New research from Symplified shows many organizations with IAM solutions in place still don’t know what people are doing while logged into those applications, among other security and operational concerns.
The survey of IT executives and administrators shows 64 percent of respondents cannot audit user activity beyond login, whether access is via a computer, mobile device, or both; over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.
Symplified also gauged who organizations are authorizing to use corporate applications, as well as their mobile access policies, and found:
- Half (50 percent) of respondents authorize access for 250 or more partners
- More than half (54 percent) authorize access for 250 or more contractors/consultants
- More than half (55 percent) authorize access for 1,500 or more employees
- 45 percent authorize access for 4,000 or more customers
- Three-quarters (76 percent) have a policy allowing employees to access corporate applications via mobile devices; 68 percent have a mobile access policy for partners.
“Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities -- a practice that can lead to access and policy violations. BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.