A startling number of IT professionals at this week’s RSA conference lack confidence in their own organization’s corporate security.
Centrify’s onsite survey of attendees to North America’s largest security confab asked how their companies secure applications and infrastructure in the age of access. Only slightly more than half (55%) stated they believe their company’s current technology investment ensures their company’s cybersecurity.
When pressed about which of the 15 different identity and access management (IAM) best practices they use, many fell short on implementing enough of them to warrant a confidence score.
Among those best practices, organizations are most likely to enforce single sign-on (68%), adaptive multi-factor authentication (43%), least privileged access (44%), no sharing of privileged accounts (36%) and secure remote access without a VPN (35%).
Organizations are least likely to enforce privileged session recording (13%), granular automatic deprovisioning across server and app accounts (12%), and privilege elevation management (8%).
Depending on the IAM best practices employed, respondents received an IAM maturity score—with level one being the least mature and level four being the most mature. Only 20% of respondents received a level four IAM maturity score, meaning they conduct audits with confidence.
IAM maturity translates into real results: A recent Forrester study commissioned by Centrify showed that those with the highest maturity levels are 50% less likely to experience a breach and more likely to spend 40% less on technology. The other 80% received a lower IAM maturity score, meaning they are much more likely to experience two times more breaches and $5 million more in costs.
“The lack of confidence in corporate cybersecurity directly correlates to most organizations having a low maturity score,” said Bill Mann, chief product officer, Centrify. “Our on-the-ground survey at RSA reinforces the study we recently commissioned with Forrester Consulting, and further validates that eighty% of organizations really need to employ better IAM practices to stop the breaches now.”
Additionally, the survey found 26% of respondents still share passwords, despite an increase in breaches, and 78% have been the victim of a phishing email.