Failure to automate control of physical accounts is a major weak point in enterprise security according to a study released by Thycotic.
A significant number of enterprises (28 percent) only audit privileged access management (PAM) on a quarterly or annual basis.
While 83 percent of enterprises give privileged access to third party organisations or contractors, with 31 percent frequently giving privileged access to third parties, 11 percent take at least a month to remove access once an employee or contractor leaves the organization.
A majority of IT professionals are familiar with PAM (54 percent), the remainder whilst generally aware of the term are not quite sure what it means. The top three PAM threats are identified by respondents as BYOD, the internet of things and the use of default passwords. Cloud applications and third-party relationships come next.
When it comes to protecting against threats 80 percent say they have implemented multi-factor authentication, 72 percent single sign-on and 55 percent password rotation. Biometric technology though has only been adopted by 10 percent.
High profile security incidents, such as the British Airways breach of 2018 for which the company was fined £20 million ($27.3 million), have been down to privileged credentials falling into the wrong hands.
This underlines that businesses need to take securing these accounts seriously. The report’s authors conclude, “By seeking out the latest PAM solutions, which combine ease of implementation with robust security credentials, aﬀordability and scalability through cloud technology, companies can arm themselves with the tools to defend their data and systems, to be fully aware of who has access to what, and when, along with the power to remove them and crucially, to automate this and remove dependence on human workﬂows and error.”