SailPoint, an identity risk management company commissioned a survey on identify compliance from the Ponemon Institute, a privacy and information management research firm. “The goal of the survey,” according to the SailPoint website, was to “better understand how business and government organizations are ensuring correct identity and access management (IAM) rights within their enterprises.”
The survey tallied responses from more than 600 US-based information security professionals. It provides detailed numerical data and is accompanied by charts. Some of the most significant to me were:
- 60% of organizations are unable to effectively assess insider threat risks, leaving them open to privacy breaches, failed audits, and potential fraud.
- Only 13% of respondent organizations have a centralized approach to identity compliance.
- Over 42% state that collaboration among IT, audit and business units rarely occurs. Another 23% state collaboration never occurs.
- 51% of respondents say their organizations take a detective approach to identity compliance, with correction occurring after the fact.
To download the complete report, go to http://www.sailpoint.com/campaigns/ponemon_itci.
Do these findings surprise you? Are they consistent with your experience? Comment here and let me know.