Cyber risks are being created by departments outside IT
More risks are being created by departments outside of IT, but it's still the IT department's problem according to a new survey.
The study by identity platform SailPoint shows that 55 percent of respondents believe one of the key reasons that non-IT departments introduce the most risk is that they often lack the understanding of what actions and behaviors are potentially hazardous.
Using insecure mobile devices and adopting unmonitored SaaS applications are two examples of such risky behavior. According to the survey, seventy percent of organizations have embraced BYOD and SaaS application adoption, while less than half have formal policies in place to protect corporate data.
The study also shows a disconnect between policy and what is actually enforced. Of the companies that have policies in place, 30 percent say that their users are not following them. 72 percent of respondents are concerned about BYOD and shadow IT as exposure points within the organization.
Identity management is key too, 71 percent of respondents say their organization's data would be less exposed if they were better equipped to manage it. Most respondents whose organizations have introduced an identity governance solution (71 percent) believe it will result in a more automated and efficient organization, while 65 percent hope to improve business enablement.
"Our Market Pulse Survey uncovered an interesting 'identity trilemma' -- multiple departments within an organization are adopting their own SaaS solutions to appease business users through shadow IT, all while not properly adhering to company security policies," says Juliette Rizkallah, CMO, SailPoint. "This is a dangerous combination that creates serious exposure points for companies today. Identity governance is still the key in protecting these points of exposure and mitigating the risks inherent in today’s hybrid IT environment. For enterprises to have full visibility into who has access to what, understanding the 'who' in that equation is more important than ever. This is why putting identity at the center of security strategies is the best approach for defending and protecting today’s modern enterprise."
You can find out more about the results on the SailPoint blog.
Photo Credit: Pixelbliss/Shutterstock