Story image

SailPoint releases first identity annual report

14 Dec 2018

Enterprise identity governance provider Sailpoint Technologies has released the 2018 Identity Report, a benchmark for the industry.

In 2017, SailPoint launched a free assessment tool to help identify areas of exposure for companies, which automatically computed an “Identity Score” based on its results. 

After analysing hundreds of completed self-assessments and the correlating Identity Scores, SailPoint found that while the majority of organisations have an identity program in place, there is still much work to be done to address holes in their security programs. 

SailPoint corporate marketing vice president Kari Hanson says, “IT leaders are struggling to secure an increasingly complex IT environment, driven by the need to govern a diverse population of users, now including non-human users like software bots, as well as an explosion of both applications and data.”

“Our goal with the Identity Report, coupled with individual Identity Scores, is to provide IT leaders with a roadmap to systematically improve their security and compliance programs.”

In order to adapt to their own digital transformation, organisations are now starting to put access control front and centre in their security strategy to properly monitor who has access to what applications and data.

SailPoint’s Identity Report showed that 54% of organisations have an identity program in place.

However, SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.

Just 20% of organisations have visibility over all of their users, and seven percent have no visibility over their users at all.

Not only is this a compliance requirement for organisations today, but this puts IT teams in the impossible position of trying to secure what they cannot see.

Further, 88% of organisations are not properly governing access to data stored in files, including such common formats as Excel and PowerPoint.

In fact, only one in 10 organisations are monitoring and governing their users’ access to data in files. By leaving the corporate data stored in files and folders unmonitored and ungoverned, organisations are leaving a gaping hole in their security programs.

While the Identity Report exposes areas of risk, it also highlights an opportunity for most organisations.

Today, only 10% of organisations have fully automated identity processes in place, although many companies are working toward increased efficiencies.

For already-lean IT teams, an identity governance platform provides the visibility and control required to automate employee-driven processes like password management and access request.

This frees IT staff to focus on other risk areas and ensures employee productivity.

“The ultimate goal of any identity program is to efficiently deliver access to users, securely and confidently,” says Hanson.

“When enterprises are able to see, understand and govern their users’ access to all business applications and data, they are better protected against potential threats.

“This turns identity into a business enabler for organisations, helping them to properly secure and govern all of their digital identities at the speed of business today.”

 

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.
WikiLeaks' Julian Assange arrested in London
There’s little doubt that it’s a day of reckoning for WikiLeaks cofounder Julian Assange today, after his seven-year long protection inside London’s Ecquador Embassy came to an abrupt end.