What are users doing after log-in?
Posted on 07 June 2013.
Businesses today use up to 50 on-premises applications and 25 cloud-based applications on average, so identity and access management (IAM) technologies to secure data and deliver user convenience can be critical.


New research from Symplified shows many organizations with IAM solutions in place still don’t know what people are doing while logged into those applications, among other security and operational concerns.

The survey of IT executives and administrators shows 64 percent of respondents cannot audit user activity beyond login, whether access is via a computer, mobile device, or both; over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.

Symplified also gauged who organizations are authorizing to use corporate applications, as well as their mobile access policies, and found:
  • Half (50 percent) of respondents authorize access for 250 or more partners
  • More than half (54 percent) authorize access for 250 or more contractors/consultants
  • More than half (55 percent) authorize access for 1,500 or more employees
  • 45 percent authorize access for 4,000 or more customers
  • Three-quarters (76 percent) have a policy allowing employees to access corporate applications via mobile devices; 68 percent have a mobile access policy for partners.
“Incidents of hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag in today’s environment,” said Shayne Higdon, Symplified CEO and president.

“Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities -- a practice that can lead to access and policy violations. BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy.”





Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //