Businesses have large identity-related gaps in their security programs, according to SailPoint’s 2018 Identity report released on Wednesday. More than half (54%) of organizations reported having an official identity program in place, but are not supporting the program with correct policies and procedures, the report found.
The report was conducted using hundreds of self-assessments and identity scores, generated from SailPoint’s free assessment tool that helps determine areas of weakness in organizations. After studying more than 450 responses, the report identified three main problems in organizations’ current identity programs: Lack of support for programs, low visibility, and unmanaged data.
SEE: Job description: Identity access management specialist (Tech Pro Research)
Adequate support for identity programs is significantly lacking in businesses, according to the report. Only a small group of organizations have fully automated identity processes that include password management (13%), re-certification (6%), access requests (7%), and provisioning (8%), the report found. Without these measures, companies are leaving themselves vulnerable to hackers looking to obtain sensitive data.
Visibility is also a huge problem for organizations, as most are “operating with blinders,” according to the report. Only 20% of businesses have visibility over all users, and 7% have no visibility at all on their users. Additionally, only 8% of respondents reported having visibility over all their users’ access to data, and 6% have no visibility over any data.
Finally, while most organizations have large amounts of data, 88% of them are not governing the access to data properly, the report found. Only 9% of businesses are monitoring access to all data, and 18% don’t govern access at all, leaving themselves exposed to cyberthreats.
“IT leaders are struggling to secure an increasingly complex IT environment, driven by the need to govern a diverse population of users, now including non-human users like software bots, as well as an explosion of both applications and data,” said Kari Hanson, vice president of corporate marketing at SailPoint, in a press release.
Check out this TechRepublic article for top security tips recommended by industry experts.
The big takeaways for tech leaders:
- More than half (54%) of organizations have identity programs but are not properly supporting them. — SailPoint, 2018
- Even though organizations contain large amounts of data, 88% are not properly governing access to that data. — SailPoint, 2018