Enterprises vulnerable to identity-related incidents due to lack of mature strategies
Only 16 percent of respondents to a new survey have a fully mature identity and access management (IAM) strategy in place, yet 56 percent have experienced identity-related incidents in the last three years.
The study carried out by the Ponemon Institute for enterprise identity specialist Saviynt shows that the 84 percent without a mature strategy are currently dealing with inadequate budgets, programs stuck in a planning phase, and a lack of senior-level awareness.
"We've found that most enterprise IAM programs have not achieved maturity, leaving companies struggling to reduce identity and access related risks," says Jeff Margolies, chief strategy officer at Saviynt. "Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks, and their financial consequences."
Only a little over a third of respondents (35 percent) are confident that they can determine privileged users are compliant with policies. That same percentage (35 percent) have high confidence in the effectiveness of current security controls preventing internal threats involving the use of privileged credentials. The number one reason for lack of confidence in achieving visibility of privileged user access, cited by 61 percent of respondents, is that they can’t keep up with the changes occurring to their IT resources.
Compliance issues are a factor too, 46 percent say their business has failed to comply with regulations because of access-related issues. Beyond lawsuits and fines, many victims have suffered from loss of revenue, customers, and reputation, but almost two-thirds of respondents (64 percent) say downtime was the biggest consequence of compliance failures.
There is some positive news, 52 percent say their organizations' cloud transformation program is already integrated with their IAM strategy and 51 percent have seen an improvement in their IAM effectiveness.
The full report is available from the Saviynt site.
Image credit: Elnur_/depositphotos.com