Inside the numbers: Access (out of) control?

In April, SearchSecurity.com surveyed 358 IT professionals from a variety of industries regarding their identity and access management programs. Here is a look at some of the questions we asked and the answers they gave.

Check out our special report, Access (out of) control?:

  • Day 1: When access management becomes rocket science
    Security can be a hard sell beyond the IT realm, even for security pros at NASA. But nothing motivates people like regulatory pressure and a fear of being the next data breach headline.

  • Day 2: Looking ahead to life without passwords
    Security pros know that passwords are nothing but trouble. For them, single-sign on, two-factor authentication and federated ID represent the path to stronger authentication.

  • Day 3: Active directory users finding their way
    Many IT shops use Microsoft Active Directory to manage network access. Some say it's difficult, but others are using it as a key tool in successfully managing network access.

                         
                         
        1. What are your top three ID and access management priorities for 2006? (Select up to three.)*    
        48.3% Strengthening authentication    
        44.1% Better leveraging Active Directory or other directory services    
        31.6% Better managing passwords        
        25.4% SSO or reduced sign-on for enterprise applications    
        22.9% Granting or denying access based on a computer's configuration/threat level    
        * - Top five most-popular results listed    
                         
        2. Rate the following business drivers based on how important an impact they have in motivating an investment in ID and access management at your organization.    
        Meeting regulatory demands (SOX, GLBA, HIPAA, FFIEC):    
        46.4% Very important            
        24.6% Important    
        4.2% Not very important            
        3.1% Not at all important    
           
        Improving employee or trusted user access to information:    
        41.3% Very important            
        42.7% Important    
        2.2% Not very important            
        0.3% Not at all important    
           
        Improving semi-trusted user (extranet, partner, supplier, consultant) access to information:    
        22.6% Very important            
        38.8% Important    
        10.0% Not very important            
        3.4% Not at all important    
           
        Enhancing security (reducing access breaches/abuse/misuse):    
        60.9% Very important            
        26.8% Important    
        1.1% Not very important            
        0.0% Not at all important    
           
        Lowering TCO through consolidation:    
        22.4% Very important            
        38.1% Important    
        8.7% Not very important            
        2.8% Not at all important    
           
        Reducing password reset requests to help desk:    
        26.8% Very important            
        36.3% Important    
        8.9% Not very important            
        3.6% Not at all important    
           
        Freeing up IT resources managing user stores:    
        27.1% Very important            
        37.2% Important    
        6.4% Not very important            
        1.1% Not at all important    
           
        Easing user access experience:    
        40.8% Very important            
        40.5% Important    
        2.2% Not very important            
        0.8% Not at all important    
           
                         
        3. Rate your satisfaction with the following ID and access management products/services deployed in your organization. *    
           
        Password management:    
        9.8% Very satisfied            
        36.0% Satisfied    
        20.1% Not very satisfied            
        2.8% Not at all satisfied    
           
        Authentication servers (RADIUS, RAS, LDAP):    
        15.4% Very satisfied            
        43.0% Satisfied    
        5.0% Not very satisfied            
        1.4% Not at all satisfied    
           
        Authentication tokens:    
        12.3% Very satisfied            
        31.3% Satisfied    
        5.9% Not very satisfied            
        1.4% Not at all satisfied    
           
        Smart cards:    
        7.3% Very satisfied            
        18.7% Satisfied    
        5.0% Not very satisfied            
        2.0% Not at all satisfied    
           
        Digital certificates:    
        12.0% Very satisfied            
        39.0% Satisfied    
        7.5% Not very satisfied            
        2.0% Not at all satisfied    
           
        Biometrics:    
        3.1% Very satisfied            
        11.5% Satisfied    
        6.7% Not very satisfied            
        2.0% Not at all satisfied    
           
        Directories (Active Directory, LDAP)/directory services:    
        17.0% Very satisfied            
        51.7% Satisfied    
        5.9% Not very satisfied            
        0.3% Not at all satisfied    
           
        Enterprise single sign-on:    
        7.5% Very satisfied            
        22.4% Satisfied    
        13.1% Not very satisfied            
        3.9% Not at all satisfied    
           
        Web single sign-on:    
        7.3% Very satisfied            
        29.4% Satisfied    
        10.1% Not very satisfied            
        2.0% Not at all satisfied    
           
        Federated ID management:    
        3.4% Very satisfied            
        11.2% Satisfied    
        9.2% Not very satisfied            
        2.2% Not at all satisfied    
           
        Automated provisioning/deprovisioning systems:    
        2.8% Very satisfied            
        18.4% Satisfied    
        10.1% Not very satisfied            
        2.8% Not at all satisfied    
           
        Endpoint security systems:    
        7.8% Very satisfied            
        31.8% Satisfied    
        6.4% Not very satisfied            
        2.0% Not at all satisfied    
           
        IPSec VPNs:    
        22.4% Very satisfied            
        39.1% Satisfied    
        4.5% Not very satisfied            
        0.0% Not at all satisfied    
           
        SSL VPNs:    
        19.6% Very satisfied            
        37.7% Satisfied    
        3.6% Not very satisfied            
        1.4% Not at all satisfied    
        * - Other responses include "neither" and "don't know/does not apply."    
                         
        4. Will you be spending more, less or the same amount of money on the following products/services this year compared to last year?    
        Password management:    
        22.9% Spending more            
        55.9% Spending the same    
        5.6% Spending less            
        15.6% Not spending    
           
        Authentication servers (RADIUS, RAS, LDAP):    
        17.3% Spending more            
        57.0% Spending the same    
        6.2% Spending less            
        19.6% Not spending    
           
        Authentication tokens:    
        23.7% Spending more            
        40.0% Spending the same    
        5.3% Spending less            
        31.0% Not spending    
           
        Digital certificates:    
        23.7% Spending more            
        52.5% Spending the same    
        3.1% Spending less            
        20.7% Not spending    
           
        Smart cards:    
        15.1% Spending more            
        33.8% Spending the same    
        4.5% Spending less            
        46.7% Not spending    
           
        Biometrics:    
        13.7% Spending more            
        25.1% Spending the same    
        4.8% Spending less            
        56.4% Not spending    
           
        Directories (Active Directory, LDAP)/directory services:    
        26.8% Spending more            
        59.2% Spending the same    
        3.6% Spending less            
        10.3% Not spending    
           
        Enterprise single sign-on:    
        28.2% Spending more            
        41.6% Spending the same    
        3.1% Spending less            
        27.1% Not spending    
           
        Web single sign-on:    
        21.2% Spending more            
        42.2% Spending the same    
        4.5% Spending less            
        32.1% Not spending    
           
        Federated ID management:    
        14.5% Spending more            
        32.7% Spending the same    
        5.3% Spending less            
        47.5% Are not spending    
           
        Automated provisioning/deprovisioning systems:    
        19.0% Spending more            
        40.5% Spending the same    
        3.4% Spending less            
        37.2% Are not spending    
           
        Endpoint security systems:    
        24.3% Spending more            
        46.7% Spending the same    
        3.1% Spending less            
        26.0% Are not spending    
           
        SSL VPNs:    
        22.9% Spending more            
        50.6% Spending the same    
        3.6% Spending less            
        22.9% Are not spending    
           
        IPSec VPNs:    
        21.2% Spending more            
        54.2% Spending the same    
        5.0% Spending less            
        19.6% Are not spending    
                         
        5. Rate the following obstacles related to ID and access management.    
        Coping with multiple password policies:    
        22.1% It's a significant problem          
        40.8% It's a problem    
        30.5% It's not a problem            
           
        Dealing with slow, manual processes for provisioning/deprovisioning accounts:    
        20.7% It's a significant problem          
        45.0% It's a problem    
        21.5% It's not a problem            
           
        Managing/consolidating multiple identity stores:    
        21.5% It's a significant problem          
        42.2% It's a problem    
        21.2% It's not a problem            
           
        Handling password resets:    
        10.9% It's a significant problem          
        45.5% It's a problem    
        38.8% It's not a problem            
           
        Determining proper approvals and workflow for provisioning new accounts:    
        16.5% It's a significant problem          
        41.6% It's a problem    
        31.0% It's not a problem            
           
        Creating and managing a consistent set of permissions for users across different applications with different identity stores or authorization mechanisms:    
        30.5% It's a significant problem          
        45.3% It's a problem    
        17.0% It's not a problem            
           
        Determining ROI for ID and access management projects:    
        14.8% It's a significant problem          
        39.7% It's a problem    
        24.3% It's not a problem            
           
        Mapping activities to compliance requirements:    
        19.0% It's a significant problem          
        41.9% It's a problem    
        26.0% It's not a problem            
                         
        6. Share your impressions of the following statements.    
        My company still uses a manual process for provisioning accounts and determining access rights.    
        71.2% True    
        21.0% False              
           
        Regulations are motivating us to automate ID and access management processes.    
        52.5% True    
        29.6% False              
           
        Giving partners and suppliers access to our systems would enable a more efficient supply chain process.    
        40.5% True    
        29.1% False              
           
        We will investigate deploying a new strong authentication mechanism this year.    
        46.7% True    
        34.6% False              
           
        We run multiple directories from different vendors.    
        46.7% True    
        34.6% False              
           
        Our users have to remember too many passwords.    
        73.7% True    
        21.2% False              
           
        Business unit managers and HR see themselves as key stakeholders in ID and access management projects.    
        29.1% True    
        50.8% False              
           
        Upper-level management is a strong supporter of ID and access management improvements.    
        52.2% True    
        33.0% False              
                         
        7. Which of the following directory services/group policy/provisioning vendors do you use? (Select all that apply.)*    
        84.6% Microsoft    
        24.0% Sun Microsystems/Symantec (tie)    
        23.5% IBM    
        19.3% Novell    
        14.0% CA    
        * - Top five most-popular results listed          
                         
        8. Which of the following companies is your primary directory/policy/provisioning vendor?*    
        64.5% Microsoft    
        8.1% Novell    
        4.7% IBM    
        4.5% Other    
        3.9% Sun Microsystems/Symantec (tie)    
        * - Top five most-popular results listed          
                         
        9. Which of the following vendors do you use for authentication/authorization? (Select all that apply.)*    
        72.6% Microsoft    
        33.0% Cisco Systems    
        26.0% RSA Security    
        20.7% Verisign    
        14.5% IBM    
        * - Top five most-popular results listed          
                         
        10. Which of the following vendors do you use for network access control/endpoint security? (Select all that apply.)*    
        52.5% Cisco Systems    
        49.4% Microsoft    
        20.4% McAfee    
        15.6% None    
        11.5% Symantec (Sygate)    
        * - Top five most-popular results listed          
                         
        11. Which of the following companies is your primary network access control/endpoint security vendor?*    
        39.1% Cisco Systems    
        34.9% Microsoft    
        11.7% Other    
        5.9% McAfee    
        5.3% Symantec (Sygate)    
        * - Top five most-popular results listed          
                         
                         
  • Dig deeper on Two-Factor and Multifactor Authentication Strategies

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close