New Research on Security Risks and Blind Spots in Current Identity Management Strategies

New Research: Two-Thirds of Companies Don’t Know What Users Are Doing After Log-in

Study of IT Decision-Makers Reveals Security Risks and Operational Flaws with Identity & Access Management Strategies

CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 2

Symplified IAM Research: Key Findings

Businesses today use up to 50 on-premises apps and 25 cloud apps, so identity and access management (IAM) technologies to secure data and deliver user convenience can be critical.

But new research from shows many organizations using IAM solutions still don’t know what people are doing while logged into those applications.



64% of businesses don’t know what users are doing beyond login,

whether access is via a computer, mobile

device, or both.



38% experienced unauthorized access

24% experienced a hack exposing user credentials.



“Hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag. 86% of the IT pros we surveyed maintain two or more repositories for user identities — a practice that can lead to access and policy violations. BYOD and SaaS used together also present a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing. Know your security, compliance and other specific needs as you build out your identity management strategy.”

--Shayne Higdon, CEO and President, Symplified


Who Is Using Corporate Applications

Who businesses are connecting to their applications:» 50% authorize at least 250 partners

» 54% authorize at least 250 contractors and consultants

» 55% authorize 1,500 or more employees

» 45% authorize 4,000 or more customers

76% allow employees to access corporate applications via mobile devices; 68% allow partners to do so


Identity Management Trends Across 3 Industries


Trends By Industry

Can’t see what users are doing after log-in:

Inability to audit user activity can compromise intellectual property and lead to compliance issues


Trends By Industry

Experienced unauthorized access:


Trends By Industry

Maintain 2 or more repositories for user identities:

This practice can lead to access and policy violations


Best Practices


Best Practices: Building An IAM Strategy

A proxy-based solution can provide a detailed audit log of what people do while logged into an application, not just when they

logged in.



Explore whether the solution can provide IT with centralized management and control to automatically enforce policies at a

granular level.



Know whether the solution replicates user data in the cloud, which violates some end user agreements and increases the

attack surface on sensitive data.


About The Research

Symplified commissioned a survey that was conducted between April 25 and May 2, 2013 among 225 IT professionals at US-based companies ranging in size who completed a web-based survey from Qualtrics, Inc. At the 95% confidence level the margin of error is +/6.53 percentage points.


About Symplified

Symplified enables IT organizations to simplify user access to applications, regain visibility and control over usage and meet security and compliance requirements. Symplified provides single sign-on, identity and access management, directory integration, centralized provisioning, strong authentication, mobile device support and flexible deployment options. Symplified is headquartered in Boulder, Colorado, and can be found online at www.symplified.com.

http://www.symplified.com/

Technology

New Research on Security Risks and Blind Spots in Current Identity Management Strategies