Enterprises reveal identity-shaped holes in security programmes
SailPoint has released the 2018 Identity Report, the industry’s first benchmark. In 2017, SailPoint launched a free assessment tool to help identify areas of exposure for companies, which automatically computed an 'Identity Score' based on its results. After analysing hundreds of completed self-assessments and the correlating Identity Scores, SailPoint found that while the majority of organisations have an identity programme in place, there is still much work to be done to address holes in their security programmes.
“IT leaders are struggling to secure an increasingly complex IT environment, driven by the need to govern a diverse population of users, now including non-human users like software bots, as well as an explosion of both applications and data,” said Kari Hanson, Vice President of Corporate Marketing, SailPoint.
“Our goal with the Identity Report, coupled with individual Identity Scores, is to provide IT leaders with a roadmap to systematically improve their security and compliance programmes.”
In order to adapt to their own digital transformation, organisations are now starting to put access control front and centre in their security strategy to properly monitor who has access to what applications and data. In fact, SailPoint’s Identity Report showed that 54% of organisations have an identity programme in place.
However, SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities. Just 20% of organisations have visibility over all of their users, and seven percent have no visibility over their users at all. Not only is this a compliance requirement for organisations today, but this puts IT teams in the impossible position of trying to secure what they cannot see.
Further, an overwhelming 88% of organisations are not properly governing access to data stored in files, including such common formats as Excel and PowerPoint. In fact, only 1 in 10 organisations are monitoring and governing their users’ access to data in files. By leaving the slew of corporate data stored in files and folders unmonitored and ungoverned, organisations are leaving a gaping hole in their security programmes.
While the Identity Report exposes areas of risk, it also highlights an opportunity for most organisations. Today, only 10% of organisations have fully automated identity processes in place, although many companies are working toward increased efficiencies. For already-lean IT teams, an identity governance platform provides the visibility and control required to automate employee-driven processes like password management and access request. This frees IT staff to focus on other risk areas and ensures employee productivity.
“The ultimate goal of any identity programme is to efficiently deliver access to users, securely and confidently,” continued Hanson.
“When enterprises are able to see, understand and govern their users’ access to all business applications and data, they are better protected against potential threats. This turns identity into a business enabler for organisations, helping them to properly secure and govern all of their digital identities at the speed of business today.”