Story image

SailPoint releases first identity annual report

14 Dec 2018

Enterprise identity governance provider Sailpoint Technologies has released the 2018 Identity Report, a benchmark for the industry.

In 2017, SailPoint launched a free assessment tool to help identify areas of exposure for companies, which automatically computed an “Identity Score” based on its results. 

After analysing hundreds of completed self-assessments and the correlating Identity Scores, SailPoint found that while the majority of organisations have an identity program in place, there is still much work to be done to address holes in their security programs. 

SailPoint corporate marketing vice president Kari Hanson says, “IT leaders are struggling to secure an increasingly complex IT environment, driven by the need to govern a diverse population of users, now including non-human users like software bots, as well as an explosion of both applications and data.”

“Our goal with the Identity Report, coupled with individual Identity Scores, is to provide IT leaders with a roadmap to systematically improve their security and compliance programs.”

In order to adapt to their own digital transformation, organisations are now starting to put access control front and centre in their security strategy to properly monitor who has access to what applications and data.

SailPoint’s Identity Report showed that 54% of organisations have an identity program in place.

However, SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.

Just 20% of organisations have visibility over all of their users, and seven percent have no visibility over their users at all.

Not only is this a compliance requirement for organisations today, but this puts IT teams in the impossible position of trying to secure what they cannot see.

Further, 88% of organisations are not properly governing access to data stored in files, including such common formats as Excel and PowerPoint.

In fact, only one in 10 organisations are monitoring and governing their users’ access to data in files. By leaving the corporate data stored in files and folders unmonitored and ungoverned, organisations are leaving a gaping hole in their security programs.

While the Identity Report exposes areas of risk, it also highlights an opportunity for most organisations.

Today, only 10% of organisations have fully automated identity processes in place, although many companies are working toward increased efficiencies.

For already-lean IT teams, an identity governance platform provides the visibility and control required to automate employee-driven processes like password management and access request.

This frees IT staff to focus on other risk areas and ensures employee productivity.

“The ultimate goal of any identity program is to efficiently deliver access to users, securely and confidently,” says Hanson.

“When enterprises are able to see, understand and govern their users’ access to all business applications and data, they are better protected against potential threats.

“This turns identity into a business enabler for organisations, helping them to properly secure and govern all of their digital identities at the speed of business today.”

 

Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.