Cloud, Mobile Technologies Expose Security Cracks

by Nathan Eddy

An inability to get the whole picture across all systems (45 percent), over-reliance on IT support (43 percent) and an inability to manage new technologies (40 percent) were all significant challenges experienced with IAM strategies over the last 12 months. Nearly half (46 percent) of survey respondents said they are not confident they can prove the effectiveness of internal controls over user access privileges in an IT audit.

Cloud-based applications are now viewed as the preferred technology in today’s enterprise companies. Nearly two-thirds (63 percent) of companies have a policy in place stating that they must evaluate cloud-based applications when looking to procure new software. The survey indicated that by 2016, more than half (59 percent) of mission-critical applications will be in the cloud.

While 82 percent of organizations allow employees to use their own personal devices, only 41 percent automatically remove mission-critical data from a device once an employee leaves, with 35 percent removing data manually and 6 percent admitting data is left on personal devices.

Nearly half (49 percent) of businesses surveyed see the primary focus of their IAM strategy as preventing further breaches and protecting their data. Just over one in four (27 percent) consider the focus is to demonstrate compliance, with 17 percent claiming it reduces their operation and administration costs. Companies also think IAM is critical to reducing their operational risk (53 percent) and enabling new business initiatives (40 percent) across the company.

Nearly half of businesses with an IAM strategy (45 percent) believe an inability to get the “big picture” across all systems and applications has been the most significant challenge experienced with their IAM strategy in the last 12 months. User reliance on IT support (43 percent) and an inability to manage new technologies (40 percent) also cause concern, the survey revealed.

More than half (54 percent) of companies have had terminated users try to access company data after leaving. When left unchecked, this can have serious ramifications—nearly half (45 percent) of businesses surveyed said they believe employees within their organization would sell company data if offered the right price.

Whether it is because of employees inadvertently losing or opening company data, or maliciously accessing it, businesses need effective access control. Indeed, improving or maintaining information security (75 percent) is believed to be the top IT priority for businesses in the coming 12 months, followed by improving or maintaining IT infrastructure (61 percent) and improving IT-business alignment (61 percent).

If asked by the chief information officer (CIO) to present a record of user access privileges for each employee that same day, about one in four of the IT decision-makers surveyed (23 percent) would be unable to do so. Just as worrying, only 38 percent of respondents said they regulate the use of personal applications from the workplace.

In essence, IAM plays a fundamental role to the overall business strategy. Indeed, 88 percent of survey respondents said they believe IAM is important to their organization overall, with nearly half (47 percent) claiming its role is “very important.” Survey results indicated the challenge for many IAM strategies is ensuring that employees have the power and flexibility to do their job while ensuring data protection is being upheld.

The survey indicated businesses need to go further if they are to 1) regain control over user access and 2) meet their tightening compliance requirements. The report concluded that the key to success is flexibility, where IAM controls are able to respond quickly and effectively to the changing environment. Yet, with the potential wide-ranging repercussions of a failed IT audit, businesses are putting their reputation on the line with the use of overly rigid IAM strategies, the study warned.