IT Security Is Only as Strong as Its Weakest LinkBy Samuel Greengard | Posted 07-17-2015
As the digital age takes hold, it's clear that a key aspect of security is managing identities. If the breaches at Sony and the U.S. Office of Personnel Management demonstrate anything, it's that an organization is only as strong as its weakest link.
A new study conducted by Centrify Corporation offers some perspective on where security concerns things are now and where they are headed. The State of the Corporate Perimeter survey, which included input from more than 400 IT decision-makers in the U.S. and UK, found that, despite press headlines and horror stories, vulnerabilities remain high. A brief video summary highlights the issues.
Among the key findings: 55 percent of U.S. respondents and 45 percent of their UK counterparts said their organizations have suffered a security breach in the past. Three-quarters of U.S. ITDMs and more than half of UK respondents agreed that their organizations need to do a better job of monitoring who has access to their data.
However, the challenges–and potential problems–don't stop there. The question of who has access to data, including when and for how long, is also cause for considerable alarm. Nearly six out of 10 (59 percent) of U.S. ITDMs and 34 percent of UK ITDMs reported sharing access credentials with other employees at least somewhat often. Another 52 percent of U.S. ITDMs and 32 percent of UK ITDMs share access at least somewhat often with contractors.
The report notes that sharing credentials for privileged accounts is essentially handing over the keys to the kingdom and ratcheting up risks exponentially. It provides "elevated access to an organization's most critical data, applications, systems and network devices."
Among ITDMs who grant access to contractors, 82 percent in the U.S. and 68 percent in the UK said it would be at least "somewhat easy" for those contractors to gain access to their company's digital assets. In addition, 53 percent of U.S. respondents and 32 percent of UK respondents say it would be at least "somewhat easy" for a former employee to continue to log in and access data. Finally, half of all ITDMs indicated that it can take up to a week or more to remove access to sensitive systems.
The fact that today's business offices extend beyond a physical space further complicates matters. In the end, CIOs and other leaders must do a much better job of focusing on identity management and understanding its critical role in security.