Courion Corporation

And the Answer is…Access Intelligence

Tweet

 

Protecting against loss of intellectual property and vital data is mission critical, and a big part of what keeps IT managers up at night.

But a recent survey conducted by Courion of IT managers revealed there's a disconnect between the top concerns of IT managers and what they're doing to protect vital corporate information.

While potential loss of sensitive data, corporate reputation, intellectual property or revenue topped the list of risks to the organization, IT managers also struggle with actually identifying their biggest access risks and the need to put processes in place to manage them.

But surprisingly, only 12 percent of those responding conduct reviews more than monthly to certify that user access risk poses no threat to their critical assets. Over 60 percent of IT managers review user access privileges only four times per year or less, and those reviews only ensure companies are observing security and best audit practices — they're not focused on identifying new or growing areas of access risk — such as internal users abusing privileges.

That said, more than half of the survey respondents know they need to start doing things differently. They'd like to use near-real-time graphical profiles of Identity and Access Management (IAM) activities to help them manage the most critical risks to corporate information, but said they currently lack visibility into the access risk management data they need to create the profiles.

Lack of data also prevents IT managers from identifying user access associations and patterns that violate company policies or could enable users to circumvent internal controls. Nearly 60 percent of those polled said they can't compile the data for that kind of analysis from their existing IAM systems, and many who use IAM data to manage risk are doing it manually — it's not only time consuming; it doesn't provide a business context for evaluating access risk.

While survey results show obvious gaps in access risk management programs, they also show that IT managers are very aware about what’s needed to address these gaps. The key is having more access intelligence about their access risk — insight into which users have access to what vital information and knowing if they’re doing the right things with that access.

To learn more, click here.