Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Identity & Access

People the New Perimeter as Hackers Target Users to Infiltrate Enterprises

Identity Governance is Key to Improving Security and Compliance

Identity Governance is Key to Improving Security and Compliance

Getting breached is becoming part of doing business. More than half of respondents to a Market Pulse Survey reported that they had suffered two or more breaches during 2016; and 60% expect to be breached in 2017. The average material cost of each breach now stands at more than $4 million.

Identity firm SailPoint commissioned Vanson Bourne to interview 600 senior IT decision-makers at organizations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States. The key finding is that a lack of visibility into staff actions and access capabilities remains a major problem.

SailPoint was founded in 2005. In 2014, private equity firm Thoma Bravo took a sizeable stake in the company — thought to be in excess of ‘several hundred million’. In February 2017, the Wall Street Journal suggested that SailPoint is currently “laying the groundwork for a possible IPO filing later this year.”

While the majority of respondents to the Market Pulse Survey claim to have at least partial visibility into users’ access to corporate systems and applications, less than half have full visibility.

Complicating factors continue to be cloud (shadow IT) and mobility (BYOD). Ninety percent of respondents admitted that at least some of their employees procure and use applications without IT or Security oversight or approval. Coupled with the growing use of personal mobile devices, many organizations struggle to know where and by whom their data is being used.

Seventy percent of organizations have embraced BYOD; but less than half have a formal policy around its use for corporate data. The result is a lack of visibility into the whereabouts and indeed content of unstructured data. This exacerbates industry’s two biggest problems: hackers’ exploitation of identity to effect, maintain and expand their incursions; and compliance.

Advertisement. Scroll to continue reading.

People are the new perimeter, suggests SailPoint. “But even as it’s widespread knowledge that hackers are targeting users as their doorway into the enterprise, employees aren’t helping matters with continued poor password hygiene. 37% of respondents,” explains the report, “cited password hygiene as a big factor into their organization’s overall risk profile — with employees either sharing passwords across multiple accounts and systems, not regularly updating or changing their password or not adhering to overall password management policies.”

Compliance issues are also growing. The European General Data Protection Regulation (GDPR) requires that companies don’t simply protect European PII, but know precisely where it is located. The latter is necessary because GDPR gives EU citizens the right to have their PII removed from organizations’ systems — and that cannot be achieved if the organization doesn’t know where it is located (for example, in unstructured data located on staff mobile devices or in shadow IT cloud storage systems).

The survey shows that this concern is particularly strong in Europe, even though the Regulation will apply to any business anywhere in the world that does business with the EU. “Specific to European respondents,” notes the report, “compliance bubbled to the top for some regions as a key goal and driver behind identity governance programs.” Nearly threequarters (73%) of UK respondents, and nearly half of German (42%) and French (49%) respondents cited compliance as a reason for improving identity governance.

“There is a silver lining to our report,” commented Kevin Cunningham, SailPoint’s president and co-founder. “It’s clear that now more than ever before, organizations better understand what — and where — their risks are, and that identity management can help address those risks. Identity provides that ability to put the detective and preventive controls in place to address all of these exposure points, while automating many identity-related processes to ensure that only the right people have the right access to applications and data at the right time. 

He continued, “By putting identity at the center of security and IT operations, these organizations can move their IT teams out of full-time firefighting mode, freeing them up to focus on enabling the business to move forward, confidently and securely.”

According to the survey, identity governance is recognized by 97% of respondents as a key solution to these problems; and 55% cite identity as a top security investment priority for 2017. Other benefits are considered to be enhanced security (72% of respondents), a more automated and efficient organization (71%), and business enablement (65%).

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.