UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.

New Chart: 57% of IT Security Departments Understaffed

Absent Member.
Absent Member.
0 0 4,426
During a recent webinar, “Control Access Rights: The Case for User Provisioning”, our featured speaker, Andras Cser, Principal Analyst at Forrester Research, spoke about trends he is seeing in the Identity & Access Management (IAM) market, and specifically about the challenges and benefits of user provisioning. During the webinar, we posed the following question to attendees: “How would you describe your current level of IT security staffing?”  We wanted to understand what percentage of attendees might be struggling with problems common to organizations that have understaffed IT security teams - such as an inability to support organizational growth, difficulty keeping up with the demands of compliance mandates, inefficient delivery of user services, or a poor security posture. Such organizations can be helped by a user account provisioning solution, either by itself or within a larger IAM initiative.

While 40% of attendees viewed their current level of IT security staffing as at least adequate, almost 60% of the attendees reported they were moderately understaffed, or even very understaffed! As unsettling as these statistics may seem, it’s not unusual. In economic times where mergers, acquisitions, layoffs, unexpected growth, and reorganizations are the norm, IT security teams are nonetheless expected to protect sensitive corporate data against an ever-expanding repertoire of sophisticated threats, while complying with scores of overlapping regulatory and industry mandates and helping to ensure the business objectives of the organization are met – all without a commensurate increase in staffing levels. So - how do smart IT security teams manage?

First and foremost, successful IT security teams understand that secure delegation of privileges is the foundation upon which all other efforts should be built. When building an information security program, these security professionals seek to define and implement security controls that manage user privileges throughout the entire employee lifecycle: From on-boarding, movement through various job functions and roles, ending with the off-boarding of the employee. These organizations take pains to ensure that only a minimum number of privileged users exist, and that these users have only the minimum number of privileges required to do their jobs.

Secondly, effective IT security teams understand the value of automating highly volatile or repetitive tasks to reduce risk to sensitive organizational data. Case in point: A good, automated user provisioning solution can help you to manage the rights of your privileged users throughout the identity lifecycle – and prevent many data breaches. For example, if organizations can quickly align employee access with new roles and revoke unnecessary access, the threat of employees abusing their privileges is significantly reduced. Furthermore, by removing access of those employees no longer employed, organizations are closing doors that could easily be exploited by insiders posing as someone else or as outsiders gaining access to systems via dormant accounts.

For an understaffed and overwhelmed IT team, the automation of routine, labor-intensive tasks is critical to reducing the cost of compliance and avoiding “audit panic” because it ensures a repeatable process and strict adherence to policy. Some examples of tasks that are appropriate for automation include data collection and evaluation and monitoring and enforcement of technical and manual controls. Automation can also be leveraged in the capture and utilization of embedded corporate and best-practice knowledge, freeing up skilled staff for more important tasks. By freeing overburdened resources, automation can help reduce human error and decrease training costs for new employees.

A best-practice approach to implementing an automated user provisioning solution will include an Active Directory and Identity Management solution integrated with best-in-class workflow automation tools. Only an integrated, automated approach to managing the rights and access of privileged users is effective, sustainable, and scalable - enabling your organization to realize positive, long-term business impact in terms of reduced breach risk, avoidance of penalties associated with noncompliance, operational efficiencies, and an improved security posture.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.