Businesses have large identity-related gaps in their security programs, according to SailPoint's 2018 Identity report released on Wednesday. More than half (54%) of organizations reported having an official identity program in place, but are not supporting the program with correct policies and procedures, the report found.
The report was conducted using hundreds of self-assessments and identity scores, generated from SailPoint's free assessment tool that helps determine areas of weakness in organizations. After studying more than 450 responses, the report identified three main problems in organizations' current identity programs: Lack of support for programs, low visibility, and unmanaged data.
SEE: Job description: Identity access management specialist (Tech Pro Research)
Adequate support for identity programs is significantly lacking in businesses, according to the report. Only a small group of organizations have fully automated identity processes that include password management (13%), re-certification (6%), access requests (7%), and provisioning (8%), the report found. Without these measures, companies are leaving themselves vulnerable to hackers looking to obtain sensitive data.
Visibility is also a huge problem for organizations, as most are "operating with blinders," according to the report. Only 20% of businesses have visibility over all users, and 7% have no visibility at all on their users. Additionally, only 8% of respondents reported having visibility over all their users' access to data, and 6% have no visibility over any data.
Finally, while most organizations have large amounts of data, 88% of them are not governing the access to data properly, the report found. Only 9% of businesses are monitoring access to all data, and 18% don't govern access at all, leaving themselves exposed to cyberthreats.
SEE: Brute force and dictionary attacks: A cheat sheet (TechRepublic)
"IT leaders are struggling to secure an increasingly complex IT environment, driven by the need to govern a diverse population of users, now including non-human users like software bots, as well as an explosion of both applications and data," said Kari Hanson, vice president of corporate marketing at SailPoint, in a press release.
Check out this TechRepublic article for top security tips recommended by industry experts.
The big takeaways for tech leaders:
- More than half (54%) of organizations have identity programs but are not properly supporting them. — SailPoint, 2018
- Even though organizations contain large amounts of data, 88% are not properly governing access to that data. — SailPoint, 2018
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.