IT Leaders Prioritize Identity Governance for Greater Visibility
AUSTIN, October 3, 2017 – According to SailPoint’s 9th annual Market Pulse Survey, released earlier this year, senior IT decision makers say that more cyber risks are being created outside of the IT department’s visibility; yet it’s still IT’s responsibility to mitigate these risks. The survey found that organizations need to better define and enforce corporate policies company-wide, addressing risks like shadow IT and bring your own device (BYOD) given today’s increasingly mobile, agile workforce.
Recent sprawling attacks like WannaCry that affected organizations worldwide, as well as direct attacks on organizations of all sizes and in all industries, have demonstrated the significant organizational damage they cause. In the wake of data breach pandemics at the level that we’ve seen over the past year, most organizations need to take stock of the security controls they currently have in place and work to understand where their exposure points exist and how to remedy them.
This year’s Market Pulse Survey found the following:
- More risks are being created by departments outside of IT’s purview, but it’s still IT’s problem: More than half of respondents (55 percent) believe that one of the key reasons that non-IT departments introduce the most risk is that they often lack the understanding of what actions and behaviors lead to risk. Using unsecure mobile devices and adopting unmonitored SaaS applications are two examples of such risky behavior. While the majority of these risks are being created outside of IT’s view, it is still IT’s responsibility to mitigate the risks associated with them. According to the survey, 7 out of 10 organizations have embraced BYOD and SaaS application adoption, while less than half have formal policies in place to protect corporate data.
- Organizations need to better outline and enforce corporate policies company-wide: While organizations may create policies to govern access that help secure the enterprise, there is often a disconnect between what is defined as policy and what is actually enforced. Of the companies that have policies in place, 3 in 10 say that their users are not following them. With 72 percent of respondents concerned about BYOD and shadow IT as organizational exposure points, it’s clear that enterprises need to better enforce corporate security policies company-wide.
- Identity Governance is key to managing risk: More than 7 in 10 (71 percent) of respondents agree their organization’s data would be less exposed if they were better equipped to manage it. Over 7 in 10 (71 percent) of respondents whose organization has introduced an identity governance solution believe it will result in a more automated and efficient organization, while around 2 in 3 (65 percent) hope to improve business enablement.
- Hybrid IT environments are a reality for today’s enterprise: With cloud adoption accelerating for most enterprises, control over exposure points is needed across the entire IT environment, both on-premises and in the cloud. Market Pulse Survey respondents confirmed this trend towards the cloud with almost half (43 percent) reporting that they already have a “cloud first” strategy in place, with a similar proportion (46 percent) planning to at some point in the future. And, although many enterprises are moving to the cloud, they still have a variety of legacy applications that will remain on-premises, creating a complex, hybrid IT environment that still needs to be managed and governed holistically. This is why building a cybersecurity program that puts identity at the center of that strategy is more important than ever for today’s modern enterprise – it gives enterprises that single view into all users’ access to all data and applications, no matter where it resides, on-premises or in the cloud.
“Our Market Pulse Survey uncovered an interesting ‘identity trilemma’ – multiple departments within an organization are adopting their own SaaS solutions to appease business users through shadow IT, all while not properly adhering to company security policies,” said Juliette Rizkallah, CMO, SailPoint. “This is a dangerous combination that creates serious exposure points for companies today. Identity governance is still the key in protecting these points of exposure and mitigating the risks inherent in today’s hybrid IT environment. For enterprises to have full visibility into who has access to what, understanding the ‘who’ in that equation is more important than ever. This is why putting identity at the center of security strategies is the best approach for defending and protecting today’s modern enterprise.”
SailPoint’s 2017 Market Pulse Survey is a global survey focused on how senior IT decision makers are waging war against data breaches and insider threats. The company commissioned independent research firm Vanson Bourne to interview 600 senior IT decision makers at organizations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States. The results clearly articulate the importance of putting identity at the center of an organizations’ overall IT security strategy.
SailPoint: The Power of Identity™
SailPoint, the leader in enterprise identity management, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in virtually every industry, including: 9 of the top banks, 7 of the top retail brands, 6 of the top healthcare providers, 6 of the top property and casualty insurance providers, and 6 of the top pharmaceutical companies.
Stay up-to-date on SailPoint by following us on Twitter and LinkedIn and by subscribing to the SailPoint blog.
# # #
SailPoint, the SailPoint logo, IdentityIQ, IdentityNow, IdentityAI, SecurityIQ and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. All other products or services are trademarks of their respective companies.