Business Management Botching Access Control, Survey Says

Aug 21, 2007 4:07 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

Polled about their organization's approaches to identity and access management, audit and compliance professionals in industry and government expressed a high level of frustration with how their IT and business management units are managing IAM.

Almost half (45 percent) of the 845 respondents questioned by the Ponemon Institute for the research study released today said their own organization does not effectively focus its IAM policies and controls on areas of business risk.

The compliance professionals, 68 percent of whom said IAM products were in use in their organizations, also expressed frustration that IT and business management groups weren't collaborating well in deploying IAM.

"The compliance and audit folks think collaboration is important, but they acknowledge their companies' shortfall in this area," says Larry Ponemon, chairman and founder of the research firm, which focuses on privacy, data breach and security topics. The "Audit & Compliance Professionals: Survey on Identity Compliance" study released today by Ponemon was sponsored by SailPoint Technologies.

Access control, password management, user provisioning and role management constitute aspects of IAM that respondents said were used to meet such regulatory compliance requirements as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and privacy laws.

However, 65 percent of the professionals surveyed in the Ponemon study complained that "IT staff lacks understanding of risk management and compliance," a drawback that made it difficult to implement IAM controls effectively. The IT department in most cases was deemed the most responsible for selecting, deploying and monitoring IAM products in the organization.

In addition, the poll reflected the opinion that IT departments and audit and business people often do not collaborate well on issues concerning IAM compliance. Of those polled, 61 percent said "there is no collaboration whatsoever" or "collaboration rarely occurs"; 25 percent called it "okay, but could be improved," and 14 percent calling it "excellent."

Ponemon said the results of the study indicate that according to the respondents, "the IT people don't have an appreciation of audit and compliance, what the rules are, and don't prioritize compliance. They think IT cares more about efficiency."

He added a similar survey of IT people undertaken last February on the same topic showed the flip side of the coin, with IT professionals unhappy with audit and compliance professionals.

Want to use this article? Click here for options!
© 2009 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Latest Jobs

Popular Stories

Resources

Webinar

A Cost-Effective Framework For Total Security Integration

Join AC&SS and MAXxess as they review two different IP-framework applications
Wednesday, July 30, 2008 at 2:00pm ET/11:00am PT

Register Now!

Back to Top