The survey of IT executives and administrators shows 64% of respondents cannot audit user activity beyond login, whether access is via a computer, mobile device, or both; over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.
Click to tweet: New research: 2/3 of companies don't know what users are doing after log-in http://bit.ly/13gfAJ8
Symplified also gauged who organizations are authorizing to use corporate applications, as well as their mobile access policies, and found:
· Half (50 percent) of respondents authorize access for 250 or more partners
· More than half (54 percent) authorize access for 250 or more contractors/consultants
· More than half (55 percent) authorize access for 1,500 or more employees
· 45% authorize access for 4,000 or more customers
· Three-quarters (76 percent) have a policy allowing employees to access corporate applications via mobile devices; 68% have a mobile access policy for partners
"Incidents of hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag in today's environment," said Shayne Higdon, Symplified CEO and president. "Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities -- a practice that can lead to access and policy violations. BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they're doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy."
Symplified Identity-as-a-Service experts advise organizations to consider the following when evaluating IAM solutions:
· Auditing capabilities: A proxy-based solution can provide a detailed audit log of what people do while logged into an application, not just when they logged in.
· Policy controls: Explore whether the solution can provide IT with centralized management and control to automatically enforce policies at a granular level.
· Data replication: Know whether the solution replicates user data in the cloud, which violates some end user agreements and increases the attack surface on sensitive data.
Methodology: The survey was conducted between April 25 and May 2, 2013 among 225 IT professionals at US-based companies ranging in size who completed a web-based survey commissioned by Symplified from Qualtrics, Inc. At the 95% confidence level the margin of error is +/6.53 percentage points.
Symplified enables IT organizations to simplify user access to applications, regain visibility and control over usage and meet security and compliance requirements. Symplified provides single-sign-on, identity and access management, directory integration, centralized provisioning, strong authentication, mobile device support and flexible deployment options. Symplified is headquartered in Boulder, Colorado, and can be found online at www.symplified.com.