Many IT departments are struggling to manage access control as they cope with leaner budgets, according to a new report from the Ponemon Institute.
The report, sponsored by Aveksa, drew on a survey of 728 IT pros at multinational corporations and government organisations. Among its key findings was that 87 percent of respondents believe individuals have too much access to information resources they don’t need for their jobs. That is up from 9 percent in the 2008 survey.
Failure to enforce access control policies is one of the problems facing organisations concerned with the prospect of rogue employees stealing data. In addition, 59 percent said they either do not have or don’t strictly enforce access governance policies, and 61 percent do not immediately check user access requests against security policies before the access is approved and assigned.
“Access policies are fluid and dependent on internal organisational demands as well as access-related regulations and industry mandates,” said Aimee Rhodes, vice president of marketing at Xceedium, which plays in the entitlement management space. “It is critical to provide continuous audit quality logging and reporting to ensure compliance with standards and regulations as well as the ability for post-mortem analysis should something arise.”
“Our study confirms that IT staffs are not only unable to keep up with a rising flood of constantly changing user access requirements and regulations, they are falling behind,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. “With so few people tasked with governing access across so many information resources, requests and control requirements, these companies are at risk of inappropriate access and misuse. The vast majority of these organisations report that they are subject to access-related regulations or industry mandates, so this lack of access governance could significantly jeopardise their ability to maintain compliance and mitigate key risks.”
About 72 percent of respondents said they can’t quickly respond to changes in employee access requirements, and more than half (52 percent) said they are unable keep pace with the access change requests that come in on a regular basis.
“The current global economic climate has increased the pace of access change at many organisations, while also forcing IT staffs to try to do more with less,” Deepak Taneja, president and CTO of Aveksa, said in a statement. “Businesses are no longer able to throw bodies at the problem with the hopes of addressing their access governance issues. Sustainable compliance can only be achieved by deploying automated access management processes with embedded governance.”
Deliveries of Telsa's 'bulletproof' Cybertruck are reportedly on hold, amid user complaints side trims are…
New feature reportedly being developed by Apple for iOS 19, that will allow AirPods to…
Binance BNB token rises after WSJ report the Trump family is in talks to secure…
After failed Amazon deal, iRobot warns there is “substantial doubt about the Company's ability to…
Community Notes testing across Facebook, Instagram and Threads to begin next week in US, using…