What are users doing after log-in?
Posted on 07 June 2013.
Businesses today use up to 50 on-premises applications and 25 cloud-based applications on average, so identity and access management (IAM) technologies to secure data and deliver user convenience can be critical.


New research from Symplified shows many organizations with IAM solutions in place still don’t know what people are doing while logged into those applications, among other security and operational concerns.

The survey of IT executives and administrators shows 64 percent of respondents cannot audit user activity beyond login, whether access is via a computer, mobile device, or both; over a third (38 percent) reported experiencing accidental access by an unauthorized user; and nearly a quarter (24 percent) have experienced a hack exposing user credentials.

Symplified also gauged who organizations are authorizing to use corporate applications, as well as their mobile access policies, and found:
  • Half (50 percent) of respondents authorize access for 250 or more partners
  • More than half (54 percent) authorize access for 250 or more contractors/consultants
  • More than half (55 percent) authorize access for 1,500 or more employees
  • 45 percent authorize access for 4,000 or more customers
  • Three-quarters (76 percent) have a policy allowing employees to access corporate applications via mobile devices; 68 percent have a mobile access policy for partners.
“Incidents of hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag in today’s environment,” said Shayne Higdon, Symplified CEO and president.

“Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities -- a practice that can lead to access and policy violations. BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy.”





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //