Regardless of exactly how data breaches occur, the culprit is almost always weak or stolen passwords. According to the Verizon 2017 Data Breach Investigations Report, they account for 81% of all breaches.
The result of this, according to a new IDG survey sponsored by Okta, is that 74% of IT and security leaders have flagged identity and access management (IAM) as a top priority. However, only 30% of those surveyed reported a good or better ability to detect when passwords have been compromised.
The survey confirms that organizations are largely unprepared for data breaches. In the next 12 months, nearly half of those companies surveyed stated that they plan to implement a new IAM solution or replace their current solutions. That’s a step in the right direction.
Assessing Data Breach Risk Factors
According to the Okta/IDG survey, there are three broad areas posing challenges for current IAM solutions.
1. The number of attack surfaces the enterprise must secure
As the number of devices, users, and apps in an organization rises, IT has a lot more work to do. Managing identity across cloud-based and on-premises app environments is a top concern, as is managing access rights to those outside of the enterprise, such as customers and consultants. Security and device sprawl are also top challenges. Lifecycle Management tools and a strong approach to Mobility Management can help avoid these issues.
2. Poor password management
Passwords continue to create problems. Inconvenient processes and ineffective password practices such as credential sharing and reuse worried a third of respondents.
In total, 43% of those surveyed listed inconvenient authentication as a top concern—with the time commitment needed for provisioning and de-provisioning being a major issue. Adaptive Multi-Factor Authentication and Single Sign-On provide an opportunity to boost security without compromising ease of use.
3. An inability to cope with evolving threats
As the threat landscape changes, organizations are having trouble keeping up. Less than half of those surveyed said they had a good or better ability to provide information about breaches to the security operations center, and 35% reported being unsatisfied with their ability to collect information about user access and patterns. Software like Universal Directory can help track the flow of data and permissions throughout your organization.
As the number of credentialed users and devices continues to grow, and risks constantly evolve, IAM is only going to become a higher priority for an enterprise. How do you ensure that your IAM solution addresses these critical risk factors?
Read the full report for the full survey results and the best solution for IT managers: “A New Mandate for IAM with Multi-Factor Identification”