundaries, identity management continues to grow in importance. But a new survey out from Centrify shows that even those that should know better do not engage in secure account management practices.
In its State of the Corporate Perimeter survey out today, the firm found that nearly 60 percent of US IT decision-makers share access credentials with other employees at least somewhat often. Conducted among 200 of these decision-makers, the survey also found that 52 percent of US-based IT employees also shared credentials with contractors.
This is a scary prospect, given that many of these IT employees are entrusted with credentials for privileged accounts, with account sharing essentially spreading the proverbial "keys to the kingdom" across an organization with little accountability. According to the survey, about three-quarters of respondents estimate that more than 10 percent of employees have access to these kinds of privileged accounts, whether legitimately or through sharing. And over half of respondents in the US reported that it would be easy for a former employee to log in to access systems or data with old passwords.
Unsurprisingly, 74 percent of those surveyed in the US reported that their organization needed to do a better job monitoring who is accessing data and 62 percent believe their organization has too many privileged users. The concern grows as new models in cloud and mobile computing have obliterated the corporate perimeter.
“And there’s the rub: today’s corporate perimeter has nothing to do with physical headquarters and contains data that resides in the cloud and on the numerous devices employees and contractors use in the field," said Tom Kemp CEO and co-founder of Centrify.
As things stand, 92 percent of organizations in the US currently have some form of user monitoring in place. However, only a 56 percent have some sort of privileged identity management. Of those, nearly a third companies do not have someone formally analyzing or auditing how and when employees or contractors are performing privileged access to systems in the organization on at least a weekly basis. Even something as simple as updating passwords on a regular basis is only performed by about 58 percent of US organizations.