As Cloud Adoption Increases, Enterprises Are Increasingly At Risk
SailPoint Market Pulse Survey Highlights New IAM Vulnerabilities Resulting From An Evolving Technology Landscape
AUSTIN, December 11, 2012 - According to SailPoint's annual Market Pulse Survey, released today, enterprises are running one-third of their mission-critical applications in the cloud today and expect to have half of all critical applications running in the cloud by 2015. The survey also found that, in many cases, IT organizations are not fully aware of which cloud applications are in use across the enterprise, which makes it more difficult than ever for enterprises to monitor and control user access to mission-critical applications and data. In fact, only 34% of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using IT's budget, making it very difficult to proactively address security and compliance requirements for those applications. The 2012 Market Pulse Survey, conducted by the independent research firm Loudhouse, is based on interviews of 400 IT and business leaders at large companies in the US and UK.
SailPoint's survey found that business users have gained more autonomy to deploy cloud applications without IT involvement, yet they do not feel responsible for managing access control. In fact, 70% of business leaders believe that IT is ultimately responsible for managing user access to cloud applications. Adding to IT’s challenge, more than 14% of business leaders admit they have no way of knowing if sensitive data is stored in the cloud at all. This lack of visibility and control greatly increases an organizations risk of security breaches, exposure to insider threats and failed audits.
"As organizations adopt cloud applications, they are very likely to increase their risk exposure by putting sensitive data in the cloud without adequate controls or security processes in place," said Jackie Gilbert, VP and GM of SailPoint's Cloud Business Unit. "And this year's survey illustrates how 'at risk' companies already are. Many companies lack visibility not only to what data is in the cloud, but also to who can access that data. It's imperative that companies put in place the right monitoring and controls to mitigate these growing risks."
The consumerization of IT has led to employees taking advantage of new technologies, but will require organizations to evolve their identity and access management processes. For example, while work-based policies such BYOD (bring your own device) give business users the flexibility to use their own mobile devices, those very same mobile devices are being used to access corporate applications in more than 95% of cases. The ability for users to access corporate applications and data outside of the corporate network puts identity and access management under further strain because IT must now account for user access from a wider variety of devices not completely under their control.
This "consumerization" phenomenon is not only affecting devices but also applications, as many corporate employees are moving beyond BYOD to "bring your own application"(BYOA). BYOA means that today's business users are much more comfortable using consumer or “non-approved” applications for work activities. Less than a third of companies are fully locked down when it comes to application usage at work, which means that these activities frequently take place outside the purview of IT. Alarmingly, the trend also extends to employees using the same passwords for a variety of accounts spanning their personal and professional lives. About half of the business leaders surveyed stated they frequently use the same password for personal web applications as they do for sensitive work applications. This exposes enterprises to new risks and security vulnerabilities should any of those personal applications experience a security breach.
"For the third year in a row, our Market Pulse Survey shows that the majority of large companies remain very concerned about security breaches and their ability to meet regulatory compliance requirements," said Kevin Cunningham, president of SailPoint. "This is due in part to the ever changing IT landscape that make existing identity management issues even larger. The consumerization of IT has put enterprises in a difficult position: they want to provide business users the convenience and flexibility promised by cloud and mobile devices, but they must also make sure controls are in place to monitor and manage who has access to what. Regardless of where customers are with their IAM strategy, they need to proactively consider how to govern these new technologies and behaviors within their corporate policies."
The 2012 SailPoint Market Pulse Survey interviewed 200 business leaders responsible for various key business departments and 200 IT decision makers at companies with at least 5,000 employees. Respondents were spread evenly across the US and UK. Interviews were conducted via an online panel. Loudhouse, an independent research agency, conducted the research on behalf of SailPoint. To download the 2012 SailPoint Market Pulse Survey results, please visit: www.sailpoint.com/2012survey.
SailPoint, the market-leading provider of identity management solutions, helps the world's largest organizations mitigate risk, reduce IT costs and ensure compliance. The company's innovative solutions, IdentityIQ and AccessIQ, provide superior visibility into and control over user access to sensitive applications and data, both on-premise and in the cloud. SailPoint's product suite provides customers a unified solution for risk-aware compliance management, closed-loop user lifecycle management, flexible provisioning, cloud access management, and identity intelligence - all based on an integrated governance model. Founded in 2005, the company is headquartered in Austin, Texas, and has offices in Germany, Great Britain, India, Israel and the Netherlands. For more information, please visit www.sailpoint.com.