Micro Focus has released research in partnership with the Ponemon Institute which claims business innovation and IT security often do not go hand in hand.
Surveying 2,580 IT and IT security practitioners in the US, UK, Germany, EMEA, Brazil, LATAM and Asia-Pacific. The study was designed to deliver an understanding of companies' ability to protect access to sensitive and confidential information and how the process can be made more secure and efficient.
According to UK respondents, the results demonstrated that when it comes to an identity governance programme, 69 percent of respondents feel that maintaining compliance with leading standards or guidelines such as the EU General Data Protection Regulation (GDPR) is their primary focus.
But despite this intense focus on compliance, 64 percent of respondents admitted that customer information is being put at risk because of poor access controls determining who has access to certain information. Those same substandard access controls are also to blame for risking employee information, with 47 percent revealing that data on employees is at risk of compromise.
The findings will concern businesses which have until 25th May, 2018 to comply with the GDPR, or risk maximum fines of up to four percent of annual global turnover or €20 million (whichever is higher). Despite the intense focus on achieving compliance, the research shows that data is still at risk, exposing organisations to huge penalties for non-compliance.
But as well as being fundamentally insecure, this lack of access controls is also hurting innovation efforts. The results show that UK organisations often sacrifice security for the speed of businesses, with just 32 percent of respondents feeling the function that provides end-user access to information resources is quick to respond to changes as termination or role changes. These findings may explain why lines of business and application owners are taking charge of access when it comes to the cloud.
“All enterprise organisations are under pressure to drive business innovation in order to respond to changes in the competitive landscape and to meet changing customer expectations,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute. “This is fuelling a trend toward digitalisation as more resources and interaction move online, requiring greater and freer access to online information sources.”
Survey respondents recognise the need to provide access in a timely manner for business users, unfortunately the processes are difficult to manage and the resources to support this effort are scarce. Because the ability to grant access rights is in high demand, organisations are prematurely empowering business users to manage access themselves. This is leading to increased risk to sensitive information such as customer data and employee information, as there are gaps in controls, such as mainframe systems.
“Businesses know they need to be agile and innovate faster to be competitive, but these findings demonstrate that security is often seen as getting in the way of these initiatives – as evidenced by the findings around the unacceptable length of time taken to deliver access rights,” comments David Mount, director of security solutions consulting, Europe, at Micro Focus. “It's a relatively simple task, but IT departments feel like they're drowning with 40 percent saying they can't keep up with access requests. This is a clear cost to businesses because when employees can't access the information they need, clearly this hampers business performance and hurts innovation.”