What are users doing after log-in?
Businesses today use up to 50 on-premises applications and 25 cloud-based applications on average, so identity and access management (IAM) technologies to secure data and deliver user convenience can be critical.
New research from Symplified shows many organizations with IAM solutions in place still don’t know what people are doing while logged into those applications, among other security and operational concerns.
The survey of IT executives and administrators shows 64 percent of respondents cannot audit user activity beyond login, whether access is via a computer, mobile device, or both; over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.
Symplified also gauged who organizations are authorizing to use corporate applications, as well as their mobile access policies, and found:
- Half (50 percent) of respondents authorize access for 250 or more partners
- More than half (54 percent) authorize access for 250 or more contractors/consultants
- More than half (55 percent) authorize access for 1,500 or more employees
- 45 percent authorize access for 4,000 or more customers
- Three-quarters (76 percent) have a policy allowing employees to access corporate applications via mobile devices; 68 percent have a mobile access policy for partners.
“Incidents of hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag in today’s environment,” said Shayne Higdon, Symplified CEO and president.
“Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities — a practice that can lead to access and policy violations. BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy.”