25% of IT workers don’t enforce security policies
14% of IT workers are consumed with Identity and Access Management (IAM), spending at least an hour per day on routine IAM tasks, according to 1Password.
IAM continues to be a significant productivity bog for IT and employees alike, with 57% of IT workers resetting employee passwords up to five times per week, and 15% doing so at least 21 times per week.
Shadow IT issues
IAM is often used to detect shadow IT, and 1Password’s survey revealed that it’s largely successful. Four in five workers report always following their company’s IT policy, meaning that just 20% of workers are driving all shadow IT activity in the enterprise. These employees don’t act out of malice but rather a drive to get more done, with 49% citing productivity as their top reason for circumventing IT’s rules.
“The shadow IT picture is more complicated than many think,” said Jeff Shiner, CEO, 1Password. “Most of us follow the rules, but a small group of employees trying to get more done circumvent policies and create openings for credential attacks. They’re sometimes enabled by IT workers who empathize with their pursuit of productivity.”
Ignoring the IT policy
Employees who break their company’s IT policy tend to be:
- Speed demons: They’re nearly twice as likely to say convenience is more important than security—and almost 50% more likely to say strict password requirements aren’t worth the hassle.
- Pessimistic about IT capabilities: Employees who break IT policies are nearly twice as likely to say it’s unrealistic for companies to be aware of and manage all apps and devices used by employees at work, and say the IT department is more of a hindrance than a help.
- Millennials and Gen Z: Nearly three times as many workers who are 18-39 say they do not always follow IT policies, compared to those ages 56 and up.
Lack of tools amid the relentless quest for productivity
IT workers cited lack of suitable technology resources and concern for employee effectiveness as the reason nearly one in three IT workers are not fully enforcing security policies.
Twenty-five percent of IT workers say they don’t enforce security policies universally and 4% don’t enforce those policies at all due to the hassle involved with managing policies to concerns over workforce productivity.
Thirty-eight percent of IT workers who do not strictly enforce security policies said their organization’s method for monitoring is not robust, while 29% agreed “it’s just too hard and time consuming to track and enforce” and 28% said “our employees get more done if we just let them manage their own software.”
One in three IT workers say that strict password requirements at work aren’t worth the hassle.
The usage of enterprise password managers
89% of IT departments using a password manager say it’s had a measurable impact on security at their company.
IT departments using EPMs report that they save time and frustration for employees (57%), reduce time for IT departments (45%), enhance productivity (37%), reduce breaches/attacks (26%) and create happier employees (26%).