New Research: Two-Thirds of Companies Don’t Know What Users Are Doing After Log-in
Study of IT Decision-Makers Reveals Security Risks and Operational Flaws with Identity & Access Management Strategies
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 2
Symplified IAM Research: Key Findings
Businesses today use up to 50 on-premises apps and 25 cloud apps, so identity and access management (IAM) technologies to secure data and deliver user convenience can be critical.
But new research from shows many organizations using IAM solutions still don’t know what people are doing while logged into those applications.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 3
Symplified IAM Research: Key Findings
64% of businesses don’t know what users are doing beyond login,
whether access is via a computer, mobile
device, or both.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 4
Symplified IAM Research: Key Findings
38% experienced unauthorized access
24% experienced a hack exposing user credentials.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 5
Symplified IAM Research: Key Findings
“Hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag. 86% of the IT pros we surveyed maintain two or more repositories for user identities — a practice that can lead to access and policy violations. BYOD and SaaS used together also present a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing. Know your security, compliance and other specific needs as you build out your identity management strategy.”
--Shayne Higdon, CEO and President, Symplified
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 6
Who Is Using Corporate Applications
Who businesses are connecting to their applications:» 50% authorize at least 250 partners
» 54% authorize at least 250 contractors and consultants
» 55% authorize 1,500 or more employees
» 45% authorize 4,000 or more customers
76% allow employees to access corporate applications via mobile devices; 68% allow partners to do so
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 7
Identity Management Trends Across 3 Industries
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 8
Trends By Industry
Can’t see what users are doing after log-in:
Inability to audit user activity can compromise intellectual property and lead to compliance issues
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 9
Trends By Industry
Experienced unauthorized access:
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 10
Trends By Industry
Maintain 2 or more repositories for user identities:
This practice can lead to access and policy violations
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 11
Best Practices
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 12
Best Practices: Building An IAM Strategy
A proxy-based solution can provide a detailed audit log of what people do while logged into an application, not just when they
logged in.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 13
Best Practices: Building An IAM Strategy
Explore whether the solution can provide IT with centralized management and control to automatically enforce policies at a
granular level.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 14
Best Practices: Building An IAM Strategy
Know whether the solution replicates user data in the cloud, which violates some end user agreements and increases the
attack surface on sensitive data.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 15
About The Research
Symplified commissioned a survey that was conducted between April 25 and May 2, 2013 among 225 IT professionals at US-based companies ranging in size who completed a web-based survey from Qualtrics, Inc. At the 95% confidence level the margin of error is +/6.53 percentage points.
CONFIDENTIAL » ©2013 SYMPLIFIED » symplified.com » @symplified » 16
About Symplified
Symplified enables IT organizations to simplify user access to applications, regain visibility and control over usage and meet security and compliance requirements. Symplified provides single sign-on, identity and access management, directory integration, centralized provisioning, strong authentication, mobile device support and flexible deployment options. Symplified is headquartered in Boulder, Colorado, and can be found online at www.symplified.com.