A new Market Pulse survey released this morning by Austin-Tex.-based SailPoint, an enterprise identity management software provider, said that only 14 percent of the survey’s 125 respondents felt they had adequate user controls in place.
The survey tracked IT directors at large enterprises. Companies surveyed had an average of 30,000 employees.
User controls matter now. “There’s churn in the economy,” said Jackie Gilbert, SailPoint vice president of marketing and co-founder. Every industry is undergoing layoffs and some are also affected by mergers.”
Tracking permissions is not a trivial task. “Information lives in dozens or even hundreds of applications and databases,” she said. “The alternative to a centralized identity management solution is to turn off access silo by silo.”
Indeed, 42 percent of those surveyed said they could not promptly remove access when layoffs happen, and 57 percent said they did not have a complete record of user access privileges.
The way layoffs are conducted makes the task harder. 40 percent of those surveyed had undergone at least one round of layoffs in the past six months. “The typical scenario is that layoffs are conducted under a cloak of secrecy. The news is sprung on IT or the IT security division maybe with 24 hours’ notice.”
Now that employees know they can sell personal data on crime networks, the motive could be profit, not revenge, she added.
IT administrators and enterprise management need to take all risks seriously, she concluded. “I hope people assess risk not just to do it to pass a Sarbanes-Oxley audit, but I have to admit I don’t see that sort of discipline very often.”