More Related Content Similar to New Research on Security Risks and Blind Spots in Current Identity Management Strategies (20) New Research on Security Risks and Blind Spots in Current Identity Management Strategies1. New Research: Two-Thirds of
Companies Don’t Know What
Users Are Doing After Log-in
Study of IT Decision-Makers Reveals Security Risks and
Operational Flaws with Identity & Access Management
Strategies
2. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 2
Symplified IAM Research: Key Findings
Businesses today use up to 50 on-premises apps and 25 cloud
apps, so identity and access management (IAM) technologies
to secure data and deliver user convenience can be critical.
But new research from shows many
organizations using IAM solutions still don’t know what people
are doing while logged into those applications.
3. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 3
Symplified IAM Research: Key Findings
64% of businesses
don’t know what
users are doing
beyond login,
whether access is via
a computer, mobile
device, or both.
4. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 4
Symplified IAM Research: Key Findings
38% experienced
unauthorized access
24% experienced a hack
exposing user
credentials.
5. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 5
Symplified IAM Research: Key Findings
“Hacks and accidental data exposure are always a concern, but
lack of visibility and control are also a red flag. 86% of the IT
pros we surveyed maintain two or more repositories for user
identities — a practice that can lead to access and policy
violations. BYOD and SaaS used together also present a unique
challenge; as employees and partners use more of their own
devices, organizations lose visibility into what they’re doing.
Know your security, compliance and other specific needs as
you build out your identity management strategy.”
--Shayne Higdon, CEO and President, Symplified
6. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 6
Who Is Using Corporate Applications
Who businesses are connecting to their applications:
» 50% authorize at least 250 partners
» 54% authorize at least 250 contractors and consultants
» 55% authorize 1,500 or more employees
» 45% authorize 4,000 or more customers
76% allow employees to access corporate applications via
mobile devices; 68% allow partners to do so
8. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 8
Trends By Industry
Can’t see what users are doing after log-in:
Inability to audit user activity
can compromise intellectual
property and lead to compliance
issues
10. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 10
Trends By Industry
Maintain 2 or more repositories for user identities:
This practice can lead to access
and policy violations
12. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 12
Best Practices: Building An IAM Strategy
A proxy-based solution can provide a detailed audit log of what
people do while logged into an application, not just when they
logged in.
13. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 13
Best Practices: Building An IAM Strategy
Explore whether the solution can provide IT with centralized
management and control to automatically enforce policies at a
granular level.
14. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 14
Best Practices: Building An IAM Strategy
Know whether the solution replicates user data in the cloud,
which violates some end user agreements and increases the
attack surface on sensitive data.
15. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 15
About The Research
Symplified commissioned a survey that was conducted
between April 25 and May 2, 2013 among 225 IT professionals
at US-based companies ranging in size who completed a web-
based survey from Qualtrics, Inc. At the 95% confidence level
the margin of error is +/6.53 percentage points.
16. CONFIDENTIAL »©2013 SYMPLIFIED » symplified.com » @symplified » 16
About Symplified
Symplified enables IT organizations to simplify user access to
applications, regain visibility and control over usage and meet
security and compliance requirements. Symplified provides
single sign-on, identity and access management, directory
integration, centralized provisioning, strong authentication,
mobile device support and flexible deployment options.
Symplified is headquartered in Boulder, Colorado, and can be
found online at www.symplified.com.
Editor's Notes over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.