A survey from the Ponemon Institute shows access control management is suffering as organizations deal with smaller budgets.
A new report from the Ponemon Institute shows many organizations are
struggling to manage access control as they cope with leaner budgets.
The report, sponsored by Aveksa, drew on a survey of 728 IT pros at
multinational corporations and government organizations. Among its key findings
was that 87 percent of respondents believe individuals have too much access to
information resources they don't need for their jobs. That is up from 9 percent
in the 2008 survey.
Failure to enforce access control policies is one of the problems facing
organizations concerned with the prospect of rogue
employees stealing data.
In addition, 59 percent said they either do not
have or don't strictly enforce
access governance policies,
and 61 percent do not immediately check user
access requests against security policies before the access is approved and
"Access policies are fluid and dependent on internal organizational
demands as well as access-related regulations and industry mandates," said
Aimee Rhodes, vice president of marketing at Xceedium, which plays in the
entitlement management space. "It is critical to provide continuous audit
quality logging and reporting to ensure compliance with standards and
regulations as well as the ability for post-mortem analysis should something
Part of the problem is lack of IT staff. Almost two-thirds (65 percent) of
respondents cited not having enough IT staff as a key problem in enforcing
access compliance policies, with 55 percent adding they don't have the technology
and govern end-user access
to information resources.
"Our study confirms that IT staffs are not only unable to keep up with
a rising flood of constantly changing user
access requirements and regulations,
they are falling behind," Larry
Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
"With so few people tasked with governing access across so many
information resources, requests and control requirements, these companies are
at risk of inappropriate access and misuse. The vast majority of these
organization report that they are subject to access-related regulations or
industry mandates, so this lack of access governance could significantly
jeopardize their ability to maintain compliance and mitigate key risks."
About 72 percent of respondents said they can't quickly respond to changes
in employee access requirements, and more than half (52 percent) said they are
unable keep pace with the access change requests that come in on a regular
"The current global economic climate has increased the pace of access
change at many organizations, while also forcing IT staffs to try to do more
with less," Deepak Taneja, president and CTO
of Aveksa, said in a statement. "Businesses are no longer able to throw
bodies at the problem with the hopes of addressing their access governance
issues. Sustainable compliance can only be achieved by deploying automated
access management processes with embedded governance."