Survey: Corporate Security Battle is Being Lost
The key to protecting corporate data and preventing security breaches are policies that limit the sharing of access credentials, a new security survey concludes.
The enterprise security survey released this week by corporate security vendor Centrify Corp. found that 59 percent of U.S. IT managers shared access credentials with other employees "somewhat often." Fifty-two percent of those surveyed said they share access credentials with contractors. (The percentages in the U.K. were about 20 percent lower.)
"It's worth noting that if those shared credentials provide access to privileged accounts, hackers essentially receive the 'keys to the kingdom'—elevated access to an organization's most critical data, applications, systems and network devices," the survey authors noted.
More than half of U.S. IT managers said it would be "somewhat easy" for a former employee to log into corporate networks and access sensitive data. Moreover, it often takes up at least one week to remove access to sensitive data.
"These numbers underscore what is widely perceived as a growing gap in security, visibility and control over individual accounts, both privileged and otherwise," the survey warned.
The upshot is that most organizations are far more vulnerable to security breaches than they acknowledge. An alarming 55 percent of U.S. IT managers surveyed said their organizations have been breached in the past and 44 percent said the cost of those security breaches ran into the "millions of dollars."
The upshot is that security simply isn't a hot topic in the workplace. As security experts often note, many people don't start exercising until they have a heart attack, and most corporations don't pay enough attention to security until they experience a costly breach.
While IT managers are attempting to raise alarms about the need for tighter network security, the Centrify survey found they are largely losing the battle. Forty-eight percent of U.S. IT administrators said they have struggled to implement tighter security protocols while 42 percent conceded they are "losing the battle for stricter protocols.
Network security issues will only grow as more enterprises shift to the cloud, the security vendor argued. For example, Centrify executives argue that the acronym IoT stands for both "Internet of Things" and "Illusion of Trust."
"Many businesses are placing trust in the cloud like they did for internal networks, without proper consideration for the challenges and deeper issues at hand," Shreyas Sadalgi, Centrify's senior vice president for business development, noted in a blog post. "The added convenience of cloud applications also comes with a potential downside, such as potential security threats and surrender of control."
Hence, the company argues that security concerns will only worsen with the shift to the cloud and the greater access to data via mobile devices that comes with it.
Add to that, complacency. "The real enemy here is lack of concern,” argued Bill Mann, Centrify's chief product officer. "The technology exists, but the will does not. Many companies do not make this realization until their names get splashed across headlines. But even if a company is not famous, one data leak can bring an entire business to a permanent halt."
Indeed, the Centrify survey of more than 400 U.S. and U.K. IT managers found that workers were more interested in hearing about office happy hours than security. Such findings indicate that security vendors will have to provide more automated security solutions so corporations rely less on cumbersome security techniques like changing passwords to control access.