We recently conducted our third Market Pulse Survey, which focused on the key drivers of access certifications and how organizations ensure their access privileges align with business policy. According to the 150 respondents, including many readers of this blog, there is clear evidence business users involved in these processes don’t fully understand what they are certifying. In fact, nearly 75% of the respondents believe business managers don’t understand the technical descriptions of the access privileges they certify.
Additional key findings from the survey include:
- More than 50% of those surveyed confirm that IT is responsible for ensuring the security and managing the risk around sensitive applications and data.
- 42% reported shared responsibility and accountability with business managers for the access certification process.
- 61% of the respondents report that they use manual or homegrown processes to manage a company’s access privileges.
- Only 14% of companies believe they have adequate controls in place to address the risk of insider threats in 2010 (which is a similar statistic from our May 2009 Market Pulse Survey).
The complete Market Pulse Survey results, as well as an in-depth analysis of what they mean, is available here.