Basic identity and access management tasks are still a struggle for many
One in three organizations rely on outdated and manual methods, like spreadsheets, to manage privileged accounts, and there's widespread lack of confidence among IT professionals in access control and privileged account management programs.
This is among the findings of a new report from One Identity which also shows one in 20 organizations have no way of knowing if users retain access even after they’ve left the organization.
In addition to 31 percent of businesses using manual administrative account management methods, a surprising one in 25 organizations don't manage administrative accounts at all. Two thirds (66 percent) grant privileged account access to third-party partners, contractors or vendors, and 75 percent admit IT security professionals share privileged passwords with their peers at least sometimes, with one in four admitting this is usually or always the case.
The research finds that 68 percent of user password resets take five minutes or longer to unlock, with nine percent admitting that the task takes more than 30 minutes, implying widespread disruption to employee productivity. When it comes to new user provisioning, 44 percent of organizations take from several days to multiple weeks to provide access across all applications and systems needed.
Also worrying is that 32 percent of IT organizations take somewhere between several days to multiple weeks to deprovision former users from all of the applications and systems they had access to, with one in 20 having no way to know if the user has been fully deprovisioned at all.
"Our research revealed a number of shocking findings including extensive sharing of privileged passwords internally and externally, failure to immediately deprovision old user accounts, and spending upwards of 30 minutes to reset a password. These poor practices are incredibly real and concerning risks to any organization, so it's no surprise that there is a general lack of confidence in the effectiveness of IAM and PAM programs," says John Milburn, president and general manager of One Identity. "The fact of the matter is that organizations that fail to address these basic IAM and PAM best practices may not only expose themselves to significant security risks, but also drive business productivity down. This research should serve as a wake-up call to organizations to seek out ways to ensure, manage, and secure appropriate access across the entire organization and user population -- end users, third parties and administrators."
You can find out more in the full report, available from the One Identity website.