Security precautions beyond password authentication are still extremely lax

(25/09/2007)

Insight Consulting, the security consultancy of Siemens Enterprise Communications, has announced the findings and availability of new research on the attitudes of UK businesses to Identity and Access Management. The new report reveals grave concerns over potential security and identity management lapses in business.

Insight conducted the survey to measure the uptake of new Identity and Access Management (IDAM) technologies and assess whether Identity Management systems are the future hubs of security technology. It is apparent from the research that security precautions beyond the prevalent use of password authentication are still extremely lax, a situation exacerbated by limited up-take of single “sign-on”, which can help eliminate the need for multiple and insecure passwords.

Further Key Findings:
· 73% of businesses surveyed were not aware that the UK National Identity Initiative is planning to support businesses
· Almost three quarters of business in the UK are not aware that the UK National Identity Initiative has potential business applicability
· More than 90% of businesses surveyed do not have a fully automated solution capable of producing audit reports detailing network, application and data access
· 51% of businesses surveyed now have to deal with increasing partner, supplier and customer system access
· Only 22% of businesses have an Enterprise Single Sign-on

“The lack of single “sign-on” awareness together with reliance on passwords was just the first of a series of major concerns highlighted by the research,” said Colin Robbins, Principal Consultant, Insight Consulting.

“The failure of finance and retail sectors in particular to implement mandated audit requirements is also a grave concern, and demonstrates the need for a broader, immediate adoption of integrated identity and access solutions.” Robbins continued. This is evidenced by 70% of UK enterprise (with greater than 5000 employees) who admitted that they find it hard or even impossible to accurately produce audit reports that show access to their networks, applications or data.

This has been made all the more difficult through a lack of HR integration, where businesses simply fail to update security protocols when staff leave the company. The research identified this as one of the major factors of IDAM that is still overlooked by half of UK businesses.

One positive aspect of the survey was that business is beginning to realise the threat, with 74% of the respondents admitting that they were actively looking at new ‘user-centric’ identity management technology

“While it is clear that many medium and large enterprise are already investigating new IDAM technology, what has also become clear from our research is that many businesses are simply not doing enough, or are even in many cases wholly unaware of the existing risks to their business and how to go about managing the resources available to them,” concludes Robbins.

Related topics:  Authentication and identity management   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources