New independent survey by Siemens Insight Consulting uncovers security policy lapses in UK business
• 71% of respondents still use username and password authentication – one of the weakest security measures
• 62% of respondents admit that their organisation has no Information Security Management System in place – or don’t know if they do
• 50% of survey respondents were unsure whether access rights are removed when an employee leaves
London, IDC Security Conference, September 25th, 2007 – Insight Consulting, the independent security, compliance and continuity consultancy of Siemens Enterprise Communications, today announced the findings and availability of new research on the attitudes of UK businesses to Identity and Access Management. The new report released today reveals grave concerns over potential security and identity management lapses in business.
Insight conducted the survey to measure the uptake of new Identity and Access Management (IDAM) technologies and assess whether Identity Management systems are the future hubs of security technology. It is apparent from the research that security precautions beyond the prevalent use of password authentication is still extremely lax, a situation exacerbated by limited up-take of single sign on, which can help eliminate the need for multiple and insecure passwords.
“The lack of single “sign-on” awareness together with reliance on passwords was just the first of a series of major concerns highlighted by the research,” said Colin Robbins, Principal Consultant, Insight Consulting.
“The failure of finance and retail sectors in particular to implement mandated audit requirements is also a grave concern, and demonstrates the need for a broader, immediate adoption of integrated identity and access solutions.” Robbins continued. This is evidenced by 70% of UK enterprise (with greater than 5000 employees) who admitted that they find it hard or even impossible to accurately produce audit reports that show access to their networks, applications or data. This has been made all the more difficult through a lack of HR integration, where businesses simply fail to update security protocols when staff leave the company. The research identified this as one of the major factors of IDAM that is still overlooked by half of UK businesses.
One positive aspect of the survey was that business is beginning to realise the threat, with 74% of the respondents admitting that they were actively looking at new ‘user centric’ identity management technology
“While it is clear that many medium and large enterprise are already investigating new IDAM technology, what has also become clear from our research is that many businesses are simply not doing enough, or are even in many cases wholly unaware of the existing risks to their business and how to go about managing the resources available to them,” concludes Robbins.
