Identity & Access Management Practices Seen as Difficult and Low Priority by Many Businesses, Potentially Exposing them to Security Risks, One Identity Study Reveals


  • Survey conducted on site at the 2019 RSA Conference indicates widespread challenges and negligence when it comes to identity and access management and privileged access management practices and processes
  • One in three respondents say that privileged access management is the most difficult operational task
  • Implementing adequate IAM practices is the least concerning task when it comes to securing the cloud, with only 16 percent citing it as a top three concern
  • Nearly seven in 10 would look at a confidential file if given unlimited access to their business’s network; more than six in 10 would steal sensitive or important information if they were leaving the company

ALISO VIEJO, Calif., May 29, 2019 (GLOBE NEWSWIRE) -- One Identity, a proven leader in helping organizations get identity and access management (IAM) right, today released new research that indicates businesses find identity and access management (IAM) and privileged access management (PAM) security disciplines difficult yet un-concerning. The results infer that IAM- and PAM-related security tasks may be deprioritized or neglected, potentially exposing organizations to data breaches and other cyber risks. Conducted at the RSA Conference in early March 2019, One Identity’s study polled 200 conference attendees on their biggest security challenges and concerns, as well as their workplace behaviors related to network and system access.

Among the survey’s most significant findings are that one-third of respondents say PAM is the most difficult operational task, and only 16-percent of respondents cite implementing adequate IAM practices as a top-three concern when it comes to securing the cloud. Meanwhile, only 14-percent of survey respondents say better employee access control would have a significant impact on their business’s cybersecurity.

These and other findings from the study indicate that businesses are struggling to implement adequate IAM and PAM processes, practices and technologies, and may be overlooking the disciplines’ impact on their security postures altogether. Additional top findings from the report include:

  • A significant “identity” crisis: More than one in four respondents cite user password management and more than one in five cite user life cycle management (i.e., user provisioning and deprovisioning) as the most difficult operational task -- both well-recognized as basic identity management requirements. Additionally, nearly one in four say Active Directory (AD) is the most difficult system for their business to secure. This is particularly concerning given how prevalent AD is among most organizations.

  • IAM carelessness in the cloud: When asked to share their top three concerns when it comes to securing the cloud, nearly three in four respondents cited data loss. While 44 percent of respondents selected malicious outsiders and the same percentage selected careless insiders, only 16-percent said implementing adequate IAM practices was a top concern. These results are paradoxical given IAM practices – such as policy-based user access control and multi-factor authentication -- can help mitigate both insider and outsider cyber risks.

  • Have access, will snoop; won’t get caught, will steal: The study also uncovered interesting workplace confessions related to user access and security behaviors. Nearly seven in 10 respondents admit they would look at sensitive files if they had unlimited access to data and systems. More than six in 10 say they would take company data or information if they were leaving and no one would find out. Additionally, more than six in 10 admit to some wrongdoing in their workplace. For example, nearly two in five have shared a password and nearly one in five have sacrificed security guidance in order to get something done quickly.

“Our study results paint a bleak picture of how IAM and PAM are being prioritized and managed within organizations today,” said David Earhart, president and general manager of One Identity. “Looking at the bigger picture, businesses are unnecessarily facing major challenges with IAM- and PAM-related tasks given the technology and tools available today. Our hope is that this study lights a spark for organizations to make a concerted effort to address these challenges and improve their IAM and PAM strategies and practices to avoid cyber pitfalls.”

A Way Forward for IAM and PAM
Effective IAM and PAM are instrumental for effective security within any organization. The One Identity 2019 RSA Conference study indicates that businesses are facing difficulty in implementing basic IAM and PAM best practices and may not understand the significant impact this inattention can have on a business’s security posture.

One Identity offers an end-to-end suite of IAM, identity governance, PAM and identity-as-a-service solutions meticulously designed to simplify the often time-consuming processes required to govern and manage both privileged and non-privileged user accounts and access, without compromising security and risk mitigation. To learn more, visit: https://bit.ly/2Idga7B.

About the One Identity 2019 RSA Conference Study
The One Identity 2019 RSA Conference study consisted of an online survey conducted by One Identity representatives with conference attendees at the exhibit hall at the Moscone Center in San Francisco from March 4-7, 2019. Two hundred individuals participated in the study. One Identity offers a free online data report on its website, here.

About One Identity
One Identity, a Quest Software business, helps organizations get identity and access management (IAM) right. With a unique portfolio of offerings including identity governance, access management, privileged management, and identity as a service, One Identity helps organizations reach their full potential, unimpeded by security, yet safeguarded against threats. One Identity has proven unequalled in its commitment to its customers’ long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data -- wherever it might reside. For more information, visit http://www.oneidentity.com.

Media Contacts
Andrea Ipolyi
One Identity Global PR
+36 1 398 6700
andrea.ipolyi@oneidentity.com

Ali Mapplethorpe
Highwire PR
415-675-1457
oneidentity@highwirepr.com