While global enterprises are embracing, and in some instances mandating, the use of cloud and mobile technologies, they do not have IT controls in place to properly manage them, according to SailPoint’s annual Market Pulse Survey, which measures IT leaders' attitudes toward identity and risk management.
The study, which indicates whether companies are effectively governing access to key data as new technologies take hold in the enterprise, found that without the proper preventive and detective controls, those enterprises are ultimately putting themselves at an increased risk of fraud, theft and privacy breaches.
The vast majority of respondents (82 percent) said they allow employees to use their personal devices to access company data or applications at work.
However, cloud and bring-your-own-device (BYOD) trends are glaringly absent from most companies' security programs. In fact, as many as 41 percent of respondents admitted to an inability to manage cloud and BYOD as part of their identity and access management strategy.
Exacerbating the problem is the fact that less than half the respondents have a process in place to automatically remove mission-critical data from mobile devices, while 46 percent of respondents are not even confident in their ability to grant or revoke employee access to applications across their entire IT environment.
Because of the lack of visibility, 52 percent of respondents admit that employees have read or seen company documents that they should not have had access to, and 51 percent believe that it's just a matter of time before a security breach occurs.
The report also found 63 percent of enterprises now require IT decision makers to evaluate cloud applications as part of every software procurement process. Already, 39 percent of mission-critical applications are currently stored in the cloud, which will increase to 59 percent by 2016.
An inability to get the whole picture across all systems (45 percent), over-reliance on IT support (43 percent) and an inability to manage new technologies (40 percent) are all significant challenges experienced with identity and access management (IAM) strategies over the last 12 months.
Survey results indicated IAM is critical in helping businesses meet their compliance requirements (54 percent), reducing operational risk (53 percent) and enabling new business initiatives (40 percent).
However, nearly half (46 percent) of businesses surveyed said they are not confident they can prove the effectiveness of internal controls over user access privileges in an IT audit, and a further 46 percent are not confident in their ability to grant or revoke employee access.
"As the IT landscape continues to evolve, many businesses are becoming uncertain about what the future holds for their data security," the report noted. "This year’s survey underscores that, instead of relying on reactive IAM policies, businesses need to develop a proactive strategy that is intelligent, innovative and flexible."