Centrify’s Onsite RSA Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies
Organizations need to employ Identity and Access Management best practices
February 15, 2017
Santa Clara, CA — Centrify, the leader in securing hybrid enterprises through the power of identity services, today announced the results from an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The survey asked IT professionals how their companies secure applications and infrastructure in the age of access, and it revealed that a startling number lacked confidence in their own organization’s corporate security.
Only slightly more than half (55%) stated they believe their company’s current technology investment ensures their company’s cybersecurity. But when pressed about which of the 15 different identity and access management (IAM) best practices they use, many fell short on implementing enough of them to warrant a confidence score.
Among 15 different IAM best practices, organizations are most likely to enforce single sign-on (68 percent), adaptive multi-factor authentication (43 percent), least privileged access (44 percent), no sharing of privileged accounts (36 percent), and secure remote access without a VPN (35 percent). Organizations are least likely to enforce privileged session recording (13 percent), granular automatic deprovisioning across server and app accounts (12 percent), and privilege elevation management (8 percent).
Depending on the IAM best practices employed, respondents received an IAM maturity score – with level one being the least mature and level four being the most mature. Only twenty percent of respondents received a level four IAM maturity score, meaning they conduct audits with confidence and are, according to a Forrester study commissioned by Centrify, fifty percent less likely to experience a breach and more likely to spend forty percent less on technology. The other eighty percent received a lower IAM maturity score, meaning they are much more likely to experience two times more breaches and $5 million more in costs.
“The lack of confidence in corporate cybersecurity directly correlates to most organizations having a low maturity score,” said Bill Mann, chief product officer, Centrify. “Our on-the-ground survey at RSA reinforces the study we recently commissioned with Forrester Consulting, and further validates that eighty percent of organizations really need to employ better IAM practices to stop the breaches now.”
Additionally, the survey found twenty-six percent of respondents still share passwords, despite an increase in breaches, and seventy-eight percent have been the victim of a phishing email.
“Passwords are the number one security problem in the world,” said Mann. “We’re tackling this head on with our new Analytics Service, which is designed to balance security and create an optimal end-user experience by employing machine learning to assess risk based on constantly-evolving user behavior patterns. The goal is to enforce risk-based policy in real-time at the point of access, so high-risk threats can be blocked, while low-risk users get authorized access. It’s a win-win for IT and for end-users.”
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognized leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling over 5,000 customers, including over half the Fortune 50, to defend their organizations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.